Sandbox dev environment on your GNU/Linux box

I'm a developer. There are many horror stories about malware injected via npm/pip. I'd like to isolate my dev environment so it doesn't have access to my private keys and other secrets or, in more general terms, create compartments for different processes and activities.

Ideally proprietary, unsafe software like zoom would run isolated and have access only to the webcam and mic. Same goes for the browser (some extensions are nasty).

I'd like to have different compartments for different activities. I heard about Qubes OS and NixOS, but I don't know much about them.

Do you think this is a problem? If so, how did you solve it?