Can an Attacker Gain Access to My Private Network Application through Pivoting and Lateral Movement?
By connecting your phone to the public WiFi AP, then connecting your local system to the phone, you are creating two layers of NAT. So, your question boils down to whether an attacker connected to the the same router as your phone (i.e. the public WiFi AP) can traverse the NAT running on your phone, then access your local system.
In general, NAT (by itself) is not considered to be a reliable firewall. See How important is NAT as a security layer? for some interesting reading on this subject. Unless you are sure that you phone provides a firewall function (in addition to NAT) when running as a local hotspot, I would not recommend relying on this solution.
A better solution would be to run a firewall on your local system, to block any incoming connections to port 3000 other than those from localhost. If you do this, then you can safely connect your local system to the public WiFi AP, instead of trying to rely on your phone as a firewall.