npm - @vercel/sandbox - Versions diffs - 0.0.12 → 0.0.13 - Mend

@vercel/sandbox 0.0.12 → 0.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/.turbo/turbo-build.log +1 -1
package/.turbo/turbo-typecheck.log +1 -1
package/CHANGELOG.md +6 -0
package/README.md +31 -1
package/dist/api-client/api-client.d.ts +1 -0
package/dist/api-client/api-client.js +1 -0
package/dist/sandbox.d.ts +4 -0
package/dist/sandbox.js +1 -0
package/dist/version.d.ts +1 -1
package/dist/version.js +1 -1
package/package.json +1 -1
package/src/api-client/api-client.ts +2 -0
package/src/command.test.ts +32 -0
package/src/sandbox.ts +5 -0
package/src/version.ts +1 -1

package/.turbo/turbo-build.log CHANGED Viewed

@@ -1,4 +1,4 @@
-> @vercel/sandbox@0.0.12 build /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
+> @vercel/sandbox@0.0.13 build /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
 > tsc

package/.turbo/turbo-typecheck.log CHANGED Viewed

@@ -1,4 +1,4 @@
-> @vercel/sandbox@0.0.12 typecheck /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
+> @vercel/sandbox@0.0.13 typecheck /home/runner/work/sandbox-sdk/sandbox-sdk/packages/sandbox
 > tsc --noEmit

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,11 @@
 # @vercel/sandbox
+## 0.0.13
+### Patch Changes
+- Add sudo support to running commands ([#72](https://github.com/vercel/sandbox-sdk/pull/72))
 ## 0.0.12
 ### Patch Changes

package/README.md CHANGED Viewed

@@ -89,6 +89,7 @@ const sandbox = await Sandbox.create({
     type: "git",
   },
   resources: { vcpus: 4 },
+  // Defaults to 5 minutes. The maximum is 45 minutes.
   timeout: ms("5m"),
   ports: [3000],
   runtime: "node22",
@@ -97,8 +98,9 @@ const sandbox = await Sandbox.create({
 ## Limitations
-- `sudo` is not available. User code is executed as the `vercel-sandbox` user.
 - Max resources: 8 vCPUs. You will get 2048 MB of memory per vCPU.
+- Sandboxes have a maximum runtime duration of 45 minutes, with a default of 5
+  minutes. This can be configured using the `timeout` option of `Sandbox.create()`.
 ## System
@@ -131,5 +133,33 @@ zstd
 - User code is executed as the `vercel-sandbox` user.
 - `/vercel/sandbox` is writable.
+## Sudo access
+The `node22` and `python3.13` images allow users to run commands as root. This
+can be used to install packages and system tools:
+```typescript
+import { Sandbox } from "@vercel/sandbox";
+const sandbox = await Sandbox.create();
+await sandbox.runCommand({
+  cmd: "dnf",
+  args: ["install", "-y", "golang"],
+  sudo: true,
+});
+```
+Sandbox runs sudo in the following configuration:
+- `HOME` is set to `/root` – Executed commands will source root's configuration
+  files (e.g. `.gitconfig`, `.bashrc`, etc).
+- Environment variables are not reset before executing the command.
+- `PATH` is left unchanged – sudo won’t change the value of PATH, so local or
+  project-specific binaries will still be found.
+Both these images are based on Amazon Linux 2023. The full package list is
+available [here](https://docs.aws.amazon.com/linux/al2023/release-notes/all-packages-AL2023.7.html).
 [create-token]: https://vercel.com/account/settings/tokens
 [hive]: https://vercel.com/blog/a-deep-dive-into-hive-vercels-builds-infrastructure
+[al-2023-packages]: https://docs.aws.amazon.com/linux/al2023/release-notes/all-packages-AL2023.7.html

package/dist/api-client/api-client.d.ts CHANGED Viewed

@@ -83,6 +83,7 @@ export declare class APIClient extends BaseClient {
         command: string;
         args: string[];
         env: Record<string, string>;
+        sudo: boolean;
     }): Promise<Parsed<{
         command: {
             name: string;

