You can isolate it through bubblewrap; I moaned about it here and there's no point in repeating it:

https://news.ycombinator.com/item?id=45041798

If you only ever use js/ts for frontend projects (like we do), it closes one major hole that I'm aware of, which still leaves at least two:

- the editor possibly starting random binaries from inside the mode_modules (such as biome, vitest, tsgo)

- escape from sandbox by using some kernel vulnerability, of which there have been many recently

I suppose.

But that's a "Perfect is the enemy of good"-like argument. Wherein: Why even reduce an easy to exploit attack surface when there could be holes elsewhere?! Because, you know, it makes things much more secure even if imperfect.

Plus, to me, it is a culture issue. npm just doesn't take security seriously, so we don't see these improvements, and if there was additional test hardening later, I don't expect we'd see them in npm either. Since, they just don't care.