[ashishb]

I run all npm based tools inside Docker with no access beyond the current directory.

https://ashishb.net/programming/run-tools-inside-docker/

It does reduce the attach surface drastically.