Docker isn’t a serious sandboxing strategy

> https://github.com/ashishb/amazing-sandbox

Does your Docker backend run commands in rootless containers? I skimmed the code but didn't see anything to confirm this.

Is there a detection component here too? Sandboxing development is great, but the next step is to deploy to production. How do you know if something malicious happened in the sandbox, such that you don't deploy the malware further?

> Nobody should do 'npm install' or 'pip install' on their machine.

What alternative do you suggest?

Do you mean not install outside a sandbox?