# cohere-terrarium

> A simple Python sandbox for helpful LLM data agents

- **URL**: https://www.freshcrate.ai/projects/cohere-terrarium
- **Author**: cohere-ai
- **Category**: Security
- **Latest version**: `v1.0.1` (2026-04-22)
- **License**: MIT
- **Source**: https://github.com/cohere-ai/cohere-terrarium
- **Language**: Python
- **GitHub**: 312 stars, 56 forks
- **Registry**: github (`cohere-ai/cohere-terrarium`)
- **Tags**: `code-interpreter`, `llm-agent`, `python`, `sandbox`

## Description

A simple Python sandbox for helpful LLM data agents

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v1.0.1` | 2026-04-22 | High | # Changelog  ## 1.0.1 — 2026-04-22  ### Security  * Fix **CVE-2026-5752** (CVSS 9.3, critical): sandbox escape via JavaScript   prototype chain traversal in `src/services/python-interpreter/service.ts`.   Mock `document` / `ImageData` / DOM stub objects exposed to Pyodide via   `jsglobals` were plain object literals that inherited from   `Object.prototype`, allowing sandboxed Python to walk   `.constructor.constructor` to the host `Function` constructor, obtain   host `globalThis`, a |
| `0.0.0` | 2026-04-20 | High | No release found — using repo HEAD |
| `main@2026-04-20` | 2026-04-20 | High | Latest activity on main branch |

## Dependency audit

- **Score**: 100/100
- **Total deps**: 9
- **Resolved**: 9
- **Unresolved**: 0
- **License conflicts**: 0
- **Warnings**: 0
- **Scanned**: 2026-06-01

## Citation

- HTML: https://www.freshcrate.ai/projects/cohere-terrarium
- Markdown: https://www.freshcrate.ai/projects/cohere-terrarium.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/cohere-terrarium/deps

_Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._