Archived

This repository has been archived on 2026-03-13. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Files

JY Tan 8db245f56e Refactor and improve documentation, add examples

2025-12-23 18:43:07 -08:00

738 B

Raw Blame History

Recipe: `npm install`

Goal: allow npm to fetch packages, but block unexpected egress.

Start restrictive

{
  "network": {
    "allowedDomains": ["registry.npmjs.org", "*.npmjs.org"]
  },
  "filesystem": {
    "allowWrite": [".", "node_modules", "/tmp"]
  }
}

Run:

fence --settings ./fence.json npm install

Iterate with monitor mode

If installs fail, run:

fence -m --settings ./fence.json npm install

Then add the minimum extra domains required for your workflow (private registries, GitHub tarballs, etc.).

Notes:

If your dependencies fetch binaries during install, you may need to allow additional domains.
Keep allowlists narrow; prefer specific hostnames over broad wildcards.

738 B Raw Blame History

Recipe: npm install

Start restrictive

Iterate with monitor mode

738 B

Raw Blame History

Recipe: `npm install`