I made this about 6 years ago. It's a python script that acts as a wrapper to the npm command. When you run something like "npm install" or "npm start" or whatever, it actually runs the command inside a docker or podman container.
Minimum stuff that is needed is mounted into the container depending on the mount command being run, with stuff being mounted read-only when possible.
So you basically don't need to worry about your ~/.ssh or ~/.bitcoin folders being stolen by a malicious npm package anymore. And don't need to worry about one installing some persistent command or keylogger in the background.
I made this about 6 years ago. It's a python script that acts as a wrapper to the npm command. When you run something like "npm install" or "npm start" or whatever, it actually runs the command inside a docker or podman container.
Minimum stuff that is needed is mounted into the container depending on the mount command being run, with stuff being mounted read-only when possible.
So you basically don't need to worry about your ~/.ssh or ~/.bitcoin folders being stolen by a malicious npm package anymore. And don't need to worry about one installing some persistent command or keylogger in the background.
Thought it was relevant given recent news