惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
V
V2EX
S
Security Affairs
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Register - Security
The Register - Security
U
Unit 42
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
Project Zero
Project Zero
S
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
DataBreaches.Net
博客园 - 司徒正美
V
Vulnerabilities – Threatpost
T
Tor Project blog
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
小众软件
小众软件
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
A
Arctic Wolf
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta

Sealos Blog

Build a Full-Stack App with Claude Code + InsForge — Zero Backend Code | Sealos Blog InsForge vs Supabase: Which Backend for AI-Powered Development? | Sealos Blog Kubernetes NodePort Exhaustion: SSH Gateway Solution | Sealos Blog Claude Code Metrics Dashboard: Grafana Setup (2026) | Sealos Blog What Is RustFS? Apache 2.0 MinIO Alternative (2026) | Sealos Blog Claude Code Mobile: iPhone, Android & SSH (2026) | Sealos Blog Eaglercraft Server Hosting: Fast Setup (2026) | Sealos Blog An Honest Review: Migrating a Complex Microservice App from Heroku to Sealos | Sealos Blog The Ultimate Guide to Kubernetes Audit Logging for Security and Compliance | Sealos Blog Cost Optimization Shootout: Sealos Autonomous FinOps vs. Kubecost Manual Reports | Sealos Blog For CTOs: How to Cut Your Cloud Bill by 50% Without Sacrificing Performance | Sealos Blog Building Resilient Systems: A Deep Dive into Sealos High-Availability and Auto-Failover | Sealos Blog Building a Scalable Event-Driven Architecture with Sealos Managed Kafka | Sealos Blog Beyond kubectl apply: 5 GitOps Best Practices for Production-Ready CI/CD on Sealos | Sealos Blog Advanced RAG Pipelines: Why Your Choice of Vector Database (like Milvus) Matters | Sealos Blog Advanced MLOps: How to Monitor and Evaluate LLM Applications in Production | Sealos Blog A Developer's Guide to Kubernetes RBAC: Securing Your Cluster the Easy Way with Sealos | Sealos Blog A CISO's Guide to Cloud Development: Securing the CI/CD Pipeline with Sealos DevBox | Sealos Blog What is Kubernetes Multi-Tenancy? A Guide for Platform Engineers | Sealos Blog What is Infrastructure from Code (IfC)? The Next Step After Infrastructure as Code (IaC) | Sealos Blog What is GitOps? A Beginner's Guide to "Push-to-Deploy" Workflows | Sealos Blog What is eBPF? The Future of Kubernetes Networking and Security | Sealos Blog What is an "AI-Native" Platform? (And Why You Need One for MLOps) | Sealos Blog What is an Agentic Workflow? Building the Next Generation of AI Apps | Sealos Blog What is a Kubernetes Chargeback Model (And How Does it Save You Money?) | Sealos Blog What is a "Headless" Development Environment? (And How it Works with VS Code) | Sealos Blog What is a Graph-Based Vector Database? (And When to Use It Over Milvus) | Sealos Blog What is a "Cloud Operating System"? The Next Evolution of PaaS Explained | Sealos Blog The Real Cost of EKS: How Sealos Delivers a Simpler, Cheaper Kubernetes Experience | Sealos Blog The 3 Types of Kubernetes Autoscaling (HPA, VPA, CA) and How Sealos Manages Them for You | Sealos Blog Sealos vs Vercel: Why a Cloud OS Beats a Frontend Platform for Full-Stack Apps | Sealos Blog Sealos vs. Render vs. Fly.io: A 2025 Guide to the Best Heroku Alternatives | Sealos Blog Sealos vs. OpenShift: Kubernetes for Developers vs. Kubernetes for Ops Teams | Sealos Blog Sealos vs. Netlify: When to Choose a Full Kubernetes Platform over a Static Site Hoster | Sealos Blog Sealos vs. DigitalOcean App Platform: A Head-to-Head Comparison on Cost, Features, and Scalability | Sealos Blog Sealos vs. AWS Elastic Beanstalk: The Modern PaaS for Developers Who Hate YAML | Sealos Blog Sealos DevBox vs. AWS Cloud9: Why Your CDE Should Be Platform-Agnostic | Sealos Blog For Developers: Stop Wasting Time on DevOps. A 10-Minute Guide to Shipping Faster with DevBox. | Sealos Blog Deploying n8n with Docker: From Local Setups to a Radically Simple Cloud Alternative | Sealos Blog The Impact of Prompt Bloat: How the Sealos AI Proxy Can Cache Queries and Cut LLM Costs | Sealos Blog The FinOps Playbook: How to Implement Kubernetes Chargebacks and Showbacks with Sealos | Sealos Blog Smoke Testing for ML Pipelines: Catching Data and Model Errors Before They Hit Production | Sealos Blog Optimizing PostgreSQL Performance: A Guide to Sealos Managed Database Tuning | Sealos Blog Managing Kubernetes Multi-Tenancy: How Sealos Enforces Resource Quotas and Network Policies | Sealos Blog From Days to Minutes: How to Standardize Developer Environments for Your Entire Engineering Org | Sealos Blog For Platform Engineers: How to Build a Golden Path IDP (Internal Developer Platform) with Sealos | Sealos Blog For FinOps