I have a perfect set up in inside docker that works.

I would love to know why bubblewrap is a superior alternative.

Here's mine https://github.com/ashishb/dotfiles/blob/067de6f90c72f0cf849...

My understanding is that docker escapes are not all that difficult, and your aliases really aren’t doing much to harden the container. but I am not an expert on the matter. I’m sure there is plenty of info online

> My understanding is that docker escapes are not all that difficult,

  1. Show me how you would escape Docker
  2. Show me npm packages doing this in the wild