:) Well I'm tempted to chide you for running arbitrary code from the Internet from an untrusted source, but then I remember that's the entire web via JavaScript and I realize I'm living in a glass house.

Who came up with this security model anyway?

At least JavaScript's immune to fork bombs because it has no threading model. Doesn't stop some bored college kid with access to NPM and a vicious streak from mining bitcoin on your computer.

That's not true, JS has Web Workers. But they're threads, not processes, and perhaps the browser will throttle them.

In my defense, it appeared to be a harmless looking sequence of special characters (not quite, as I found to my dismay). Explain Shell didn't help much