undefined | Better HN

0 pointsnautilus124mo ago0 comments

If you always run npm inside of docker does that pretty much prevent attacks like this?

0 comments

mfro4mo ago

Docker is not a sandbox. There is some work that can be done to harden it, but you're better off looking at genuinely sandboxing your dev environment

What is genuine sandboxing? Everyone waives there hands by saying this

mfro4mo ago

Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux)

j / k navigate · click thread line to collapse

0 pointsnautilus124mo ago0 comments

If you always run npm inside of docker does that pretty much prevent attacks like this?

mfro4mo ago

Docker is not a sandbox. There is some work that can be done to harden it, but you're better off looking at genuinely sandboxing your dev environment

What is genuine sandboxing? Everyone waives there hands by saying this

mfro4mo ago

Good question with a lot of possible answers. You can take sandboxing as far as you want, really. I typically just use bubblewrap (linux)

j / k navigate · click thread line to collapse