Is sandbox safe to use?

sandbox has 2 known vulnerabilities on the latest version (3.2.2). DepScope rates its health at 40/100 (high risk).

What is the latest version of sandbox?

The latest version of sandbox is 3.2.2, released 2026-06-16.

Does sandbox have known vulnerabilities?

Yes. sandbox has 2 known vulnerabilities. See depscope.dev/pkg/npm/sandbox for details.

Is sandbox deprecated?

No, sandbox is actively maintained. Latest release: 3.2.2 (2026-06-16).

What are alternatives to sandbox?

Popular alternatives to sandbox in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does sandbox use?

sandbox is licensed under Apache-2.0.

sandbox

npmv3.2.2

Command line interface for Vercel Sandbox

License Apache-2.0permissive86 versions4 maintainers5 deps1,665,623 weekly dl

vercel/sandbox

/ 100

Health

do not use

sandbox has critical vulnerabilities — do not use

Moderate health score (40/100) — verify manually
1 critical vulnerabilities

Health breakdown0 – 100

25/25

maintenance

17/20

popularity

13/25

security

15/15

maturity

6/15

community

0/15

popularity_floor

Vulnerabilities

1 critical1 medium

Advisories (2)

Severity	ID	Summary	Fixed in
medium	GHSA-fm4j-4xhm-xpwx	Sandbox Breakout / Arbitrary Code Execution in sandbox	—
critical	GHSA-gc25-3vc5-2jf9	Sandbox Breakout / Arbitrary Code Execution in sandbox	—

Bundle & TypeScript

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

Dependencies (5)

async-retry debug ws zod @vercel/sandbox

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/sandbox