I've published a new version of Fresh. Fresh is a simple way to create light and fast isolated contexts in your Terminal. For example, when you need to run 'npm' commands that install and run code needed for ESLint, Grunt or Selenium tests.

Get started at https://github.com/wikimedia/fresh

See also: * https://www.mediawiki.org/wiki/Manual:JavaScript_unit_testing#Getting_starte... * https://www.mediawiki.org/wiki/Selenium/Node.js/Target_Local_MediaWiki_(Cont...)

Background: Last month I wrote [1] about the risk and dangers involved with running "npm install" and "npm test" commands as developers. In a nut shell: There are no built-in protections. At risk are your personal data, web browser session, and more. Interactions with 'git', 'sudo' or 'ssh' are also easy to spy on or influence. This all in addition to the "normal" risk of packages having undiscovered malicious (or non-malicious) security problems in indirect dependencies that have never been audited for security by anyone you'd know or trust. In particular, I think it is important to understand that npm is different from Debian or PyPi in terms of social etiquette and curation. More about that at [1].

-- Timo

[1] https://medium.com/@timotijhof/how-to-protect-yourself-from-vulnerable-npm-p...