Code Room
Code reviewHardcr-g570
Subject Prototype pollution vulnerabilityLevel Senior–Staff~28 minCommon in Security interviewsIndustries Software development

Question

Review this JavaScript deep-merge used on request bodies (Node.js).

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjs
function deepMerge(target, source) {  for (const key in source) {    if (typeof source[key] === 'object' && source[key] !== null) {      if (!target[key]) target[key] = {};      deepMerge(target[key], source[key]);    } else {      target[key] = source[key];    }  }  return target;} app.patch('/settings', (req, res) => {  const settings = deepMerge(loadDefaults(), req.body);  saveSettings(req.user.id, settings);  res.json(settings);});
Run or narrate your approach, then ask the coach.