More and more, I am thinking all my local development environments for Node / JavaScript projects need to be setup in a sandboxed VM.

A blog post: https://www.aikido.dev/blog/npm-debug-and-chalk-packages-com... (https://hackernews.hn/item?id=45169657)

The two listed collaborators of the debug package have over 700 packages published collectively, many of them with millions of weekly downloads. What could possibly go wrong when their token is compromised?

GH issue: https://github.com/debug-js/debug/issues/1005

is-arrayish lmao