package/dist/api-client/api-client.js CHANGED Viewed

@@ -66,6 +66,7 @@ class APIClient extends base_client_1.BaseClient {
                 args: params.args,
                 cwd: params.cwd,
                 env: params.env,
+                sudo: params.sudo,
             }),
         }));
     }

package/dist/sandbox.d.ts CHANGED Viewed

@@ -78,6 +78,10 @@ interface RunCommandParams {
      * Environment variables to set for this command
      */
     env?: Record<string, string>;
+    /**
+     * If true, execute this command with root privileges. Defaults to false.
+     */
+    sudo?: boolean;
     /**
      * If true, the command will return without waiting for `exitCode`
      */

package/dist/sandbox.js CHANGED Viewed

@@ -112,6 +112,7 @@ class Sandbox {
             args: params.args ?? [],
             cwd: params.cwd,
             env: params.env ?? {},
+            sudo: params.sudo ?? false,
         });
         const command = new command_1.Command({
             client: this.client,

package/dist/version.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const VERSION = "0.0.12";
1	+ export declare const VERSION = "0.0.13";

package/dist/version.js CHANGED Viewed

@@ -2,4 +2,4 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.VERSION = void 0;
 // Autogenerated by inject-version.ts
-exports.VERSION = "0.0.12";
+exports.VERSION = "0.0.13";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@vercel/sandbox",
-  "version": "0.0.12",
+  "version": "0.0.13",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/api-client/api-client.ts CHANGED Viewed

@@ -102,6 +102,7 @@ export class APIClient extends BaseClient {
     command: string;
     args: string[];
     env: Record<string, string>;
+    sudo: boolean;
   }) {
     return parseOrThrow(
       CommandResponse,
@@ -112,6 +113,7 @@ export class APIClient extends BaseClient {
           args: params.args,
           cwd: params.cwd,
           env: params.env,
+          sudo: params.sudo,
         }),
       }),
     );

package/src/command.test.ts CHANGED Viewed

@@ -72,3 +72,35 @@ it("Kills a command with a SIGTERM", async () => {
   const result = await cmd.wait();
   expect(result.exitCode).toBe(143); // 128 + 15
 });
+it("can execute commands with sudo", async () => {
+  const cmd = await sandbox.runCommand({
+    cmd: "env",
+    sudo: true,
+    env: {
+      FOO: "bar",
+    },
+  });
+  expect(cmd.exitCode).toBe(0);
+  const output = await cmd.stdout();
+  expect(output).toContain("FOO=bar\n");
+  expect(output).toContain("USER=root\n");
+  expect(output).toContain("SUDO_USER=vercel-sandbox\n");
+  // The actual path contains more, but this is enough
+  // to verify that we do not reset it to a default path.
+  expect(output).toContain("PATH=/vercel/bin");
+  const dnf = await sandbox.runCommand({
+    cmd: "dnf",
+    args: ["install", "-y", "golang"],
+    sudo: true,
+  });
+  expect(dnf.exitCode).toBe(0);
+  const which = await sandbox.runCommand("which", ["go"]);
+  expect(which.output()).resolves.toContain("/usr/bin/go");
+});

package/src/sandbox.ts CHANGED Viewed

@@ -80,6 +80,10 @@ interface RunCommandParams {
    * Environment variables to set for this command
    */
   env?: Record<string, string>;
+  /**
+   * If true, execute this command with root privileges. Defaults to false.
+   */
+  sudo?: boolean;
   /**
    * If true, the command will return without waiting for `exitCode`
    */
@@ -268,6 +272,7 @@ export class Sandbox {
       args: params.args ?? [],
       cwd: params.cwd,
       env: params.env ?? {},
+      sudo: params.sudo ?? false,
     });
     const command = new Command({

package/src/version.ts CHANGED Viewed

@@ -1,2 +1,2 @@
 // Autogenerated by inject-version.ts
-export const VERSION = "0.0.12";
+export const VERSION = "0.0.13";