How Nango runs untrusted customer code at scale

Nango is a code-first platform that enables customers to build API integrations with services like Salesforce and Slack, handling over 150 million functions monthly. Initially, customer code was run in a Node.js sandbox called vm2, but security vulnerabilities prompted Nango to isolate code execution through a dedicated runner model, later transitioning to AWS Lambda for improved resource management and observability. Lambda's hardware-virtualized microVMs offer stronger isolation, though challenges remain, particularly with tenant isolation since shared environments could pose security risks. To address this, Nango implemented per-customer Lambda functions, reducing the risk of cross-customer data exposure. Despite the increased rate of cold starts, this approach prioritizes security while maintaining functionality. The company is exploring further isolation enhancements, emphasizing the importance of a robust sandbox and resumable workloads to manage untrusted code securely.