Deno Sandbox - Hacker News

Posted by johnspurlock 6 hours ago

256 points | 92 commentspage 2

nihakue 5 hours ago|

See also Sprites (https://news.ycombinator.com/item?id=46557825) which I've been using and really enjoying. There are some key architecture differences between the two, but very similar surface area. It'll be interesting to see if ephemeral + snapshots can be as convenient as stateful with cloning/forking (which hasn't actually dropped yet, although the fly team say it's coming).

Will give these a try. These are exciting times, it's never been a better time to build side projects :)

tomComb 27 minutes ago||

Yes, sprites looks great too – would certainly be interested in a comparison.

alooPotato 2 hours ago||

what are the key architectural differences?

Tepix 5 hours ago||

If you can create a deno sandbox from a deno sandbox, you could create an almost unkillable service that jumps from one sandbox to the next. Very handy for malicious purposes. ;-)

Just an idea…

mrkurt 4 hours ago||

This is, in fact, the biggest problem to solve with any kind of compute platform. And when you suddenly launch things really, really fast, it gets harder.

runarberg 5 hours ago||

Isn’t that basically how zip-bombs work?

kibibu 3 hours ago||

Not really, no

mrpandas 5 hours ago||

Where's the real value for devs in something like this? Hasn't everyone already built this for themselves in the past 2 years? I'm not trying to sound cheeky or poo poo the product, just surprised if this is a thing. I can never read what's useful by gut anymore, I guess.

slibhb 4 hours ago||

> Hasn't everyone already built this for themselves in the past 2 years?

Even if this was true, "everyone building X independently" is evidence that one company should definitely build X and sell it to everyone

mrkurt 4 hours ago|||

Sandboxes with the right persistence and http routing make excellent dev servers. I have about a million dev servers I just use from whatever computer / phone I happen to be using.

It's really useful to just turn a computer on, use a disk, and then plop its url in the browser.

I currently do one computer per project. I don't even put them in git anymore. I have an MDM server running to manage my kids' phones, a "help me reply to all the people" computer that reads everything I'm supposed to read, a dumb game I play with my son, a family todo list no one uses but me, etc, etc.

Immediate computers have made side projects a lot more fun again. And the nice thing is, they cost nothing when I forget about them.

simonw 4 hours ago||

I'd love to know more about that "help me reply to all the people" one! I definitely need that.

mrkurt 3 hours ago||

You will be astonished to know it'a a whole lot of sqlite.

Everything I want to pay attention to gets a token, the server goes and looks for stuff in the api, and seeds local sqlites. If possible, it listens for webhooks to stay fresh.

Mostly the interface is Claude code. I have a web view that gives me some idea of volume, and then I just chat at Claude code to have it see what's going on. It does this by querying and cross referencing sqlite dbs.

I will have claude code send/post a response for me, but I still write them like a meatsack.

It's effectively: long lived HTTP server, sqlite, and then Claude skills for scripts that help it consistently do things based on my awful typing.

falcor84 4 hours ago|||

> Hasn't everyone already built this for themselves in the past 2 years?

The short answer is no. And more so, I think that "Everyone I know in my milieu already built this for themselves, but the wider industry isn't talking about it" is actually an excellent idea generator for a new product.

ATechGuy 4 hours ago||

In the last one year, we have seen several sandboxing wrappers around containers/VMs and they all target one use case AI agent code execution. Why? perhaps because devs are good at building (wrappers around VMs) and chase the AI hype. But how are these different and what value do they offer over VMs? Sounds like a tarpit idea, tbh.

Here's my list of code execution sandboxing agents launched in the last year alone: E2B, AIO Sandbox, Sandboxer, AgentSphere, Yolobox, Exe.dev, yolo-cage, SkillFS, ERA Jazzberry Computer, Vibekit, Daytona, Modal, Cognitora, YepCode, Run Compute, CLI Fence, Landrun, Sprites, pctx-sandbox, pctx Sandbox, Agent SDK, Lima-devbox, OpenServ, Browser Agent Playground, Flintlock Agent, Quickstart, Bouvet Sandbox, Arrakis, Cellmate (ceLLMate), AgentFence, Tasker, DenoSandbox, Capsule (WASM-based), Volant, Nono, NetFence

kommunicate 2 hours ago|||

don't forget runloop!

ushakov 3 hours ago|||

why? because there’s a huge market demand for Sandboxes. no one would be building this if no one would be buying.

disclaimer: i work at E2B

ATechGuy 3 hours ago||

I'm not saying sandboxes are not needed, I'm saying VMs/containers already provide the core tech and it's easy to DIY a sandbox. Would love to understand what value E2B offers over VMs?

kommunicate 2 hours ago|||

making a local sandbox using docker is easy, but making them work at high volume and low latency is hard

ushakov 3 hours ago|||

we offer secure cloud VMs that scale up to 100k concurrent instances or more.

the value we sell with our cloud is scale, while our Sandboxes are a commodity that we have proudly open-sourced

ATechGuy 3 hours ago||

> we offer secure cloud VMs that scale up to 100k concurrent instances or more.

High scalability and VM isolation is what the Cloud (GCP/AWS, that E2B runs on) offers.

drewbitt 4 hours ago||

Has everyone really built their own microVMs? I don’t think so.

zenmac 4 hours ago||

Saw quite bit on HN.

A quick search this popped up:

https://news.ycombinator.com/item?id=45486006

If we can spin up microVM so quickly, why bother with Docker or other containers at all?

drewbitt 4 hours ago|||

I think a 413 commit repo took a bit of time.

mrpandas 4 hours ago||

That's just over one day worth of commits in a few friends' activity at this point. Thanks to Anthropic.

ushakov 3 hours ago|||

10 seconds is actually not that impressive. we spin up Sandboxes around 50-200ms at E2B

MillionOClock 4 hours ago||

Can this be used on iOS somehow? I am building a Swift app where this would be very useful but last time I checked I don't think it was possible.

lucacasonato 3 hours ago|

It’s a cloud service - so you can call out to it from anywhere you want. Just don’t ship your credentials in the app itself, and instead authenticate via a server you control.

snehesht 5 hours ago||

50/200 Gb free plus $0.5 / Gb out egress data seems expensive when scaling out.

e12e 5 hours ago||

Looks promising. Any plans for a version that runs locally/self-host able?

Looks like the main innovation here is linking outbound traffic to a host with dynamic variables - could that be added to deno itself?

latexr 3 hours ago||

> evil.com

That website does exist. It may hurt your eyes.

lucacasonato 3 hours ago|

We honestly should have just linked to oracle.com instead of evil.com

eric-burel 3 hours ago||

Can it be used to sandbox an AI agent, like replacing eg Cursor or Openclaw sandboxing system?

EGreg 2 hours ago||

We already have a pretty good sandbox in our platform: https://github.com/Qbix/Platform/blob/main/platform/plugins/...

It uses web workers on a web browser. So is this Deno Sandbox like that, but for server? I think Node has worker threads.

ianberdin 5 hours ago|

Firecrackervm with proxy?

jonthepirate 2 hours ago|

seems it.

More comments...