safe-npm
Run npm install
in Docker and secure your local machine from
certain types of
malware
Installation
This will create npms
alias for the current profile:
npx safe-npm@latest init-npms
Usage
npms
works as a safe alias for certain npm
commands. Currently, the following npm
commands are supported:
- audit
- ci
- install
- install-ci-test
- install-test
- update
- uninstall
To use them simply run npms
in the way you would use npm
, for example:
npms install typescript
How it works
npms
uses Docker to run npm
commands in a safe environment. It uses node:*-slim
images from here.
npms
uses major version of the Node process it is running in to determine the target
Docker image version. For example, for node v16.6.1 it will use node:16-slim
image.
npms
mounts your node_modules
directory to the container and synchronizes
package.json
, package-lock.json
and .npmrc
with container filesystem.