Need a developer on Node.js

It is necessary to evaluate the backend code developed on Node.js
This is the development of the engine for an online casino platform!

A full audit of the backend code of the Node.js online casino platform should be conducted, considering that the project is hosted on GitHub:I. Cloning and initial diagnostics Clone the repository:git clone https://github.com/your-org/project-name.git cd project-name 
install dependencies:npm install 
Study README and Wiki (if available): How to run? What libraries are used? Is there docker-compose? What database?
II. Automated code audit (via GitHub)GitHub Actions: Check if there is .github/workflows/ — this is CI/CD. If not — it should be set up. Code Scanning Alerts: In the Security > Code scanning alerts section, you can enable: CodeQL (vulnerability analysis) ESLint workflow Linters for TypeScript/JavaScriptDependabot: It automatically checks npm dependencies for vulnerabilities. Enable it in Settings > Security.
III. Manual code audit1. ArchitectureIs Express, NestJS, or another framework used? Is there a clear separation into: controllers business logic (services) data access (models/repositories)2. Code qualityESLint + Prettier (or StandardJS)? Is TypeScript used? This greatly improves readability and security. What naming style is used for variables and functions? Is it consistent?npx eslint . --ext .js,.ts 3. Unit testsDoes the tests folder exist? Is Jest or Mocha used? Run coverage: npm run test npm run test:coverage 
IV. Security (manual analysis + tools)Are JWT tokens handled correctly? Is there protection against: SQL injections (if SQL) XSS/CSRF Rate limiting (is express-rate-limit used?) Is Helmet used?
V. Load testing and performanceLoad tests: Use Artillery, k6, or autocannon:npx autocannon http://localhost:3000/api/login Asynchronous: Is async/await used? Are there blocking calls (e.g., synchronous I/O)?
VI. DevOps and CI/CDAre there GitHub Actions or connected Vercel/Render for deployment? Are there: Linter in workflow? Auto-tests on push? Auto-deploy to staging?VII. Monitoring and loggingIs Winston, Pino, or Log4js used? Is error logging implemented? Is there integration with monitoring tools (Sentry, Datadog)?
VIII. Platform-specific features (online casino)Session, token, and authorization support Transaction verification: how are financial operations handled? Mechanism for validating bets, calculating winnings Random number generator (if integrated) — is it certified?