Managers: The 5 Leakiest Buckets in Your Kubernetes Budget (And How to Plug Them) | Sealos Blog For Educators & IT Admins: How to Provide a Secure, Scalable Cloud Lab for 1000+ Students on a Budget | Sealos Blog What is a Vector Database? A Beginner's Guide to Milvus, Pinecone, and More | Sealos Blog Why Your Microservices Architecture is Failing (And How a Cloud OS Can Fix It) | Sealos Blog The Power of Autoscaling: A Deep Dive into HPA, VPA, and Cluster Autoscaler | Sealos Blog The Total Economic Impact of Cloud Development Environments (CDEs) | Sealos Blog The Illustrated Guide to the Kubernetes Control Plane | Sealos Blog The MLOps Lifecycle Explained: From Data Prep to Model Deployment | Sealos Blog Beyond Vercel's AI Cloud: The Case for an AI-Native Operating System | Sealos Blog The Architecture of a Modern AI Application: A 2025 Blueprint | Sealos Blog GitHub Codespaces is Great, But Your Workflow is Incomplete. Here's Why. | Sealos Blog The Best Heroku Alternatives in 2025 for Scalability and Cost | Sealos Blog CAST AI vs. Kubecost vs. Sealos: Choosing the Right K8s Cost Management Tool | Sealos Blog DevBox vs. Gitpod vs. Replit: An Unbiased Comparison for 2025 | Sealos Blog Unlocking Hidden Savings: A Guide to Using Spot Instances Safely in Kubernetes | Sealos Blog Can a CDE Really Replace Your MacBook Pro? A Performance Benchmark | Sealos Blog The Ultimate Guide to GPU Provisioning and Management in Kubernetes | Sealos Blog Rightsizing Kubernetes Workloads: How to Stop Wasting Money on CPU and Memory Requests | Sealos Blog The 2025 Guide to Kubernetes Cost Optimization: 10 Strategies to Cut Your Bill in Half | Sealos Blog FinOps for Startups: How to Build a Cost-Conscious Culture from Day One | Sealos Blog How to Onboard a New Developer in Under 5 Minutes with Sealos DevBox | Sealos Blog Calculating Kubernetes Costs: A Breakdown of EKS, GKE, and AKS Pricing Models | Sealos Blog Case Study: How We Reduced Our Kubernetes Bill by 87% with Sealos | Sealos Blog Are You Overpaying for Managed Kubernetes? The True Cost of Vendor Lock-in | Sealos Blog Beyond Monitoring: How Sealos Autonomously Optimizes Your Cloud Spend | Sealos Blog A Practical Guide to Kubernetes Security: Hardening Your Cluster in 2025 | Sealos Blog A Secure-by-Design Development Workflow with Isolated Cloud Environments | Sealos Blog Setting Up a Collaborative Python Data Science Environment with DevBox | Sealos Blog Using the Sealos AI Proxy to Manage and Cache LLM API Calls | Sealos Blog Migration Guide: Moving Your Node.js & Postgres App from Heroku to Sealos in Under an Hour | Sealos Blog Serving Machine Learning Models at Scale: A Guide to Inference Optimization | Sealos Blog Headless Development with Sealos: Using Your Local VS Code with a Powerful Cloud Backend | Sealos Blog How to Build and Deploy a RAG Pipeline with Llama 3 and Milvus on Sealos | Sealos Blog From Localhost to Production in 15 Minutes: A Full-Stack CDE Workflow with Sealos DevBox | Sealos Blog GitOps on Autopilot: Implementing a CI/CD Pipeline with Sealos and GitHub Actions | Sealos Blog Fine-Tuning Open-Source LLMs on a Budget with Sealos | Sealos Blog From Docker Compose to Kubernetes: A Simple Migration Path with Sealos | Sealos Blog Building an AI Agentic Workflow with LangChain and Sealos | Sealos Blog What is Helm for Kubernetes? The Ultimate Package Manager Explained | Sealos Blog What is a Custom Resource Definition (CRD) in Kubernetes? | Sealos Blog What is a Kubernetes StatefulSet? A Practical Guide | Sealos Blog What is a Kubernetes Ingress Controller? A Guide to Smart Traffic Routing | Sealos Blog What is a Kubernetes Operator? Automating Complex Applications | Sealos Blog What is a Kubernetes Service? A Simple Guide for Developers | Sealos Blog Streamlining Your CI/CD Pipeline with a DevBox Build Environment | Sealos Blog Why Standardized Development Environments Are Key to Team Velocity | Sealos Blog What Is GitHub Codespace? | Sealos Blog DevBox Install? Skip It Entirely. Get a Ready-to-Code Environment in One Click with Sealos DevBox. | Sealos Blog How to Set Up a DevBox: The Ultimate Guide to 1-Click Cloud Development | Sealos Blog Empowering Indie Devs and Startup Teams: How Sealos DevBox Accelerates Agile Development | Sealos Blog From Chaos to Consistency: How Sealos DevBox Transforms Enterprise Development Workflows | Sealos Blog From Campus Labs to Cloud Freedom: How Sealos DevBox Supercharges Student Development | Sealos Blog How Sealos DevBox Cut Container Commit Time from 15 Minutes to 1 Second | Sealos Blog DevBox vs Codespaces: Which Remote Dev Environment Fits You Best? | Sealos Blog
The End of "Works on My Machine": Achieving 100% Reproducible Builds with DevBox | Sealos Blog
Sealos · 2025-09-12 · via Sealos Blog

