Use when building features that execute untrusted user code, AI-generated code, or need isolated code execution environments. Covers the @deno/sandbox SDK.
View on GitHubFebruary 5, 2026
Select agents to install to:
npx add-skill https://github.com/denoland/skills/blob/main/skills/deno-sandbox/SKILL.md -a claude-code --skill deno-sandboxInstallation paths:
.claude/skills/deno-sandbox/# Deno Sandboxes
## Overview
Deno Sandboxes provide secure, isolated environments for running untrusted code. Each sandbox runs in its own Linux microVM (using Firecracker, the same technology as AWS Lambda) with a separate filesystem, network, and process space. This makes them ideal for code playgrounds, AI agent tool execution, and multi-tenant applications.
Reference: https://deno.com/deploy/sandboxes
## When to Use Sandboxes
Use Deno Sandboxes when you need to:
- Run user-submitted code safely
- Execute AI-generated code
- Build code playground platforms
- Create multi-tenant code execution environments
- Run automated tests in isolation
## Getting Started
### Installation
```bash
deno add jsr:@deno/sandbox
```
### Basic Usage
```typescript
import { Sandbox } from "@deno/sandbox";
// Create a sandbox (auto-disposed when scope ends)
await using sandbox = await Sandbox.create();
// Run a command
const child = await sandbox.spawn("echo", { args: ["Hello from sandbox!"] });
const output = await child.output();
console.log(new TextDecoder().decode(output.stdout));
// Output: Hello from sandbox!
```
## Core Concepts
### Sandbox Lifecycle
Sandboxes are resources that should be disposed when done. Use `await using` for automatic cleanup:
```typescript
await using sandbox = await Sandbox.create();
// Sandbox is automatically destroyed when this scope ends
```
Or manually dispose:
```typescript
const sandbox = await Sandbox.create();
try {
// Use sandbox
} finally {
await sandbox[Symbol.asyncDispose]();
}
```
### Running Processes
The `spawn` method runs commands inside the sandbox:
```typescript
const child = await sandbox.spawn("deno", {
args: ["run", "script.ts"],
stdin: "piped", // Enable stdin
stdout: "piped", // Capture stdout
stderr: "piped", // Capture stderr
});
// Wait for completion and get output
const output = await child.output();
console.log("Exit code:", output.code);
console.log("Stdout:", new TextDecoder().decode(o