I use this on all my front end projects and it protects my "host" machine from malicious packages, it's not a silver bullet though; other practices, e.g. good secret management, will help harden your dev environment from these attacks
couldn't agree more with the section about Ghost, their shifted focus is something I've picked up on recently too [0]. I started to dislike their interface more and more when creating/editing posts.
Couple that with the regular "your theme is no longer supported" messages, I got fed up of burning time to keep up with their updates, which offered no benefits to me. I quit and moved to Hugo (using a ghost-to-hugo migration tool [1]).
It's great to see others doing this and writing about it. I too browse /r/homelab and look at some of the power-hungry monsters people are running. Given energy price rises in my country (UK), it makes them too expensive to run.
I've managed to get my setup [0], consuming ~8w (idle + running my blog). Going from an old laptop with a broken screen, putting it to use instead of making it e-waste, does feel good
I use this on all my front end projects and it protects my "host" machine from malicious packages, it's not a silver bullet though; other practices, e.g. good secret management, will help harden your dev environment from these attacks