If you’ve ever lost a day to “it works on my machine,” you’re not alone. Mysterious version mismatches, “missing” dependencies, and subtle OS differences have haunted software teams for decades. The good news: those days are numbered. With DevBox, you can make your developer environments and builds reproducible across laptops, CI, and production—no guesswork, no snowflake machines, and no yak shaving.

This article explains what DevBox is, why reproducibility matters, how DevBox works under the hood, and how to apply it in real projects. We’ll walk through practical examples and show how to integrate DevBox with CI, containers, and remote development environments so your team can deliver faster with less friction.

DevBox is a per-project, reproducible development environment tool built on Nix, the purely functional package manager famous for its deterministic builds and isolated dependency graphs. DevBox lets you:

  • Declare your environment (tools, language runtimes, and services) in a simple devbox.json file
  • Pin exact versions, generating a lockfile so the environment is reproducible for every teammate and in CI
  • Enter an isolated shell or run commands in the environment without polluting your global system
  • Generate Dockerfiles and editor configs (like VS Code devcontainers) to unify local and containerized workflows

Think of DevBox as an “environment as code” layer that’s faster to pick up than raw Nix, while retaining Nix’s determinism, isolation, and huge package ecosystem.

Why Not Just Use Docker?

Docker is great for packaging and deploying applications, but it isn’t a silver bullet for developer onboarding or cross-OS parity. Many teams still develop locally and only containerize for production, which reintroduces drift. Others try to do everything in containers and hit friction in areas like file I/O performance on macOS/Windows, GPU access, or IDE integration.

DevBox complements Docker. It gives you a reproducible environment for local development and CI that can generate a Dockerfile when you need to ship. You get one source of truth for toolchains across laptops, CI, and images.

Reproducibility is more than convenience. It impacts speed, quality, and security across the SDLC.

  • Faster onboarding: New team members can “clone and go”—no arcane setup docs or inconsistent versions.
  • Less CI flakiness: Deterministic environments reduce intermittent build failures caused by dependency drift.
  • Consistent local vs production: Eliminate “but it passes locally” differences by pinning runtimes and tools.
  • Improved incident response: Rebuild past versions exactly to reproduce and fix bugs.
  • Supply chain security: Locked, content-addressed dependencies reduce exposure to malicious or compromised packages.
  • Compliance and auditability: Traceability of dependencies and deterministic rebuilds support regulatory requirements.

DevBox leverages Nix’s core strengths and adds developer-friendly ergonomics.

  • Pinned dependencies
    • You list packages (e.g., nodejs@18, [email protected]) in devbox.json.
    • DevBox generates a devbox.lock file to pin exact versions and their transitive dependencies.
  • Isolated environments
    • Dependencies are installed into the Nix store and don’t touch system-level package managers.
    • Multiple projects can coexist with different versions without conflicts.
  • Hermetic builds (where possible)
    • Nix’s build sandboxing limits impurity from the host (e.g., PATH pollution), reducing “randomness.”
  • Cross-platform consistency
    • The same devbox.json works on macOS (including Apple Silicon), Linux, and WSL (Windows).
  • Single source of truth
    • The devbox.json file defines packages, environment variables, shell hooks, and scripts that are shared across your team and CI.

