sandbox individual npm dependencies in your node app

Node has process permission flags like allowNet, allowFsRead, etc. The catch is that they apply to your entire running app, and we all know dependencies can get... creative. https://github.com/bluelibs/sandboxify npm: sandboxify Current version: 0.0.1 The idea is pretty simple: run selected packages in a separate Node child process with restricted permissions, while keeping your app code relatively normal. Under the hood, it creates RPC-like adapters so you can call into those sandboxed packages without having to redesign your app around workers or a custom RPC layer. So instead of fully trusting every dependency, you can isolate the ones you’d rather keep on a shorter leash. It can sandbox: npm packages (including their dep trees) local files even local folders This feels especially useful for things like PDF generation, HTML sanitizing, parsing, templating, and other workloads where: the dependency does meaningful work per call a little process-boundary/RPC overhead is acceptable red