pkg-sandbox

v1.0.2

Test your npm package like it's published, makes your test environment behave like your package was already live on the npm registry For more information about how to use this package see README

Latest version published 3 days ago

License: MIT

NPM

GitHub

Package Health Score

70 / 100

security
No known security issues
popularity
Limited
maintenance
Healthy
community
Limited

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
1.0.2	\|	12/2025		0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.0.1	\|	07/2025	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Limited

Weekly Downloads (4)

GitHub Stars: 0
Forks: 0
Contributors: 3

Direct Usage Popularity

The npm package pkg-sandbox receives a total of 4 downloads a week. As such, we scored pkg-sandbox popularity level to be Limited.

Based on project statistics from the GitHub repository for the npm package pkg-sandbox, we found that it has been starred ? times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 3
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like pkg-sandbox is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Healthy

Commit Frequency

Open Issues: 0
Open PR: 7
Last Release: 3 days ago
Last Commit: 3 days ago

Further analysis of the maintenance status of pkg-sandbox based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Healthy.

We found that pkg-sandbox demonstrates a positive version release cadence with at least one new version released in the past 3 months.

As a healthy sign for on-going project maintenance, we found that the GitHub repository had at least 1 pull request or issue interacted with by the community.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >= 16

Age: 5 months
Dependencies: 4 Direct
Versions: 4
Install Size: 10.8 kB
Dist-tags: 1
# of Files: 6
Maintainers: 1
TS Typings: No

pkg-sandbox has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Readme

pkg-sandbox

Test your npm package as if it was published.

No more mocks. No more local imports. This tool makes your test environment behave like your package was already live on the npm registry.

What it does

✅ Test your package installation using real install behavior
✅ Allows you to use normal imports in your test cases, just like if the package were published
✅ Detects install failures immediately

Install & Use

npm install --save-dev pkg-sandbox

Then you can use it with the command:

npx sandbox [options]

#basic use
npx sandbox

Then use your library in tests exactly like real-world usage:

import { yourFn } from 'your-lib-name';

Example workflow (Vitest)

// test/my-lib.test.ts
import { resolvePath } from 'your-lib-name';

it('resolves correctly', () => {
  expect(resolvePath('vitest')).toMatch(/node_modules/);
});

You can now test everything just like real users would.

Why not use ./dist?

Because they don't reflect real publish behavior.

pkg-sandbox gives you a fully realistic environment where your package behaves exactly like it's published.

It does not run your test cases — it just sets up a real-world install so that your tests can catch:

Broken main or exports paths
Invalid subpath imports (like 'lib/special.js')
Missing files excluded by .npmignore or files
Incorrect or missing type definitions

CLI Options

Flag	Description
`[pkgPath]`	Path to your package (default: current directory)
`--agent`	Force specific package manager (`npm`, `pnpm`, `yarn`)
`--version`	Show CLI version

Support matrix

Package Manager	Supported	Notes
`npm`	✅ Yes	Recommended
`yarn classic`	✅ Yes	Fully compatible
`pnpm`	✅ Yes	Works, but store-based
`bun*`	✅ Yes	Fully compatible
`deno*`	❌ No	Not supported (might be in the future if i have time)
`yarn PnP`	❌ No	WiP

*: Built-in package manager support

When to use

Before publishing your package
In CI/CD to catch install bugs early — this tests the actual install behavior
To validate exports, types, and package.json correctness as seen by real users
Catch missing files, broken exports, or invalid types — before your users do.

Changelog

See full release notes in CHANGELOG.md

License

MIT Yuki Akai

pkg-sandbox dependencies

@yukiakai/find-up chalk commander consola

pkg-sandbox development dependencies

@changesets/cli @eslint/js @vitest/coverage-v8 dotenv eslint prettier tsup tsx typescript typescript-eslint vitest

FAQs

What is pkg-sandbox?

Test your npm package like it's published, makes your test environment behave like your package was already live on the... Visit Snyk Advisor to see a full health score report for pkg-sandbox, including popularity, security, maintenance & community analysis.

Is pkg-sandbox popular?

The npm package pkg-sandbox receives a total of 4 weekly downloads. As such, pkg-sandbox popularity was classified as limited. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is pkg-sandbox well maintained?

We found that pkg-sandbox demonstrated a healthy version release cadence and project activity. It has a community of 3 open source contributors collaborating on the project. See the full package health analysis to learn more about the package maintenance status.

Is pkg-sandbox safe to use?

The npm package pkg-sandbox was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 6 December-2025, at 23:30 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (4)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Readme

pkg-sandbox

What it does

Install & Use

Example workflow (Vitest)

Why not use ./dist?

CLI Options

Support matrix

When to use

Changelog

License

pkg-sandbox dependencies

pkg-sandbox development dependencies

FAQs

What is pkg-sandbox?

Is pkg-sandbox popular?

Is pkg-sandbox well maintained?

Is pkg-sandbox safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues