npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@harness-kernel/sandbox-docker

v0.5.0

Published

Docker Sandboxes sbx backend for Harness Kernel.

Readme

@harness-kernel/sandbox-docker

Docker Sandboxes (sbx) backend for Harness Kernel runtime hosts.

pnpm add @harness-kernel/sandbox-docker

This package maps each Harness sessionId to a deterministic Docker Sandbox name and executes tool commands through sbx exec. Tools in the same Harness session share that one sbx sandbox. Use it when host-local execution is too broad and you want command execution isolated by Docker Sandboxes while keeping Harness Kernel as the agent runtime.

Host setup

Install Docker Sandboxes on the host, then start and authenticate the daemon:

sbx daemon start
sbx login
sbx policy set-default balanced

On Linux, Docker Sandboxes requires KVM. Confirm the host has virtualization enabled and the runtime user can access the kvm device/group.

See the Docker sandbox guide for persistence, per-session files, logging, events, and cleanup.

Minimal setup

import { DockerSandbox } from "@harness-kernel/sandbox-docker";

const sandbox = new DockerSandbox({
  workspace: { hostPath: process.cwd() },
  persistence: "workspace",
  namePrefix: "myapp-prod",
  defaultTimeoutMs: 30_000,
});

persistence: "workspace" is the default. Closing a session removes the sandbox while preserving files in the mounted host workspace. Use persistence: "sandbox" to stop the sandbox on close and reuse the same machine for the same sessionId.

Deleting a session always removes the deterministic per-session sandbox.

Use a namePrefix that identifies the app, environment, and tenant in production, for example support-prod-acme. Prefixes are validated before sbx is called.

Session files

Mount per-session files with a dynamic extraWorkspaces function:

import { DockerSandbox, dockerSandboxSessionSegment } from "@harness-kernel/sandbox-docker";

const sandbox = new DockerSandbox({
  workspace: { hostPath: process.cwd() },
  extraWorkspaces: ({ sessionId }) => [
    {
      hostPath: `.harness-kernel/sessions/${dockerSandboxSessionSegment(sessionId)}/files`,
      readOnly: true,
      envName: "HARNESS_FILES_DIR",
    },
  ],
});

Every exec() receives HARNESS_FILES_DIR pointing to the mounted directory. Relative extra workspace paths are resolved from the main workspace, cannot escape with .., and are created by the host before sbx create shell. Absolute extra workspace paths are allowed as explicit trusted host configuration.

Sandbox lifecycle and exec activity are operational logs, not session timeline events.

See the runtime sandbox docs for the host/runtime boundary notes.