Deno has introduced Deno Sandbox, a new service for securely running untrusted code, particularly LLM-generated code. This addresses the growing need to execute code that accesses external APIs and sensitive information without human review. The service provides lightweight Linux microVMs within the Deno Deploy cloud, offering isolation and control over network egress and secrets.

Built to tackle security risks, Deno Sandbox prevents code from compromising systems or exfiltrating credentials. Secrets are never directly exposed within the environment; instead, placeholders are used. Outbound network access is tightly controlled, allowing developers to specify approved hosts, blocking requests to any other destinations. This approach enhances security for applications using LLM-generated code.

Further, the service integrates directly with Deno Deploy, enabling seamless deployment from sandbox to production with a single command. Deno Sandbox also offers persistent storage options for data and pre-installed toolchains. It's now in beta, and included within existing Deno Deploy plans with usage-based pricing. The launch is a direct response to the increasing use of LLMs in development.