Is sandbox safe to use?

sandbox has 2 known vulnerabilities on the latest version (2.5.10). DepScope rates its health at 40/100 (high risk).

What is the latest version of sandbox?

The latest version of sandbox is 2.5.10, released 2026-04-14.

Does sandbox have known vulnerabilities?

Yes. sandbox has 2 known vulnerabilities. See depscope.dev/pkg/npm/sandbox for details.

Is sandbox deprecated?

No, sandbox is actively maintained. Latest release: 2.5.10 (2026-04-14).

What are alternatives to sandbox?

Popular alternatives to sandbox in npm include: semver, debug, ansi-styles, minimatch, brace-expansion.

What license does sandbox use?

sandbox is licensed under Apache-2.0.

sandbox

npmv2.5.10

Command line interface for Vercel Sandbox

License Apache-2.0permissive67 versions3 maintainers3 deps1,433,639 weekly dl

vercel/sandbox

/ 100

Health

do not use

sandbox has critical vulnerabilities — do not use

Moderate health score (40/100) — verify manually
1 critical vulnerabilities

Health breakdown0 – 100

25/25

maintenance

17/20

popularity

13/25

security

15/15

maturity

6/15

community

0/15

popularity_floor

Vulnerabilities

1 critical1 medium

Advisories (2)

Severity	ID	Summary	Fixed in
medium	GHSA-fm4j-4xhm-xpwx	Sandbox Breakout / Arbitrary Code Execution in sandbox	—
critical	GHSA-gc25-3vc5-2jf9	Sandbox Breakout / Arbitrary Code Execution in sandbox	—

Bundle & TypeScript

📦

Bundle Size

1006.8 KBminified

291.9 KB gzipped

3 direct dependencies

side effects

🌟

TypeScript

0/10untyped

No type definitions available

Health History

Dependency Tree

License Audit

Dependencies (3)

zod debug @vercel/sandbox

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/sandbox