The Files That Matter

  • devbox.json — Your environment manifest (packages, scripts, env vars).
  • devbox.lock — Automatically generated lockfile that pins exact versions (committed to version control).

Let’s create a small project to see DevBox in action.

Install DevBox

On macOS or Linux:

On CI, you can run the same installer in a step.

Initialize a Project

This creates a minimal devbox.json. Now add packages:

You can now enter an isolated shell that has Node 18 and pnpm available:

Alternatively, run commands without entering a shell:

DevBox generates a devbox.lock that pins the exact toolchain. Commit both files.

A More Complete devbox.json Example

Here’s a multi-language environment with scripts and environment variables:

Now you can run:

Everything is reproducible across teammates and CI because the tool versions are locked.

Example 1: Python Service with Poetry

  1. Create the environment:
  2. Initialize your project:
  3. Run your app:
    All team members get the exact same Python and Poetry versions, making issues like “works with Python 3.10 but not 3.11” disappear.

Example 2: Node + Turbo Repo Monorepo

  1. Add Node and pnpm:
  2. Configure scripts in devbox.json:
  3. Run your workflows:

Example 3: Local Postgres for Integration Tests

You can use Postgres from Nix without global installs:

The database is local to your project directory. Teammates can reproduce the exact setup with identical binaries.

DevBox can generate a Dockerfile based on your devbox.json, aligning local and containerized environments.

This produces a Dockerfile that installs the exact pinned packages. You can then build:

Advantages:

  • Single source of truth: One manifest for both local dev and containers
  • Less drift: No more hand-maintained Dockerfiles diverging from local setup
  • Faster builds: Nix’s binary caches speed up CI and local rebuilds

For teams using VS Code devcontainers, you can also generate that config:

Now your editor’s containerized environment matches the local and CI environment exactly.

CI should run in the exact environment your developers use. With DevBox, that’s straightforward.

GitHub Actions Example

Notes:

  • devbox install pre-fetches dependencies so subsequent steps run faster.
  • For large projects, consider a binary cache (e.g., Cachix) to speed up CI rebuilds.
  • By pinning in devbox.lock, you guarantee deterministic CI runs across PRs and branches.

GitLab, Jenkins, and Others

The pattern is the same:

  • Install DevBox
  • Run devbox install to realize the environment
  • Run your scripts (devbox run or devbox run -- )
  • Optionally generate Dockerfiles for consistent images
ApproachReproducibilityHost PollutionMulti-OS ParityLearning CurvePerformance (local dev)Single Source of Truth
Global package managersLowHighMediumLowHighNo
pyenv/rbenv/asdfMediumMediumMediumMediumHighPartial
Docker-only devMedium–HighLowHighLow–MediumVariable (FS I/O costs)Often separate
Raw Nix/FlakesHighLowHighHighHighYes
DevContainersMedium–HighLowHighLow–MediumVariableSeparate devcontainer
DevBox (Nix-based)HighLowHighLow–MediumHighYes

DevBox hits a sweet spot: most of Nix’s reproducibility with a far gentler UX, plus first-class integrations for Docker and editors.

Scripts as First-Class Workflows

Define team-wide workflows in devbox.json so everyone uses the same incantations:

Then run with:

This standardizes commands across different OS and shells.

Environment Variables and Secrets

Use env in devbox.json for non-sensitive defaults. For secrets, rely on your CI secret management or local .env files sourced in init_hook:

Now .env isn’t committed, but gets loaded locally in a consistent manner.

Services for Local Dev

Package-managed services like PostgreSQL, Redis, or MinIO can be added via DevBox. Keep all service binaries consistent across teammates. For complex orchestration or multi-service stacks, generate a Dockerfile or use docker-compose while still maintaining a single source of truth via devbox.json.

Multi-Project and Monorepos

  • Put a devbox.json in each service directory. Each service can pin its own toolchains while sharing organization-wide conventions.
  • Create a root-level devbox.json for monorepo-wide tooling (linters, bundlers, task runners).
  • DevBox isolates environments per directory, avoiding cross-service pollution.

Pinning and Updates

  • devbox.lock ensures deterministic installs. Commit it.
  • To update, bump versions in devbox.json and run devbox install. Review lockfile changes in your PR for transparency.

