Show HN: Sandworm.js – Easy auditing and sandboxing for JavaScript dependencies

Hmmm wouldn't you want to intercept syscalls at the kernel level like AppArmor instead of at the application level?