Figure out a way to either:

• whitelist specific commands (eg. npm install)
• blacklist dangerous commands

Whitelisting seems like a much easier approach. To keep the list up to date, we could create a GitHub repo file that whitelists commands and can allow submissions