But when looking for job people tend to be as nice for the interviewer as possible. Should the scammer join the call and pushed a little bit, anyone would run the malicious code
The author of the article posted the goods - now every. single. npm. package. needs to be scanned for this kind of attack. In the article it was part of the admin controller handling. In the future it could be some utility function everyone is calling. Or some CLI tool people blindly npx run.
