Isolating my dev environment
I've done this before over the years but mostly I've done development locally, as the same user that I do everything else as.
But with npm supply chain attacks becoming more prevalent and more severe than ever. And now with AI and agents and prompt injection attacks, it felt like a good time to re-assess my security.
As a result I've gone back to running Vagrant and doing my development inside of virtual machines, isolating any third party packages that I run from my main everyday work. It's slightly less convenient but well worth the trade-off.