sandboxpm

Installation

Requirements

  • Node.js 18+
  • Docker Engine 24+ (Linux / macOS / Windows with WSL2)
  • 2GB free disk space for the base sandbox image and initial cache

Install the CLI

npm install -g sandboxpm

Common commands

CommandDescription
sandboxpm initInitialize .sandboxpmrc in a project
sandboxpm installInstall all dependencies from package.json
sandboxpm add <pkg>Add and install a new package
sandboxpm remove <pkg>Remove a package
sandboxpm auditShow a report of all sandboxed script runs
sandboxpm cache cleanClear the CAS store
sandboxpm whitelist add <pkg>Trust a package's scripts permanently

See the full CLI reference for every command sandboxpm ships.

First install

sandboxpm install

✓ Resolving dependencies... (47 packages)
✓ Downloading tarballs... (12 new, 35 from store)
✓ Verifying SHA-512... OK
✓ Linking node_modules...

──────────────────────────────────────────────────────
⚠  3 packages have install scripts
──────────────────────────────────────────────────────

  1. esbuild@0.19.4
     Type:    postinstall
     Script:  node install.js
     Inspect: https://unpkg.com/esbuild@0.19.4/install.js

     Run this script? [y/N/inspect/always/never]

Every script gets this treatment — nothing runs until you say so.