- cross-posted to:
- nix@programming.dev
- cross-posted to:
- nix@programming.dev
cross-posted from: https://programming.dev/post/36875851
As a developer I often need to run code I cannot trust, especially dependencies from NodeJS and Python projects, on my dev machine. In order to protect my system from potentially malicious code, I built NixWrap, an adhoc sandboxing tool for NixOS.
NixWrap wraps bubblewrap (oh dear), running it with convenient defaults and offering easy to use command line flags to toggle custom options. An invocation to NixWrap is typically way shorter than the bubblewrap equivalent.
E.g.
npm installcan be wrapped withwrap -n npm installto gain network access and write access to the current working directory.
You must log in or # to comment.


