More and more npm-packages are threatening your development-machine

There have been some pretty scary security issues recently in a number of popular npm-packages that will install malware (backdoors, rootkits, crypto miners) on your development-machine. I haven’t yet taken the time to set this up myself, but I plan on moving all my JavaScript development into docker-containers, so that any malware will only infect the container (until the malware learns how to escape the container…).

If you are using WebStorm, here are instructions how to use docker for frontend-development.

See also

• Is there not todo-app that can do this?
• How to ask developers for help
• The Open Web Application Security Project's Top 10 of 2021
• Automatically provisioning Grafana datasources and dashboards using docker
• Getting started with tailwindcss