Code Room
Code reviewMediumcr-g449
Subject Hardcoded secretsLevel Mid–Senior~18 minCommon in Security interviewsIndustries Software development, Technology

Question

Review this Node config module for the JWT signing secret.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
const jwt = require('jsonwebtoken'); const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-change-me'; function sign(payload) {  return jwt.sign(payload, JWT_SECRET, { algorithm: 'HS256', expiresIn: '7d' });} function verify(token) {  return jwt.verify(token, JWT_SECRET, { algorithms: ['HS256'] });} module.exports = { sign, verify, JWT_SECRET };
Run or narrate your approach, then ask the coach.