Ask HN: How do you securely develop in Node or Python?

5 points by jachac ↗ HN
I'm new to using languages that pull down 100 packages to my development environment from third parties. What is best practice here to avoid my development environment getting exploited? Run everything in a VM?

3 comments

[ 2.9 ms ] story [ 25.4 ms ] thread
all exploits we've analyzed from npm and cargo (granted, github sourced ones) had code to break free from docker. and some even from virtualbox vms if run with the vscode helpers.
ah, you've mentioned both of the things I was installing right now that I hoped might avert this