npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@vercel/sandbox

v1.1.1

Published

Vercel Sandbox allows you to run arbitrary code in isolated, ephemeral Linux VMs. This product is in [beta](https://vercel.com/docs/release-phases#beta).

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

nick.traceynick.traceymatt.strakamatt.strakavercel-release-botvercel-release-botzeit-botzeit-bot

Keywords

Readme

Vercel Sandbox allows you to run arbitrary code in isolated, ephemeral Linux VMs. This product is in beta.

What is a sandbox?

A sandbox is an isolated Linux system for your experimentation and use. Internally, it is a Firecracker MicroVM that is powered by the same infrastructure that powers 1M+ builds a day at Vercel.

Getting started

Vercel Sandbox is in beta.

To get started, create a new project:

mkdir sandbox-test
cd sandbox-test
pnpm init
pnpm add @vercel/sandbox ms
pnpm add -D @types/ms @types/node

Link it to Vercel:

vercel link

Pull its environment variables:

vercel env pull

Now create next-dev.ts:

import ms from "ms";
import { Sandbox } from "@vercel/sandbox";
import { setTimeout } from "timers/promises";
import { spawn } from "child_process";

async function main() {
  const sandbox = await Sandbox.create({
    source: {
      url: "https://github.com/vercel/sandbox-example-next.git",
      type: "git",
    },
    resources: { vcpus: 4 },
    timeout: ms("5m"),
    ports: [3000],
    runtime: "node24",
  });

  console.log(`Installing dependencies...`);
  const install = await sandbox.runCommand({
    cmd: "npm",
    args: ["install", "--loglevel", "info"],
    stderr: process.stderr,
    stdout: process.stdout,
  });

  if (install.exitCode != 0) {
    console.log("installing packages failed");
    process.exit(1);
  }

  console.log(`Starting the development server...`);
  await sandbox.runCommand({
    cmd: "npm",
    args: ["run", "dev"],
    stderr: process.stderr,
    stdout: process.stdout,
    detached: true,
  });

  await setTimeout(500);
  spawn("open", [sandbox.domain(3000)]);
}

main().catch(console.error);

Run it like this:

node --env-file .env.local --experimental-strip-types ./next-dev.ts

This will:

  • Start a sandbox, seeding it with a git repository.
  • Install dependencies.
  • Run a next dev server
  • Open it in your browser

All while streaming logs to your local terminal.

Authentication

Vercel OIDC token

The SDK uses Vercel OIDC tokens to authenticate whenever available. This is the most straightforward and recommended way to authenticate.

When developing locally, you can download a development token to .env.local using vercel env pull. After 12 hours the development token expires, meaning you will have to call vercel env pull again.

In production, Vercel manages token expiration for you.

Access token

If you want to use the SDK from an environment where VERCEL_OIDC_TOKEN is unavailable, you can also authenticate using an access token:

  • Go to your team settings, and copy the team ID.
  • Go to a project's settings, and copy the project ID.
  • Go to your Vercel account settings and create a token. Make sure it is scoped to the team ID from the previous step.

Set your team ID, project ID, and token to the environment variables VERCEL_TEAM_ID, VERCEL_PROJECT_ID, and VERCEL_TOKEN. Then pass these to the create method:

const sandbox = await Sandbox.create({
  teamId: process.env.VERCEL_TEAM_ID!,
  projectId: process.env.VERCEL_PROJECT_ID!,
  token: process.env.VERCEL_TOKEN!,
  source: {
    url: "https://github.com/vercel/sandbox-example-next.git",
    type: "git",
  },
  resources: { vcpus: 4 },
  // Defaults to 5 minutes. The maximum is 5 hours for Pro/Enterprise, and 45 minutes for Hobby.
  timeout: ms("5m"),
  ports: [3000],
  runtime: "node24",
});

Limitations

  • Max resources: 8 vCPUs. You will get 2048 MB of memory per vCPU.
  • Sandboxes have a maximum runtime duration of 5 hours for Pro/Enterprise and 45 minutes for Hobby, with a default of 5 minutes. This can be configured using the timeout option of Sandbox.create().

System

The base system is an Amazon Linux 2023 system with the following additional packages installed.

bind-utils
bzip2
findutils
git
gzip
iputils
libicu
libjpeg
libpng
ncurses-libs
openssl
openssl-libs
procps
tar
unzip
which
whois
zstd
  • The node24 and node22 images ship Node runtimes under /vercel/runtimes/node{22,24}.
  • The python3.13 image ships a Python 3.13 runtime under /vercel/runtimes/python.
  • User code is executed as the vercel-sandbox user.
  • /vercel/sandbox is writable.

Sudo access

The nodeX and python3.13 images allow users to run commands as root. This can be used to install packages and system tools:

import { Sandbox } from "@vercel/sandbox";

const sandbox = await Sandbox.create();
await sandbox.runCommand({
  cmd: "dnf",
  args: ["install", "-y", "golang"],
  sudo: true,
});

Sandbox runs sudo in the following configuration:

  • HOME is set to /root – Executed commands will source root's configuration files (e.g. .gitconfig, .bashrc, etc).
  • Environment variables are not reset before executing the command.
  • PATH is left unchanged – sudo won’t change the value of PATH, so local or project-specific binaries will still be found.

Both these images are based on Amazon Linux 2023. The full package list is available here.