I made this about 6 years ago. It's a python script that acts as a wrapper to the npm command. When you run something like "npm install" or "npm start" or whatever, it actually runs the command inside a docker or podman container.
Minimum stuff that is needed is mounted into the container depending on the mount command being run, with stuff being mounted read-only when possible.
So you basically don't need to worry about your ~/.ssh or ~/.bitcoin folders being stolen by a malicious npm package anymore. And don't need to worry about one installing some persistent command or keylogger in the background.
Minimum stuff that is needed is mounted into the container depending on the mount command being run, with stuff being mounted read-only when possible.
So you basically don't need to worry about your ~/.ssh or ~/.bitcoin folders being stolen by a malicious npm package anymore. And don't need to worry about one installing some persistent command or keylogger in the background.
Thought it was relevant given recent news