Thanks for the explanation, that does help put things in context. It is hard to know people's context of course so I personally try to err on the side of caution first. There are, unfortunately, a lot of people who don't understand at all the reasons that certain rules are in place and the impact of breaking them. So I apologise for explaining what you clearly already understood.
To put things in context, I've always worked in IT either within an IT team or as a contractor. I've never been one to accept the status-quo and I've always pushed the boundaries. But always with purpose and understanding rather than blindly. For example, the organisation I currently work for uses heavily locked down laptops which really wouldn't let me do my job well. So I use an unmanaged laptop. In previous roles as a contractor/consultant, I've also often used my own kit to get the job done even when the role supposedly required a company device.
And as an IT person, I would also be sceptical of going to IT
So I get where you are coming from and I certainly sympathise. Anyway, we've drifted off topic rather.
If application whitelisting is in use, there is no way you will be able to directly run Node-RED because you won't be able to run node.js. Nor would you be able to run an Electron version.
If whitelisting isn't in use and you can get to a command line, you can probably run node-red, especially if you use a local installation rather than the usual global one. If you can't get to the command line then try the Electron version of Node-RED.
If access to npmjs is blocked, download and pre-compile any nodes and dependencies on another similar system then copy them over manually on a stick or some other website that you have access to.
If you do manage to use one of these, I would still look for some cover from my manager just in case anyone gets uppity.
Above all, don't break anything!