[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-nango-isolates-customer-scripts-with-microvm-sandboxes":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":24,"persona_id":22,"persona_name":22,"section":22,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},486,"nango-isolates-customer-scripts-with-microvm-sandboxes","Nango isolates customer scripts with micro‑VM sandboxes","The platform now runs untrusted code in lightweight VMs to keep latency low and protect core services.","Nango now executes every customer‑supplied script inside a micro‑VM sandbox instead of its main service process.\n\nThe change swaps in Firecracker‑based containers that spin up on demand, enforce strict CPU and memory caps, and drop all network access. Scripts are queued, launched in an isolated VM, and their output is streamed back to the calling API. If a script exceeds its limits, the VM is terminated and the request fails without touching the host.\n\nThis matters because it blocks malicious or buggy code from affecting Nango’s core systems while preserving the sub‑second response times developers expect from an integration platform. The isolation also simplifies compliance audits, since each execution leaves a clean, reproducible environment.\n\nThe move echoes a broader shift toward micro‑VMs for multi‑tenant workloads, but Nango’s tight coupling of sandbox launch to API calls keeps the overhead low enough to stay competitive.","[\"cloud\",\"security\",\"micro-vm\"]","2026-06-09T15:31:19.000Z","2026-06-09T20:28:28.986Z","2026-06-10T01:37:21.331Z","published",null,[],"https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fnango-isolates-customer-scripts-with-microvm-sandboxes.webp",[26,27,28],"cloud","security","micro-vm",[30],{"name":31,"url":32},"Hacker News","https:\u002F\u002Fnango.dev\u002Fblog\u002Fhow-nango-runs-untrusted-customer-code-at-scale\u002F",0]