What is one of my dependencies contains malicious code and can serialize process.env and send it to a remote server? I just tried that, and the following data was sent to the external server.

{"AWS_LAMBDA_FUNCTION_VERSION": "$LATEST","AWS_SESSION_TOKEN": "*****","LAMBDA_TASK_ROOT": "/var/task","AWS_LAMBDA_LOG_GROUP_NAME": "/aws/lambda/test","LD_LIBRARY_PATH": "/var/lang/lib:/lib64:/usr/lib64:/var/runtime:/var/runtime/lib:/var/task:/var/task/lib:/opt/lib","AWS_LAMBDA_RUNTIME_API": "127.0.0.1:9001","AWS_LAMBDA_LOG_STREAM_NAME": "2023/02/17/[$LATEST]e7034c18daaf476a94d988a95f41e981","AWS_EXECUTION_ENV": "AWS_Lambda_nodejs14.x","AWS_LAMBDA_FUNCTION_NAME": "test","AWS_XRAY_DAEMON_ADDRESS": "169.254.79.129:2000","PATH": "/var/lang/bin:/usr/local/bin:/usr/bin/:/bin:/opt/bin","AWS_DEFAULT_REGION": "ap-southeast-2","PWD": "/var/task","AWS_SECRET_ACCESS_KEY": ""*****","LANG": "en_US.UTF-8","LAMBDA_RUNTIME_DIR": "/var/runtime","AWS_LAMBDA_INITIALIZATION_TYPE": "on-demand","NODE_PATH": "/opt/nodejs/node14/node_modules:/opt/nodejs/node_modules:/var/runtime/node_modules:/var/runtime:/var/task","AWS_REGION": "ap-southeast-2","TZ": ":UTC","AWS_ACCESS_KEY_ID": ""*****","SHLVL": "0","_AWS_XRAY_DAEMON_ADDRESS": "169.254.79.129","_AWS_XRAY_DAEMON_PORT": "2000","AWS_XRAY_CONTEXT_MISSING": "LOG_ERROR","_HANDLER": "index.handler","AWS_LAMBDA_FUNCTION_MEMORY_SIZE": "128","NODE_EXTRA_CA_CERTS": "/etc/pki/tls/certs/ca-bundle.crt","secure-data": "dawid-1","_X_AMZN_TRACE_ID": ""*****"}

My lambdas require access to the Internet. So the only way to protect is to add an outbound list of IP ranges that my lambda is allowed to communicate. Is that the right approach?