Nango now executes every customer‑supplied script inside a micro‑VM sandbox instead of its main service process.
The change swaps in Firecracker‑based containers that spin up on demand, enforce strict CPU and memory caps, and drop all network access. Scripts are queued, launched in an isolated VM, and their output is streamed back to the calling API. If a script exceeds its limits, the VM is terminated and the request fails without touching the host.
This matters because it blocks malicious or buggy code from affecting Nango’s core systems while preserving the sub‑second response times developers expect from an integration platform. The isolation also simplifies compliance audits, since each execution leaves a clean, reproducible environment.
The move echoes a broader shift toward micro‑VMs for multi‑tenant workloads, but Nango’s tight coupling of sandbox launch to API calls keeps the overhead low enough to stay competitive.