wow, this is actually a really impressive attack - a far cry from the obfuscated postinstall hooks seen a million times before.

the only real long-term solution to node-based attacks like this is to run any remote code in a container, or even a VM?