Top 23 Sandbox Open-Source Projects

1. firecracker

   1 79 27,327 9.8 Rust

   Secure and fast microVMs for serverless computing.

   

   Project mention: Show HN: Ephemeral VMs in 1 Microsecond | news.ycombinator.com | 2024-12-20

   Well, FireCracker has a jailer process: https://github.com/firecracker-microvm/firecracker/blob/main...

2. CodeRabbit

   coderabbit.ai featured

   CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

   

3. gvisor

   2 76 16,258 9.8 Go

   Application Kernel for Containers

   

   Project mention: Reverse Engineering OpenAI Code Execution to make it run C and JavaScript | news.ycombinator.com | 2025-03-12

   > why would they be running such an old Linux?

   They didn't.

   OP misunderstood what gVisor is, and thought gVisor's uname() return [1] was from the actual kernel. It's not. That's the whole point of gVisor. You don't get to talk to the real kernel.

   [1] https://github.com/google/gvisor/blob/c68fb3199281d6f8fe02c7...

4. wasmtime

   3 186 16,007 9.9 Rust

   A lightweight WebAssembly runtime that is fast, secure, and standards-compliant

   

   Project mention: Looking Ahead to WASIp3 | dev.to | 2025-03-17

   curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh rustup target install wasm32-wasip1 cargo install --locked --version 1.227.1 wasm-tools cargo install --locked --git https://github.com/dicej/spin --branch wasi-http-p3-demo spin-cli git clone https://github.com/WebAssembly/wasi-http -n && (cd wasi-http && git checkout 505ebdb9) curl -OL https://github.com/bytecodealliance/wasmtime/releases/download/v30.0.2/wasi_snapshot_preview1.reactor.wasm

5. cosmos-js

   4 15 8,440 7.5 TypeScript

   Sandbox for developing and testing UI components in isolation

   

6. wasm3

   5 43 7,496 7.7 C

   🚀 A fast WebAssembly interpreter and the most universal WASM runtime

   

   Project mention: Wasm3 + TinyGo on PSP | dev.to | 2024-12-19

   Ultimately, the combination of C and Wasm3 worked successfully.

7. OpenTTD

   6 254 6,759 9.9 C++

   OpenTTD is an open source simulation game based upon Transport Tycoon Deluxe

   

   Project mention: Railroad Tycoon II | news.ycombinator.com | 2025-01-13

   Not it is the free software or open source version of this game, but OpenLoco https://openloco.io/ is great, and I hope that this game in near future will have a free assets like as OpenTTD https://www.openttd.org/ .

8. x11docker

   7 27 5,809 4.9 Shell

   Run GUI applications and desktops in docker and podman containers. Focus on security.

   

   Project mention: How to run GUI applications directly in containers | news.ycombinator.com | 2025-02-27

   Curious that there's no comparison to https://github.com/mviereck/x11docker , which I would describe as the incumbent in this space.

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. sandpack

    8 16 5,316 8.4 TypeScript

    A component toolkit for creating live-running code editing experiences, using the power of CodeSandbox.

    

    Project mention: Inside the Box: August Community Update | dev.to | 2024-09-12

    Sandpack static file support 🖼️ — You can now serve static files inside a Sandpack instance! This beta feature allows serving SVGs, fonts, images, and much more, which helps take isolated, interactive code examples to a new level!

11. The-Powder-Toy

    9 71 4,743 9.5 C++

    Written in C++ and using SDL, The Powder Toy is a desktop version of the classic 'falling sand' physics sandbox, it simulates air pressure and velocity as well as heat.

    

    Project mention: Defibrillation devices save lives using 1k times less electricity | news.ycombinator.com | 2024-11-07

12. fragments

    10 2 4,729 9.3 TypeScript

    Open-source Next.js template for building apps that are fully generated by AI. By E2B.

    

    Project mention: Top 8 Most Popular Open-Source Next.js Boilerplates/Starter | dev.to | 2024-11-25

    4. fragments

13. Terasology

    11 18 3,713 8.1 Java

    Terasology - open source voxel world

    

    Project mention: Lessons from Open-Source Game Projects | dev.to | 2024-04-10

    Terasology - Minecraft-inspired voxel game. Java

14. pafish

    12 17 3,589 0.0 C

    Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do

    

15. Thrive

    13 112 3,071 9.9 C#

    The main repository for the development of the evolution game Thrive.

