That is correct.
Important to know: NEVER use the same nonce twice with the same key.
It's okay to use the same key again, if the nonce is different. Nonce means "Number, used ONCE", btw.

I'd also add to your example:

// alice does this:
const boxed = secretBox(message, nonce, scalarMult(alice_e.secretKey, bob_e.publicKey))
// forget the secret key, now alice can't decrypt the message anymore.
alice_e.secretKey.fill(0)

// bob does this:
const unboxed = secretBoxOpen(boxed, nonce, scalarMult(bob_e.secretKey, alice_e.publicKey))
// forget the secret key, now bob can't decrypt the message anymore.
bob_e.secretKey.fill(0)

Once you have deleted the secret key, even if your computer is later compromised, they can't get the key.
(note: it might not work if your computer was already compromised, because the compromiser could change the code so it doesn't delete the secret key)