Tell me a better alternative that allows me to run, say, 'markdown lint', an npm package, on the current directory without giving access to the full system on Mac OS?

sandbox-exec -f curr_dir_access_profile.sb markdownlint

So you have to install npm package markdownlint on your machine and let it run it's potentially dangerous postinstall step?

You can customize curr_dir_access_profile.sb to block access to network/fs/etc. Why is this not enough?

Some tools do require Internet access.

Further, I don't even want to take the risk of running 'npm install markdownlint' anymore on my machine.