| ▲ | pingou 4 hours ago | |
As a developer, is there a way on mac to limit npm file access to the specific project? So that if you install a compromised package it cannot access any data outside of your project directory? | ||
| ▲ | freakynit 2 hours ago | parent | next [-] | |
Wrote a small utility shell script that uses docker behind the scenes to prevent access to your host machine while still allowing full npm install and run workflow. https://github.com/freakynit/simple-npm-sandbox Disclaimer: I am not Docker expert. Please review the script (sandbox.js) and raise any potential issues or suggestions. Thanks.. | ||
| ▲ | mfro 4 hours ago | parent | prev [-] | |
Frankly, I am refusing to use npm outside of docker anymore. | ||