mkenv is a CLI that spins up hardened, per-project Docker environments so you can run any repo without gambling your laptop.
It inspects your project, estimates what the environment should look like, builds a disposable Docker container around it, and keeps both your code and your LLM locked inside that sandbox.
Your host should only need: Docker, a browser, Slack, and one mkenv binary.
All toolchains, languages, packages, and scripts live and die inside mkenv.
Every experienced developer knows this feeling: your laptop is a graveyard of old runtimes, global installs, random scripts, and half-forgotten projects. And every time you run an install command or setup script, you're quietly gambling with your entire machine.
I lost that gamble.
One fake interview task, one repo clone, one innocent-looking npm run – and suddenly I was rotating hundreds of passwords, revoking tokens, resetting SSH keys, reissuing cloud credentials, and eventually nuking my Mac because I had no idea what was touched.
And the painful part? I always knew I should be using isolated dev environments. But the moment I open a devcontainer.json or start thinking about a Dockerfile for local dev, my brain screams “not today”.
Your development machine silently holds:
And you regularly run code that can access all of it:
One wrong dependency is enough to lose everything.
The Shai-Hulud 2.0 npm worm [Supply Chain] [credential Theft] [Self-Propagation]
A self-replicating npm worm known as Shai-Hulud was identified, backdooring hundreds of legitimate npm packages.
https://securitylabs.datadoghq.com/articles/shai-hulud-2.0-npm-worm/
XZ Utils Backdoor — [Supply Chain] [RCE]
A core Linux library was backdoored to tamper with SSH authentication globally.
Shai-Hulud NPM Worm — [Supply Chain] [Credential Theft] [Self-Propagation]
A self-spreading npm worm stole tokens and auto-published malware using your credentials.
https://www.blackduck.com/blog/npm-malware-attack-shai-hulud-threat.html
NPM SSH-Key Stealers — [Credential Theft] [Postinstall Malware]
Malicious postinstall scripts read ~/.ssh/id_rsa and uploaded it to attackers.
https://www.scworld.com/news/github-npm-registry-abused-to-host-ssh-key-stealing-malware
PyTorch Dependency Confusion — [Supply Chain] [Credential Theft]
A fake PyPI package exfiltrated SSH keys and tokens.
colors.js / faker.js Sabotage — [Sabotage]
The maintainer intentionally broke the world with malicious updates.
Codecov Bash Uploader — [CI Compromise] [Credential Theft]
A compromised CI script exfiltrated secrets from thousands of CI pipelines.
PHP Git Server Backdoor — [RCE] [Account Takeover]
Attackers pushed commits enabling RCE via HTTP headers.
UA-Parser-JS Hijack — [Account Takeover] [Credential Theft] [Cryptominer]
Stolen maintainer creds published malicious versions.
Log4Shell — [RCE] [Ecosystem-Wide Vulnerability]
A logging string triggered RCE in millions of Java systems.
event-stream — [Supply Chain] [Credential Theft]
A fake maintainer added a dependency stealing crypto wallets.
ESLint-Scope — [Account Takeover] [Credential Theft]
Breached maintainer account published malicious versions.
https://eslint.org/blog/2018/07/postmortem-for-malicious-package-publishes/
RubyGems Backdoored Packages — [Supply Chain] [Credential Theft]
Popular gems were replaced with malicious versions.
https://www.helpnetsecurity.com/2019/08/21/backdoored-ruby-gems/
npm Typosquatting — [Social Engineering]
Misspelled packages harvested AWS keys and env vars.
Octopus Scanner — [Build System Infection]
Malware infected repos so every build produced compromised artifacts.
XcodeGhost — [IDE Infection]
Trojanized Xcode infected every iOS app built with it.
mkenv is a CLI (Elastic License 2.0) that creates disposable Docker dev containers with hardened defaults and almost zero setup.
You run mkenv . in any folder.
mkenv inspects the codebase, estimates the correct environment, generates a Dockerfile, builds a safe container, and drops you inside it.
Your editor and LLM run inside the container instead of your laptop.
Your host stays clean. Your secrets stay safe.
mkenv determines languages, versions, CLIs, OS dependencies, build tools—everything—by analyzing your repo.
No Dockerfiles. No devcontainers. No YAML.
Cursor, VS Code, JetBrains, Claude, Copilot—everything runs inside the container.
If the LLM goes wild, it only damages the sandbox.
Fresh container every run.
Cached dependencies for speed.
Throw away the environment the moment something feels off.
Your host should only have Docker, Slack, browser, mkenv.
All toolchains live inside mkenv containers and die with them.
If something bad happens, you just delete the container.
Linux is planned, Windows probably via WSL. Today it's macOS because that's where the founder got burned.
curl -L https://github.com/0xa1bed0/mkenv/releases/download/latest/mkenv-darwin-arm64 -o mkenv
chmod +x mkenv
sudo mv mkenv /usr/local/bin/mkenv . inside any project folder.Next runs reuse caches, so you're back in fast. No devcontainer JSON headache.
Use mkenv anywhere—personal projects, at work, across your entire company. Just don't turn around and sell it as your own product.
Allowed: personal hacking, using at work, org-wide installs, CI pipelines, internal tooling, forks with local mods.
Not allowed: reselling mkenv, reselling forks, shipping it as SaaS, embedding it into commercial products, or building a hosted competitor out of it.
ELv2 keeps it free for devs while preventing someone from cloning it into a sketchy cloud service. No enterprise upsell, just guardrails.
We're not a big corporation or Security Enterprise Platform™.
We’re devs who got burned by running untrusted code and finally snapped.
This is the tool we wish existed before running that one bad command.
If you're thinking: "yeah… this is exactly the thing I've been too lazy to build myself" —
Good.
We built it for you.