I have been looking at how far I can go with devcontainers to limit the blast radius, and switching on ignore-scripts for npm install in global config. Its a bit wild that code off the internet can run arbitrary code on the command line through this mechanism. Creds protection isn't a silver bullet