I'm new to using languages that pull down 100 packages to my development environment from third parties. What is best practice here to avoid my development environment getting exploited? Run everything in a VM?
all exploits we've analyzed from npm and cargo (granted, github sourced ones) had code to break free from docker. and some even from virtualbox vms if run with the vscode helpers.