    

    Project mention: Thrive is a free, open-source game about the evolution of life | news.ycombinator.com | 2025-03-17

16. nanos

    14 30 2,736 9.0 C

    A kernel designed to run one and only one application in a virtualized environment

    

    Project mention: OS for Secure Containers? | news.ycombinator.com | 2024-09-04

    Going to toot my own horn here but if you're looking for something like a container with a security focus that is precisely what https://nanos.org was built for. No users, no login/ssh, no ability to run other programs other than the one that is already running. It kills off entire CWE's such as CWE-77/CWE-78 and neutralizes a large amount of nasty payloads forcing attackers to put in the work. It has all the same security features you'll find in linux (aslr, stack exec off, rodata no exec, etc.) but more.

    A go unikernel deployed in this manner might have 5 files on the fs so you don't have a half-dozen interpreters or live off the land binary type stuff. Beware though that not all unikernels are built the same way and don't share the same security profiles as nanos.

    At the end of the day though if security is a driving force containers are simply not built for that. Just the other day CVE-2024-45310 landed and a few weeks ago we had CVE-2024-42472 in flakpak (a continuation of the bubblewrap stuff).

    People are probably going to jump in here and mention gvisor and firecracker. Note that firecracker is really a machine monitor replacement and most payloads are still running a linux guest (although nanos can work here). Gvisor does deal with the security issue well enough but at the cost of performance if you don't have access to hw virtualization.

17. CAPEv2

    15 5 2,265 9.8 Python

    Malware Configuration And Payload Extraction

    

18. junest

    16 27 2,139 5.7 Shell

    The lightweight Arch Linux based distro that runs, without root privileges, on top of any other Linux distro.

    

19. JS-Interpreter

    17 7 2,058 5.5 JavaScript

    A sandboxed JavaScript interpreter in JavaScript.

    

20. codapi

    18 3 1,721 6.6 Go

    Interactive code examples for documentation, education and fun

    

    Project mention: Codapi – Interactive code examples for documentation, education and fun | news.ycombinator.com | 2024-04-29

21. KubeArmor

    19 3 1,693 9.4 Go

    Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).

    

22. sandboxed-api

    20 5 1,685 9.4 C++

    Generate sandboxes for C/C++ libraries automatically

    

23. OPS

    21 12 1,337 8.4 Go

    ops - build and run nanos unikernels

    

    Project mention: OS for Secure Containers? | news.ycombinator.com | 2024-09-04

    Nanos is the actual kernel while ops (https://ops.city) is the build/deploy tool. I presume you're asking if this is doing "orchestration" - that is more of a container term. These get deployed as actual vms so all the orchestration stuff is performed by the cloud.

24. kuasar

    22 5 1,304 8.3 Rust

    A multi-sandbox container runtime that provides cloud-native, all-scenario multiple sandbox container solutions.

    

    Project mention: My VM is lighter (and safer) than your container | news.ycombinator.com | 2024-05-14

25. hvpp

    23 1 1,162 3.2 C++

    hvpp is a lightweight Intel x64/VT-x hypervisor written in C++ focused primarily on virtualization of already running operating system

    

26. SaaSHub

    www.saashub.com featured

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    

Sandbox related posts

• Reverse Engineering OpenAI Code Execution to make it run C and JavaScript

  1 project | news.ycombinator.com | 12 Mar 2025

• This Week in Docker: AI, AI, AI!

  2 projects | dev.to | 10 Feb 2025

• Show HN: Ephemeral VMs in 1 Microsecond

  2 projects | news.ycombinator.com | 20 Dec 2024

• MoonBit compiler is available on GitHub

  4 projects | news.ycombinator.com | 21 Dec 2024

• Building And Running WASM Apps

  1 project | dev.to | 25 Nov 2024

• Query Your Python Lists

  4 projects | news.ycombinator.com | 14 Nov 2024

• Spin 3.0 – open-source tooling for building and running WASM apps

  7 projects | news.ycombinator.com | 12 Nov 2024
• A note from our sponsor - SaaSHub
  www.saashub.com | 25 Mar 2025

  SaaSHub helps you find the best software and product alternatives Learn more →

Index

Sponsored

CodeRabbit: AI Code Reviews for Developers

Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

coderabbit.ai