sandboxpm
zero-trust package management

Install packages.
Not backdoors.

sandboxpm never runs a preinstall, install, or postinstall script without your explicit consent. Every download is SHA-512 verified, and every approved script runs in a disposable Docker sandbox — never on your machine.

Why sandboxpm?

npm, pnpm, and yarn all execute install scripts silently. A malicious package can read your SSH keys, exfiltrate .env files, or install backdoors — all during a simple install. sandboxpm closes that door.

Consent, every time

Every preinstall, install, and postinstall script requires an explicit opt-in via an interactive prompt — inspect, always-allow, or always-block.

SHA-512 verified

Tarballs are hashed while streaming and checked against the registry's published integrity before a single file is extracted.

Content-addressable store

Every file lives once in ~/.sandboxpm/store/, keyed by its hash, and is hard-linked into every project that needs it — zero duplicated disk space.

Non-flat node_modules

Only direct dependencies reach the root node_modules/. Transitive dependencies stay nested, so your code can only import what you declared.

How it works

  1. 01ResolveA BFS dependency resolver dedupes versions pnpm-style and writes a deterministic sandboxpm.lock.
  2. 02Fetch & verifyTarballs stream in, get hashed on the fly, and are checked against dist.integrity before extraction — never after.
  3. 03LinkStore entries are hard-linked into a pnpm-style non-flat node_modules, falling back to copies when hard links aren’t possible.
  4. 04SandboxScripts you approve run in an ephemeral, capability-dropped Docker container with no host credentials or network access.

Stop trusting install scripts blindly.

Zero-trust installs, a shared content-addressable store, and Docker-sandboxed scripts — for every project on your machine.

npm install -g sandboxpmRead the docs