You can isolate it through bubblewrap; I moaned about it here and there's no point in repeating it:

https://news.ycombinator.com/item?id=45041798

If you only ever use js/ts for frontend projects (like we do), it closes one major hole that I'm aware of, which still leaves at least two:

- the editor possibly starting random binaries from inside the mode_modules (such as biome, vitest, tsgo)

- escape from sandbox by using some kernel vulnerability, of which there have been many recently