I actually posted about my own Docker setup this morning: https://ryansouthgate.com/secure-node-in-docker/

I use this on all my front end projects and it protects my "host" machine from malicious packages, it's not a silver bullet though; other practices, e.g. good secret management, will help harden your dev environment from these attacks