Hermetic Builds and Non-Determinism

Even with a pinned environment, some builds can be non-deterministic due to:

  • Timestamps or time-dependent behavior
  • Network access during build
  • Random seeds not fixed
  • CPU-specific optimizations

Mitigations:

  • Use reproducible build flags where available (e.g., SOURCE_DATE_EPOCH)
  • Vendor dependencies or rely on Nix fetchers with pinned hashes
  • Disable network access during builds when possible
  • Set deterministic seeds in tests and compilers

DevBox reduces the surface area of nondeterminism; you can eliminate the rest with good build hygiene.

  • Content-addressed store: Nix computes hashes for dependencies, making it harder for tampering to go unnoticed.
  • Immutable pins: devbox.lock fixes versions and source hashes, reducing “drive-by” updates.
  • SBOMs and scanning: Because the environment is deterministic, generating Software Bill of Materials (SBOM) and running vulnerability scans is more reliable and repeatable.
  • Verified builds: Combined with a binary cache you control, you can promote artifacts through environments with confidence.

Whether your team prefers local laptops or cloud workspaces, reproducibility matters.

  • Local-first: Run DevBox directly on macOS, Linux, or WSL without global installs.
  • Containerized dev: Generate a devcontainer.json for VS Code, or a Dockerfile for hosted dev environments.
  • Cloud-native workspaces: Platforms like Sealos (sealos.io) make it easy to spin up ephemeral Kubernetes workspaces with persistent storage. Running DevBox inside these cloud workspaces gives every engineer the same pinned toolchain with on-demand compute and no laptop heat. DevBox ensures the environment is identical locally and in the cloud; Sealos ensures it’s available anywhere with a browser.

This hybrid approach lets you develop locally when convenient and burst into the cloud for heavier workloads—without environment drift.

Consider a monorepo with a FastAPI backend and a React frontend.

  1. Repository layout:
    • backend/
    • frontend/
      • devbox.json pins nodejs@18, pnpm@8
    • devbox.json at repo root for shared tooling (e.g., pre-commit, eslint/ruff)
  2. Local dev:
    • Backend: devbox run -- poetry run uvicorn app.main:app --reload
    • Frontend: devbox run -- pnpm dev
    • Postgres: devbox run -- pg_ctl -D .pgdata -l .pg.log start
  3. CI:
    • Check out repo, install DevBox, devbox install per service
    • Run devbox run test in each service directory
    • Generate Dockerfiles from devbox.json and build images for consistent staging/prod
  4. Remote:
    • Spin up a cloud workspace (e.g., on Sealos) with the repo
    • Install DevBox and run the same devbox run commands in a browser-based IDE
    • Share reproducible runs between local and remote without drift

Benefits:

  • Every contributor uses the same toolchains and workflows
  • CI is deterministic and mirrors local dev
  • Docker images are generated from the same source of truth
  • Switching between local and cloud dev is seamless
  • Commit devbox.json and devbox.lock
  • Define common scripts in devbox.json and use devbox run in docs and CI
  • Prefer pinned versions (nodejs@18, [email protected], etc.)
  • Avoid network access during build steps when possible
  • Use binary caches (e.g., Cachix) for faster CI
  • Generate Dockerfiles and devcontainers from DevBox to prevent drift
  • Document the “one-liner” onboarding: curl … | bash && devbox install && devbox run bootstrap
  • For secrets, use CI secret managers and local .env files loaded via init_hook
  • Command not found after add: Try devbox install or re-enter devbox shell.
  • Apple Silicon differences: DevBox handles multi-arch Nix packages, but some niche binaries may not be available for a given arch. Consider Rosetta or alternative packages when needed.
  • Slow first install: The first realization compiles or downloads binaries. Subsequent builds are cached. Use a binary cache in CI to speed things up.
  • Conflicting system tools: Ensure you’re running commands via devbox run or within devbox shell to avoid PATH conflicts.

In practice, DevBox delivers deterministic dev environments and highly reproducible builds. Absolute mathematical reproducibility can still be affected by factors like CPU flags, non-deterministic compilers, or time-based artifacts. For most teams and projects, DevBox gets you as close to 100% as you’ll need—eliminating the “works on my machine” class of problems and dramatically reducing CI flakiness and onboarding friction.

“Works on my machine” is a symptom of environmental drift—different tool versions, OS quirks, and undocumented setup steps. DevBox ends that by turning your environment into versioned code: pinned, isolated, and shareable across laptops, CI, and containers.

  • It’s simple: define packages and scripts in devbox.json
  • It’s deterministic: devbox.lock pins exact versions and transitive dependencies
  • It’s flexible: run locally, in containers, or in cloud workspaces like Sealos
  • It’s fast: Nix’s binary caches accelerate builds everywhere

Adopting DevBox gives your team a single source of truth for environments, consistent builds, and a smoother path from laptop to production. The result: less time debugging machines, more time shipping software.