github alibaba/OpenSandbox js/sandbox/v0.1.7
js/sandbox 0.1.7
on GitHub

3 hours ago

What's New

✨ Features

  • Added platform-aware sandbox creation for the JavaScript SDK. Sandbox.create() now accepts a platform constraint so callers can request runtime OS/architecture explicitly, while existing image-based creation remains compatible by default. This is useful for deployments that schedule across mixed Docker/Kubernetes platforms. #645
  • Added richer storage and Windows sandbox creation options. The JS models now include PVC auto-provisioning fields such as createIfNotExists, storageClass, storage, and accessModes; this pairs with server-side auto-create support for Kubernetes PVCs and Docker named volumes. The SDK also accepts Windows-aware platform values for sandbox provisioning. #661 #749 #785
  • Added secure endpoint access support. Sandbox.create() accepts secureAccess, and endpoint responses preserve required access headers so SDK traffic can continue to reach secured Kubernetes gateway endpoints without callers manually wiring transport headers. #745
  • Added signed endpoint support for time-limited route access. JavaScript consumers can call sandbox.getSignedEndpoint(port, expires) to obtain an endpoint whose URL/headers carry the signed route token instead of relying on a long-lived static endpoint secret. #787
  • Added pause and resume lifecycle support. Sandbox and SandboxManager expose pause/resume methods, and Sandbox.resume(...) reconnects after resume so callers receive a fresh instance when the execd endpoint changes. #668
  • Added snapshot lifecycle support. The JS SDK can create, get, list, and delete snapshots through SandboxManager, and Sandbox.create() can restore from snapshotId; callers must provide exactly one startup source, either image or snapshotId. The API is runtime-neutral: Docker snapshot support landed with the SDK surface, and Kubernetes public snapshot support followed in the server/controller runtime. #764 #837 #840
  • Added metadata patch support. Sandbox.patchMetadata(...) and SandboxManager.patchSandboxMetadata(...) expose JSON merge-patch semantics for updating or deleting sandbox metadata without replacing the whole sandbox record. #863

🐛 Bug Fixes

  • Updated JavaScript package dependencies to address npm audit findings including high/moderate vulnerabilities in minimatch, rollup, flatted, vite, esbuild, postcss, picomatch, and brace-expansion. #789
  • Addressed CodeQL/static-analysis findings in the JavaScript SDK connection layer, including safer string handling and regression coverage in connection.test.mjs. #795

📦 Misc

  • JavaScript package publishing now packs the npm tarball before publish and emits GitHub artifact attestations, so consumers can verify the published SDK artifact provenance. #827

👥 Contributors

Thanks to these contributors ❤️

@ninan-nn
@hittyt
@Pangjiping
@fengcone
@xfgong

Check out latest releases or
releases around alibaba/OpenSandbox js/sandbox/v0.1.7

Don't miss a new OpenSandbox release

NewReleases is sending notifications on new releases.

Get notifications