Secure NPX Runner, useful for stdio mcp

npxs

#!/bin/sh
# npxs - Sandboxed npx runner for secure MCP server execution
#
# Installation:
#   wget https://gist.githubusercontent.com/thypon/ec4bb090d6ca1ffd0baac3a4f2c6a106/raw/npxs
#   chmod +x npxs
#   mv npxs ~/.local/bin/  # or any directory in your PATH
#
# Usage:
#   Use 'npxs' instead of 'npx' when running MCP servers for sandboxed execution
#   Example: npxs @modelcontextprotocol/server-filesystem /path/to/files
#
# If inside container - just run command.
# If outside container - create new sandboxed container and run command inside.
#
# Based on: https://github.com/vitalets/npxd

set -e

# Parse flags
mount_fs=false
enable_network=true
sandbox=true
args=""

while [ $# -gt 0 ]; do
  case $1 in
    --fs)
      mount_fs=true
      shift
      ;;
    --nonet)
      enable_network=false
      shift
      ;;
    --nosandbox)
      sandbox=false
      shift
      ;;
    *)
      if [ -z "$args" ]; then
        args="$1"
      else
        args="$args $1"
      fi
      shift
      ;;
  esac
done

if [ -z "$args" ]; then
  echo "USAGE: npxs [--fs] [--nonet] [--nosandbox] <command>"
  echo "  --fs         Mount current directory to /app"
  echo "  --nonet      Disable network access"
  echo "  --nosandbox  Disable sandbox mode (runs with fewer security restrictions)"
  exit 0
fi

if grep -sq docker /proc/1/cgroup || [ -f /.dockerenv ]; then
  exec npx -y $args
else
  # Build docker run command
  docker_cmd="docker run --rm -i"

  # Add sandbox security flags
  if [ "$sandbox" = true ]; then
    docker_cmd="$docker_cmd --security-opt=no-new-privileges --cap-drop=ALL --read-only --tmpfs /tmp --tmpfs /root:exec"
  fi

  # Add filesystem mount if requested
  if [ "$mount_fs" = true ]; then
    docker_cmd="$docker_cmd -v $(pwd):/app -w /app"
  fi

  # Control network access
  if [ "$enable_network" = false ]; then
    docker_cmd="$docker_cmd --network none"
  fi

  # Run in a new container
  exec $docker_cmd node:latest npx -y $args
fi