Comment by tensor
7 days ago
MacOS apps can already be sandboxed. In fact it's a requirement to publish them to the Mac App Store. I agree it'd be nice to see this extended to userland binaries though.
7 days ago
MacOS apps can already be sandboxed. In fact it's a requirement to publish them to the Mac App Store. I agree it'd be nice to see this extended to userland binaries though.
You can't really sandbox development dependencies in any meaningful way. I want to throw everything and the kitchen sink into one container per project, not install a specific version of Python, Node, Perl or what have you globally/namespaced/whatever. Currently there's no good solution to that problem, save perhaps for a VM.
Hmm have you tried devenv?
https://devenv.sh/
UV is pretty good for python too.
uv doesn't provide strong isolation; a package you install using uv can attempt to delete random files in your home folder when you import it, for example.