Skip to main content
Deno 2.5 is here 🎉
Learn more
Introducing Deno Sandboxes

Run untrusted code safely

A managed API for running untrusted code in secure Linux VMs. Built for AI agents.
âš¡Instant startup
🔒Strict network policies
🚀One call to production
npm install @deno/sandboxView on

Sign up for Deno Deploy|Reference docs

— Getting started —

Create your first Deno Sandbox in under two minutes

1. Install @deno/sandbox

You can use our Sandboxes API with Node or Deno, in whichever package manager you prefer
npm install @deno/sandbox

2. Create an access token

Easily create an access token in the Deno Deploy dashboard, and use it to authenticate your API requests.
Creating an access token for the Sandboxes API via the Deno Deploy dashboard. There's a field for the token description, and its expiration (currently set to the default 24 hours).

3. Create your first sandbox!

Use the Sandbox API to execute any code you like. Call to LLMs, or any other API endpoints you need. Read and write files. Enjoy the full power of JavaScript.
import { Sandbox } from "@deno/sandbox";
await using sandbox = await Sandbox.create();
await sandbox.sh`ls -lh /`;
Show output
$ deno -NE ls.ts
total 9.3M
drwxr-xr-x   1 daemon daemon 4.0K Nov  3 10:52 app
lrwxrwxrwx   1 root   root      7 Nov  3 10:15 bin -> usr/bin
drwxrwxrwt  10 root   root    200 Nov  3 10:52 data
drwxr-xr-x   4 root   root   2.3K Nov  3 10:52 dev
drwxr-xr-x   1 root   root    100 Nov  3 10:15 etc
-rwxr-xr-x   1 root   root   9.2M Nov  3 10:17 fcinit
drwxr-xr-x   3 root   root     45 Nov  3 10:15 home
drwxrwxrwt   2 daemon daemon   40 Nov  3 10:40 isolate
lrwxrwxrwx   1 root   root      7 Nov  3 10:15 lib -> usr/lib
lrwxrwxrwx   1 root   root      9 Nov  3 10:15 lib64 -> usr/lib64
drwx------   2 daemon daemon    3 Nov  2 23:48 mnt
drwxr-xr-x   2 root   root     27 Nov  3 10:15 overlay
dr-xr-xr-x 115 root   root      0 Nov  3 10:40 proc
drwxr-xr-x  18 root   root    384 Nov  3 10:17 rom
drwxr-xr-x   2 root   root   4.0K Nov  3 10:40 root
drwxrwxrwt   6 root   root    120 Nov  3 10:40 run
lrwxrwxrwx   1 root   root      8 Nov  3 10:15 sbin -> usr/sbin
dr-xr-xr-x  12 root   root      0 Nov  3 10:40 sys
drwxrwxrwt   9 root   root   4.0K Nov  3 10:52 tmp
drwxr-xr-x  12 root   root    194 Sep  8 00:00 usr
drwxr-xr-x   5 root   root   4.0K Nov  3 10:40 var

— Use cases —

Why Sandboxes?

Deno Sandboxes let you run untrusted or generated code with real isolation and real control.
Each sandbox is a fresh micro-VM fully accessible via a simple API.

Instantly isolate untrusted code

Start a VM in one call — no Docker, no config, no provisioning.

Each sandbox runs in its own secure environment and disappears automatically when released.

Define what code can reach

Sandboxes let you lock down outbound connections. Specify which hosts your code is allowed to talk to, and bind secrets so they're only revealed to approved destinations.

Even if the code misbehaves, it can't leak data or phone home.

Wildly fast start times

Fast to get started and fast to run, Deno Sandboxes are built for performance. New sandboxes spin up in milliseconds—almost faster than you can even think about it.

await Sandbox.create();
Ready! ✅

Complete access control

Test live in the browser

Expose your dev server over HTTP for live previews in any browser.

sandbox.exposeHttp(8000);

Connect via SSH

Connect to your sandbox via SSH with a single command.

sandbox.exposeSsh();

Deploy to production

Turn your sandbox into a persistent Deno Deploy application with one call.

sandbox.deploy();
Coming Soon

And much more on the way!

We're just getting started on making Deno Sandboxes the most robust way to build anything you might have in mind…

Every sandbox helps you get started.
Deno Sandboxes help you get finished.

Since you’re building on Deno Deploy, you can take your sandbox live instantly, the moment you’re ready.
sandbox.deploy();
Learn more about Deno Deploy

FAQs

Sandboxes are lightweight Linux microVMs you control via a simple JavaScript API. Each sandbox is fully isolated with its own filesystem, network stack, and process tree.

Under 200ms. Fast enough to spin up on-demand for each request.

Any Linux binary. Deno is pre-installed, so TypeScript and JavaScript run out of the box with no setup.

Default is 2 vCPUs, 512MB memory, and 10GB disk. You can adjust these when creating a sandbox.

Each sandbox runs in its own Firecracker microVM—the same technology that powers AWS Lambda. Full VM isolation, not just containers.

All outbound connections route through a proxy where your security policy is enforced. You control exactly which hosts your code can reach. (Coming soon)

No. Secrets in your sandbox are replaced with secure tokens. The real values are only injected at the network layer when connecting to approved destinations—so even malicious code can't read or leak them.

Yes. Deno Deploy is SOC2 and ISO27001 certified. Your code and sandbox data are never shared with third parties. We also offer HIPAA BAA for enterprise contracts.

— Get started now —

Ready to get started?

View on npm