The sandbox ships as part of our phylum CLI, which can be installed with the following:
curl https://sh.phylum.io | sh -
You can run any package manager command through Phylum to take advantage of the sandbox. For example, installing react via Phylum:
phylum npm install react
To make things easier and more seamless, you can alias the package manager to phylum and run package manager commands as you normally would:
alias npm="phylum npm"
npm install react
Developers are under attack. Typosquats, dependency confusion and obfuscated code are persistent threats during package installation. Phylum.io has built a sandbox that limits access to the filesystem, environment variables and the network.