Run in docker container:

    $ docker run -it -v.:/app -w /app node:alpine /bin/sh
    /app # docker run --rm -it -v '/:/mnt' -u 'root' 'alpine' '/bin/sh' '-l'
    /bin/sh: docker: not found

I've described attack from host user and isolating attacker with docker.