Mathieu Virbel
da3a2ac3a4
Rebrand the project from Fence to Greywall, the sandboxing layer of the GreyHaven platform. This updates: - Go module path to gitea.app.monadical.io/monadical/greywall - Binary name, CLI help text, and all usage examples - Config paths (~/.config/greywall/greywall.json), env vars (GREYWALL_*) - Log prefixes ([greywall:*]), temp file prefixes (greywall-*) - All documentation, scripts, CI workflows, and example files - README rewritten with GreyHaven branding and Fence attribution Directory/file renames: cmd/fence → cmd/greywall, pkg/fence → pkg/greywall, docs/why-fence.md → docs/why-greywall.md, example JSON files, and banner.
38 lines
750 B
Markdown
38 lines
750 B
Markdown
# Recipe: `npm install`
|
|
|
|
Goal: allow npm to fetch packages, but block unexpected egress.
|
|
|
|
## Start restrictive
|
|
|
|
```json
|
|
{
|
|
"network": {
|
|
"allowedDomains": ["registry.npmjs.org", "*.npmjs.org"]
|
|
},
|
|
"filesystem": {
|
|
"allowWrite": [".", "node_modules", "/tmp"]
|
|
}
|
|
}
|
|
```
|
|
|
|
Run:
|
|
|
|
```bash
|
|
greywall --settings ./greywall.json npm install
|
|
```
|
|
|
|
## Iterate with monitor mode
|
|
|
|
If installs fail, run:
|
|
|
|
```bash
|
|
greywall -m --settings ./greywall.json npm install
|
|
```
|
|
|
|
Then add the minimum extra domains required for your workflow (private registries, GitHub tarballs, etc.).
|
|
|
|
Notes:
|
|
|
|
- If your dependencies fetch binaries during install, you may need to allow additional domains.
|
|
- Keep allowlists narrow; prefer specific hostnames over broad wildcards.
|