Packj sandbox for “safe installation” of PyPI/NPM/RubyGems packages

**Packj** offers a lightweight sandboxing for "safe installation" of PyPI/NPM/RubyGems packages \[1\]. Specifically, it prevents malicious packages from exfiltrating sensitive data, accessing sensitive files (e.g., SSH keys), and persisting malware.

Full Disclosure: Packj relies on strace, a popular FOSS tool to trace program execution. A proprietary binary blob (sandbox.o) is LD\_PRELOADed to hook into strace and analyze system calls.

1. [https://github.com/ossillate-inc/packj/blob/main/sandbox/README.md](https://github.com/ossillate-inc/packj/blob/main/sandbox/README.md)

cybersecurity installation npm packj pypi rubygems safe sandbox