Curious to know what made you DIY this?
Tell me a better alternative that allows me to run, say, 'markdown lint', an npm package, on the current directory without giving access to the full system on Mac OS?
sandbox-exec -f curr_dir_access_profile.sb markdownlint
So you have to install npm package markdownlint on your machine and let it run it's potentially dangerous postinstall step?
You can customize curr_dir_access_profile.sb to block access to network/fs/etc. Why is this not enough?
Some tools do require Internet access.
Further, I don't even want to take the risk of running 'npm install markdownlint' anymore on my machine.
Tell me a better alternative that allows me to run, say, 'markdown lint', an npm package, on the current directory without giving access to the full system on Mac OS?
sandbox-exec -f curr_dir_access_profile.sb markdownlint
So you have to install npm package markdownlint on your machine and let it run it's potentially dangerous postinstall step?
You can customize curr_dir_access_profile.sb to block access to network/fs/etc. Why is this not enough?
Some tools do require Internet access.
Further, I don't even want to take the risk of running 'npm install markdownlint' anymore on my machine.