| # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| # Sandbox Dockerfile β JavaScript/TypeScript execution | |
| # Minimal image with strict security constraints | |
| # βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ | |
| FROM node:20-alpine | |
| # Create sandbox user (non-root) | |
| RUN adduser -D -u 1000 sandbox | |
| # Create workspace | |
| RUN mkdir -p /sandbox && chown sandbox:sandbox /sandbox | |
| # Install TypeScript runtime | |
| RUN npm install -g tsx typescript | |
| # Remove package manager to prevent installs | |
| RUN rm -rf /usr/local/bin/npm /usr/local/bin/npx /usr/local/bin/corepack | |
| # Switch to sandbox user | |
| USER sandbox | |
| WORKDIR /sandbox | |
| # Default entrypoint | |
| ENTRYPOINT ["sh", "-c"] | |