suchar

I've been thinking of ways to sandbox development-related programs/processes/data on the MacOS. A primary use case is to protect the whole system from the, for example, malicious NPM library. I'm aware that there is some application sandboxing built-in into the MacOS. However, I don't know to what extent it covers this use case.

For this discussion, let's consider full-fledged IDE, like IntelliJ Idea, and skip remote development using VSCode/CLI editor over SSH/TRAMP/Projector. Also, examine a case where we would like to run multiple different applications inside the same sandbox for a specific project (e.g., IntelliJ + iTerm).

Please focus on the MacOS — I already know how to solve this issue on Linux.