Install packages.
Not backdoors.
sandboxpm never runs a preinstall, install, or postinstall script without your explicit consent. Every download is SHA-512 verified, and every approved script runs in a disposable Docker sandbox — never on your machine.
Why sandboxpm?
npm, pnpm, and yarn all execute install scripts silently. A malicious package can read your SSH keys, exfiltrate .env files, or install backdoors — all during a simple install. sandboxpm closes that door.
Consent, every time
Every preinstall, install, and postinstall script requires an explicit opt-in via an interactive prompt — inspect, always-allow, or always-block.
SHA-512 verified
Tarballs are hashed while streaming and checked against the registry's published integrity before a single file is extracted.
Content-addressable store
Every file lives once in ~/.sandboxpm/store/, keyed by its hash, and is hard-linked into every project that needs it — zero duplicated disk space.
Non-flat node_modules
Only direct dependencies reach the root node_modules/. Transitive dependencies stay nested, so your code can only import what you declared.
How it works
- 01ResolveA BFS dependency resolver dedupes versions pnpm-style and writes a deterministic sandboxpm.lock.
- 02Fetch & verifyTarballs stream in, get hashed on the fly, and are checked against dist.integrity before extraction — never after.
- 03LinkStore entries are hard-linked into a pnpm-style non-flat node_modules, falling back to copies when hard links aren’t possible.
- 04SandboxScripts you approve run in an ephemeral, capability-dropped Docker container with no host credentials or network access.
Stop trusting install scripts blindly.
Zero-trust installs, a shared content-addressable store, and Docker-sandboxed scripts — for every project on your machine.
npm install -g sandboxpmRead the docs