I had an idea to always run 2 users, the "main" one (or more) and a "project one"... one could sudo to the project user, but that one could not sudo out... (npm would only be installed for the project user).
replydeleted
replyEvery user, since privesc is so easy on most operating systems.
replySure, without exploits they can steal your api keys, read your personal data, and access your browser data. With exploits they can update packages on your computer too.
replyNo exploits needed. A simple shell alias will suffice. See my example in sibling comment.
reply