I'm likely being overly specific, but blocking npm downloads, installation on corporate devices, etc is trivial in a restrictive corporate environment.