Hey guys, I've been thinking about this from a security perspective and want to know what the actual accepted standard is in the industry, not just what's convenient. Most beginner guides say just install Node via NVM locally and you're good to go. But if I think about it from a security standpoint, if a package I install has a supply chain attack, it's running with my user's permissions on my real machine. It can read my files, my SSH keys, my environment variables, everything. NVM being local means there's no isolation between the malicious package and my actual machine. So my questions are: Is installing Node locally via NVM genuinely the industry accepted standard even with this security risk, or is running Node inside Docker the proper way to isolate your machine from potential supply chain attacks? Between npm and pnpm, I personally feel pnpm is the more secure option because it stores one copy of each package and uses a stricter lockfile.…