top | item 46038186

(no title)

artisin | 3 months ago

Worth mentioning that Bubblewrap[1] (bwrap) can remove most npm/node attack vectors or, at the very least, limit the damage from running arbitrary code during install/execution. Far from a silver bullet, and you'll want to combine it with a simple wrapper script to avoid dinking around with all its arguments, but it beats dealing with rootless Podman containers.

[1] https://github.com/containers/bubblewrap

discuss

port11|3 months ago

This looks really interesting, but it sounds like it's as complicated to setup as rootless Podman — which is to say not _that_ complicated. Anyone using this with Node or Deno successfully?

bunnybender|3 months ago

From my bookmarks (2023): https://news.ycombinator.com/item?id=36686461