|
|
|
|
|
|
by artisin
199 days ago
|
|
|
Worth mentioning that Bubblewrap[1] (bwrap) can remove most npm/node attack vectors or, at the very least, limit the damage from running arbitrary code during install/execution. Far from a silver bullet, and you'll want to combine it with a simple wrapper script to avoid dinking around with all its arguments, but it beats dealing with rootless Podman containers. [1] https://github.com/containers/bubblewrap |
|
|