Opening a Folder Can Run Malware — A Safe Demo of Developer-Targeted Attacks Disguised as Job Recruiting via VS Code folderOpen and npm Lifecycle Scripts

Attacks that lure developers into running malware-laden repositories under the guise of recruiting or coding tests are on the rise. The steps you take right after git clone (opening the folder in an editor, running npm install) can themselves be the code-execution trigger. I built a demo repository to reproduce that safely on localhost, and here are the design decisions and defenses worth taking away.