Comment by pingou
2 months ago
As a developer, is there a way on mac to limit npm file access to the specific project? So that if you install a compromised package it cannot access any data outside of your project directory?
2 months ago
As a developer, is there a way on mac to limit npm file access to the specific project? So that if you install a compromised package it cannot access any data outside of your project directory?
Wrote a small utility shell script that uses docker behind the scenes to prevent access to your host machine while still allowing full npm install and run workflow.
https://github.com/freakynit/simple-npm-sandbox
Disclaimer: I am not Docker expert. Please review the script (sandbox.js) and raise any potential issues or suggestions.
Thanks..
You can run nodejs through `sandbox-exec` which is part of macos.
I've never tried any of them but there's also a few wrappers specifically to do that, such as: https://github.com/berstend/node-safe
Otherwise you're down to docker or virtualisation or creating one system user per project...
Frankly, I am refusing to use npm outside of docker anymore.