this happened to me too. few things about the process made me suspicious. i downloaded the repo and told claude to "find the malware". took about 15 seconds. remote code execution that would have run upon npm install, iirc. many layers of obfuscation. in implementation, a little different to the op's situation but there are similarities. it was a "crypto startup". maybe they think people in crypto world are more forgiving of idiosyncrasies in the recruiting process? i reported the recruiter's profile to linkedin, with extensive details. they said they wouldn't look into it unless i opened a ticket in some other part of their site, lol. however it seems they got onto it, or someone else complained, because i can't find the recruiter "alice kenny" anymore. but the "company" she was recruiting for is still live:

https://www.linkedin.com/company/blockchainaustraliasolution...