(Sorry for hijacking this thread with the sandboxing topic; these should probably be moved here)
Thank you for the detailed explanation, and this aside made your reasoning instantly click for me; not sure why I didn’t think about it as I have been struggling with npm, Elixir/Erlang’s mix, etc. as well.
Thanks for the clarification! Totally misinterpreted your initial post.