Recipe: `npm install`

Goal: allow npm to fetch packages, but block unexpected egress.

Start restrictive

{
  "filesystem": {
    "allowWrite": [".", "node_modules", "/tmp"]
  }
}

Run:

greywall --settings ./greywall.json npm install

If installs fail, run:

greywall -m --settings ./greywall.json npm install

Then configure your proxy to allow the minimum extra domains required for your workflow (private registries, GitHub tarballs, etc.).