Protect yourself from malicious NPM packages with a system-wide dev container
· 11 min read
Run a single Docker container that stays active, and drop into it whenever you need to work on a Node project. This "system-wide" container:
- starts once and stays running: no startup time and less disk space, compared to regular per-project dev containers,
- is used to work on multiple projects: attach as many VS Code windows as you want to it,
- isolates NPM packages from your host system.