We sandbox every build. Here is what we learned.

We sandbox every build at Doodledapp. Here's why it matters. When you compile a smart contract in our visual builder and import a package like OpenZeppelin, that code runs on our servers. NPM packages (the building blocks of most javascript-based software) can execute code during installation. Link: https://doodledapp.com/feed/we-sandbox-every-build-here-is-what-we-learned In web3, attackers have exploited this repeatedly by compromising popular libraries used by hundreds of thousands of developers and draining user funds. We couldn't just trust the packages our users import. So we built Doodledapp so that every build runs in its own isolated container, completely cut off from the rest of our infrastructure. It's fast enough to feel instant and secure enough to treat every dependency as potentially hostile. The trade-offs, the architecture decisions, the surprises along the way, it's all in our latest build-in-public post.

We sandbox every build. Here is what we learned.

Related Articles

Week 6 — No New Problems. Just Me and Everything I Already Learned.

What OpenClaw Gets Wrong Out of the Box (And How to Fix It)

Android Remote Compose：讓 Android UI 不用發版也能更新

Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?

“Learn to Code” Is Dead… Learn to Think Instead

Related Articles

How-To
Week 6 — No New Problems. Just Me and Everything I Already Learned.
Medium Programming • 2d ago

How-To
What OpenClaw Gets Wrong Out of the Box (And How to Fix It)
Medium Programming • 2d ago

How-To
Android Remote Compose：讓 Android UI 不用發版也能更新
Medium Programming • 3d ago

How-To
Learn Something Old Every Day, Part XVIII: How Does FPU Detection Work?
Lobsters • 3d ago

How-To
“Learn to Code” Is Dead… Learn to Think Instead
Medium Programming • 3d ago