sandboxpm

CLI reference

sandboxpm ships a full, npm-compatible CLI surface — not just an installer. This page lists every command exposed by the sandboxpm binary.

Install & dependencies

CommandDescription
sandboxpm installInstall all dependencies from package.json
sandboxpm add <packages...>Add and install one or more packages
sandboxpm remove <packages...>Remove packages
sandboxpm update [packages...] (alias up)Update packages to latest compatible versions (--latest for absolute latest)
sandboxpm initInitialize a new project (package.json + .sandboxpmrc)
sandboxpm outdatedCheck for outdated packages

Inspecting packages

CommandDescription
sandboxpm lsList installed packages
sandboxpm why <package>Explain why a package is installed
sandboxpm info <package>Show package metadata from the registry
sandboxpm search <query>Search packages in the registry (--json for machine-readable output)
sandboxpm auditShow a report of all sandboxed script runs

Script execution

CommandDescription
sandboxpm run <script> [args...]Run a package.json script — native by default, add --sandbox to isolate
sandboxpm test / start / stopAliases for sandboxpm run test/start/stop
sandboxpm exec <package> [args...]Download and execute a package binary in a Docker sandbox — always sandboxed

Script trust

CommandDescription
sandboxpm whitelist add <package>Trust a package's scripts permanently
sandboxpm whitelist remove <package>Remove a package from the whitelist

Store & config

CommandDescription
sandboxpm cache cleanRemove all unreferenced store entries
sandboxpm cache statsShow store size and file count
sandboxpm cache warmPre-download all packages into the store without linking
sandboxpm config get [key]Show global config, or a specific key
sandboxpm config set <key> <value>Set a global config value (storeDir, cacheDir, reportsDir)

Publishing & local development

CommandDescription
sandboxpm packCreate a tarball of the current package
sandboxpm publishPublish the current package to the registry
sandboxpm loginSave a registry access token to ~/.sandboxpm/auth.json
sandboxpm logoutRemove a saved registry token
sandboxpm link [path]Link a local package into node_modules (or register the current package globally)
sandboxpm unlink [name]Remove a linked package (or unregister the current package globally)
sandboxpm version <bump>Bump package version (major|minor|patch|prerelease, or an exact version)