Show HN: Machine – 每个项目一个虚拟机

1作者: katspaugh大约 2 个月前
大家好! 我意识到直接在我的 Mac 上运行编码项目真的不安全。最近所有关于 NPM 的攻击,尤其是涉及到智能编码——你离灾难只差一个 npm install。 所以我构建了一个名为 machine 的小型 CLI,它为你的每个项目启动一个 Lima VM。它支持声明式的“配置文件”,就像你 VM 的 package.json 一样。默认配置文件包含标准内容,如 Node.js、git、Docker、Claude Code 和 Codex。 如果你与你的团队共享你的 projects.toml 文件,每个开发人员都可以用一个命令启动你团队的整个开发环境。无需安装开发工具、克隆仓库、手动 npm install 任何东西。 另一个很酷的事情是,你可以使用原生的 MacOS 钥匙串或 1password 将 SSH 签名转发到 VM。所以每次你需要提交或推送代码时,你只需触摸 Touch ID 密钥,它就会被签名。SSH 密钥永远不会离开主机。 环境变量和密钥也是如此。你可以在 machine 启动时用一个命令从 1password 注入它们,它们永远不会存储在文件中。 仓库:<a href="https:&#x2F;&#x2F;github.com&#x2F;katspaugh&#x2F;machine" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;katspaugh&#x2F;machine</a> 真心期待你们的反馈!
查看原文
Hi all!<p>I realized it’s really not secure to run coding projects directly on my Mac. All the NPM hacks recently, especially with agentic coding — you’re always one npm install away from a disaster.<p>So I’ve built a small CLI called machine that starts a Lima VM for each of your projects. It supports declarative “profiles” which are like package.json for your VM. The default profile comes with standard stuff like Node.js, git, Docker, Claude Code and Codex.<p>If you share your projects.toml with your team, every developer can spin up your team’s entire dev environment with one command. No need to install dev tools, clone repos, npm install anything manually.<p>Another cool thing is that you can use the native MacOS keychain or 1password to forward SSH signatures to the VM. So every time you need to commit or push code, you touch the Touch ID key and it’s signed. SSH keys never leave the host.<p>The same is done for env variables and secrets. You inject them with one command from 1password when the machine starts and they are never stored in a file.<p>Repo: <a href="https:&#x2F;&#x2F;github.com&#x2F;katspaugh&#x2F;machine" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;katspaugh&#x2F;machine</a><p>Genuinely curious about your feedback!