npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

axsandbox

v1.2.5

Published

Podman-based sandbox manager CLI for creating and managing ephemeral container sessions

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

jercikjercik

Keywords

aiagentclirunnerclaude-codecodexgeminillmautomationcoding-assistant

Readme

axsandbox

Podman-based sandbox manager CLI for creating and managing ephemeral container sessions.

Requirements

  • Node.js >= 22.14.0
  • Podman (podman)
    • On macOS, podman machine must be initialized and running
    • When axsandbox exec passes env vars into the container (including TERM in TTY mode), it requires podman exec --env-file
    • Override binary path with AXSANDBOX_PODMAN_PATH=/path/to/podman
  • jq (used in examples)
  • POSIX shell (sh) for the example scripts

CLI conventions

  • Output formats (for up, inspect, gc, validate): --format json|text (use json for pipelines; text for humans).
  • stdout filtering: --stdout-filter jsonl enforces valid JSON Lines output by dropping non-JSON and empty lines; it requires non-TTY exec mode (--tty off, or leave --tty auto and pipe/redirect stdout), and errors if TTY is enabled.
  • Prefer long flags (--format, --yes, --force) over short flags.
  • Confirmations: --yes auto-confirms prompts; --force overrides safety checks. Both are optional and independent.

Sandbox images

When using axsandbox as the backend for axrun --sandbox, your container image must satisfy the image contract in docs/sandbox-image.md.

The alpine image in the quick start is fine for axsandbox exec, but it does not include axexec and is not suitable for end-to-end agent runs.

Reference image

A reference container image satisfying the contract in docs/sandbox-image.md is available:

# Pull a released image tag from registry (private; requires credentials)
podman pull registry.j4k.dev/axsandbox:<version>

# Or build locally
podman build -t axsandbox .

Use the latest GitHub release version (without a leading v) for <version>.

The reference image includes:

  • Node.js >= 22.14.0 runtime
  • axexec CLI
  • All 5 agent CLIs: claude, codex, gemini, opencode, copilot
  • Common dev tools: bash, git, curl, jq, openssh-client

Note: Agent CLIs are pinned in Containerfile defaults. Override via build args to update versions.

Building with specific versions

podman build \
  --build-arg AXEXEC_VERSION=1.7.0 \
  --build-arg AXINSTALL_VERSION=1.2.0 \
  -t axsandbox:custom .

Publishing

Container publishing is now part of CI/CD:

  • Pushes to main run the Release workflow.
  • If semantic-release creates a new version tag, CI builds and publishes a multi-arch image to registry.j4k.dev/axsandbox:<version>.

For manual publishing outside CI, use the script:

# Publish image tagged with local package.json version
./scripts/publish-image.sh

# Publish specific version
./scripts/publish-image.sh --version 1.2.0

# Dry run (build but don't push)
./scripts/publish-image.sh --dry-run

See scripts/publish-image.sh --help for more options.

Quick start

Show help:

npx -y axsandbox --help

Validate Podman:

npx -y axsandbox validate --format text

Create a session:

workdirHost="$(mktemp -d)"
cat > spec.json <<EOF
{
  "image": "docker.io/library/alpine:3.19",
  "workdirHost": "$workdirHost",
  "workdirContainer": "/workspace",
  "mounts": [],
  "network": "off",
  "tty": "off",
  "envPolicy": { "allow": [], "deny": [], "default": "deny" }
}
EOF

container="$(npx -y axsandbox up --spec-file ./spec.json --format text)"
echo "container=$container"

Note: Setting envPolicy.default to "allow" forwards all host environment variables (except those in deny) and can leak secrets. Prefer "deny" + an explicit allow list.

Run a command:

Note: axsandbox exec <container> operates on an existing container name and does not reload the spec used by up. It uses conservative defaults and does not forward host environment variables by default (except TERM when TTY is enabled).

npx -y axsandbox exec "$container" -- sh -lc 'echo hello'

Remove the session:

npx -y axsandbox down "$container" --yes --force

Examples (Pipelines)

Extract the container name for scripting:

npx -y axsandbox up --spec-file ./spec.json --format json | jq -r '.containerName'

Preview what gc would remove, then count candidates:

npx -y axsandbox gc --dry-run --format json | jq '.containers | length'

Inspect a session and extract fields using standard tools:

npx -y axsandbox inspect "$container" --format json | jq -r '.image // ""'

Filter command output to valid JSONL and post-process with jq:

npx -y axsandbox exec "$container" --stdout-filter jsonl -- sh -lc 'echo "{\"ok\":true}"' | jq -c '.'

Agent Rule

Add to your CLAUDE.md or AGENTS.md:

# Rule: `axsandbox` Usage

Run `npx -y axsandbox --help` to learn available options.

Use `axsandbox` to create/inspect/exec inside Podman sandbox sessions and capture script-friendly stdout/stderr for pipelines.

License

MIT