Comment by ashishb
2 days ago
6 months back I started dockerizing my setup after multiple npm vulnerabilities.
Then I wrote a small tool[1] to streamline my sandboxing.
Now, I run agents inside it for keeping my non-working-directory files safe.
For some tools like markdown linter, I run them without network access as well.
Very nice! Quite a coincidence, but the NPM disaster also prompted me to build litterbox.work as a possible solution. It is a very different approach though.
Why not just use the standard Linux tool bubblewrap?
The main reason is that in addition to sandboxing, I also wanted something similar to dev-containers where I can have a reproducible development environment. I guess that can also be achieved with Bubblewrap, but when you want to run containers anyway, it seems silly to not just use Podman.
Interesting project.
This won't work on Mac, right?
Unfortunately not since it is very much designed for Linux. I imagine it should work fine inside a Linux VM on Mac though.
Of course not. But it is not needed, as Mac users are not interested in data safety.
This looks awesome! Do you have a mental process you run through to determine what gets run in the sandbox, or is it your default mode for all tools?
> This looks awesome! Do you have a mental process you run through to determine what gets run in the sandbox, or is it your default mode for all tools?
Here's what I use it for right now
- yarn - npm - pnpm - mdl - Ruby-based Markdown linter - fastlane - Ruby-based mobile app release tool by Google - Claude Code - Gemini CLI
Over time, my goal is to run all CLI-based tools that only need access to the current directory (and not parent directories) via this.
Why not just use the standard Linux tool bubblewrap?