Anyone using it with nodejs to make a sandbox for code agents?

simonw · 2026-03-17T04:38:15 1773722295

I've done some experiments along those lines with Pyodide in Deno: https://til.simonwillison.net/deno/pyodide-sandbox

benjamincburns · 2026-03-17T10:53:34 1773744814

Yes. More than a few times. It however is not really designed to operate as a secure sandbox environment.

https://nvd.nist.gov/vuln/detail/CVE-2025-68668

https://nvd.nist.gov/vuln/detail/CVE-2025-51464

https://nvd.nist.gov/vuln/detail/CVE-2026-25905

b89kim · 2026-03-17T03:56:12 1773719772

ChatGPT's Canvas uses Pyodide for sandboxing, but it's not designed for coding agents. Node.js environment is usually better for agents. Pyodide restricts server-side functionality, and fetching external URLs often needs proxying due to sandbox. By the way, pyodide is still good option for interactive visualizer or deploying small webapps require data processing.

jcheng · 2026-03-17T03:17:38 1773717458

For that purpose I think most people are using bubblewrap or seatbelt/sandbox-exec with CPython.

westurner · 2026-03-17T07:34:45 1773732885

From https://news.ycombinator.com/item?id=47171887 re: [agent] sandboxing :

pydantic/monty, vercel-labs/just-bash, amla sandbox, csl-core, microsandbox, workerd, wasmtime-mte

containers/bubblewrap: https://github.com/containers/bubblewrap#sandboxing

The bubblewrap readme mentions containers as binaries with binctr; I guess without overlayfs or other file-level re-deduplication due to the container fs in the binary.

Perhaps similarly, also TIL UKI are easier for UEFI Secure Boot to check signatures on than (kernel, initrd) pairs