Great Question, Is it safe to download code from GitHub?
A blockchain developer was approached on LinkedIn by a recruiter for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied.
As a part of the job interview, the recruiter asked the developer to download and debug the code in two npm packages hosted on a GitHub repository. However, later, the developer discovered that his MetaMask wallet had been drained, and his funds siphoned out of his account.
Web developers and security researchers should keep an eye out for bogus job offers on career development platforms as these could be scams. It is a good idea to complete any take-home job exercises—no matter how seemingly benign, on a (virtual) machine that is separate from your primary device.