Johnny Matthews | Sandboxing Untrusted Code with Lima

I’ve written before about using Multipass to sandbox dodgy NPM packages. It works great, but Multipass only supports Ubuntu images. Sometimes I want something lighter, like Alpine. So we’re gonna use Lima. This was written on 27th of November 2025.

Lima is similar to Multipass but way more flexible. It supports Alpine, Debian, Arch, and a bunch of others out of the box. On macOS it uses Apple’s native Hypervisor.framework, so there’s no need to install VirtualBox or any other chunky hypervisor.

Spin up and down

Super easy, just follow these steps:

  1. Install Lima:

    brew install lima

  2. Spin up an Alpine box:

    limactl start --name=sandbox template://alpine

    This downloads the Alpine template and boots a VM. Takes about a minute on first run.

  3. Shell into said box and do your sketchy NPM crap in here:

    limactl shell sandbox
    lima-sandbox:/Users/johnny$

  4. I sometimes run into an issue where DNS won’t resolve. Pinging an IP directly works fine though, which means it’s a DNS issue. The fix is simple, just point the resolver at a working nameserver:

    echo "nameserver 8.8.8.8" | sudo tee /etc/resolv.conf

  5. Exit and close down your VM:

    limactl stop sandbox
limactl delete sandbox

  6. Done!

Why not just use Docker?

Yeah I could. But Docker on MacOS is itself running in a Lima VM, so you’re adding another layer of abstraction. If you just want a throwaway Linux shell to run untrusted code, Lima cuts out the middleman.