smol machines
Ship and run software with isolation by default.
Sub-second cold start. No dependency management.
DocsGitHub

install + usage

bash
# install (macOS + Linux)
# option 1: download from GitHub releases
# https://github.com/smol-machines/smolvm/releases

# option 2: install script
curl -sSL https://smolmachines.com/install.sh | bash
bash
# run a command in an ephemeral VM (cleaned up after exit)
smolvm machine run --net --image alpine -- echo "hello from a microVM"

# interactive shell
smolvm machine run --net -it --image alpine

# persistent machine (survives stop/start)
smolvm machine create --net myvm
smolvm machine start --name myvm
smolvm machine exec --name myvm -- apk add sl
smolvm machine exec --name myvm -it -- /bin/sh
# try: sl, ls, uname -a — type 'exit' to leave
smolvm machine stop --name myvm

# mount host directories (explicit — host is protected by default)
smolvm machine create --net -v ./src:/workspace myvm

# pack - portable, executable virtual machine
smolvm pack create --image python:3.12-alpine -o ./my-pythonvm
./my-pythonvm run -- python3 -c "print('hello from a packed VM')"

# uninstall
curl -sSL https://smolmachines.com/install.sh | bash -s -- --uninstall

use this for

sandbox untrusted code — run untrusted programs in a hardware-isolated VM. Host filesystem, network, and credentials are separated by a hypervisor boundary.

bash
smolvm machine run --image alpine -- sh -c "pip install sketchy-package"
# runs in its own kernel — can't touch your host filesystem or network

pack into portable executables — turn any workload into a self-contained binary. Doom in a browser, packaged as a microVM:

bash
smolvm pack create --image python:3.12-alpine -o ./my-app
./my-app run -- python3 -c "print('runs anywhere — no dependencies')"

use git and ssh without exposing keys — forward your host SSH agent into the VM. Private keys never enter the guest — the hypervisor enforces this. Requires an SSH agent running on your host (ssh-add -l to check).

bash
smolvm machine run --ssh-agent --net --image alpine -- ssh-add -l
# lists your host keys, but they can't be extracted from inside the VM

smolvm machine exec --name myvm -- git clone [email protected]:org/private-repo.git

declare environments with a smolfile — reproducible VM config in a simple TOML file.

bash
# Smolfile
# image = "python:3.12-alpine"
# net = true
# [dev]
# init = ["pip install -r requirements.txt"]
# volumes = ["./src:/app"]
# [auth]
# ssh_agent = true

smolvm machine create myvm -s Smolfile
smolvm machine start --name myvm

More examples: python · node · doom

about

VMs that feel like a CLI tool. Boot in under 200ms, configure with a Smolfile, ship as a single executable. No daemon, no YAML, no cloud account.

Each workload gets real hardware isolation — its own kernel on Hypervisor.framework (macOS) or KVM (Linux). Pack it into a .smolmachine and it runs anywhere the host architecture matches, with zero dependencies.

comparison

smolvmContainersColimaQEMUFirecrackerKata
IsolationVM per workloadNamespace (shared kernel)Namespace (1 VM)Separate VMSeparate VMVM per container
Boot time<200ms~100ms~seconds~15-30s<125ms~500ms
ArchitectureLibrary (libkrun)DaemonDaemon (in VM)ProcessProcessRuntime stack
Per-workload VMsYesNoNo (shared)YesYesYes
macOS nativeYesVia Docker VMYes (krunkit)YesNoNo
Embeddable SDKYesNoNoNoNoNo
Portable artifacts.smolmachineImages (need daemon)NoNoNoNo

Sources: container isolation · containerd benchmark · QEMU boot time · Firecracker · Kata Containers · Kata boot time · Firecracker requires KVM · Kata macOS support

how it works

libkrun VMM + Hypervisor.framework (macOS) / KVM (Linux) + crun container runtime. No daemon process — the VMM is a library linked into the smolvm binary.

platform support

hostguestrequirements
macOS Apple Siliconarm64 LinuxmacOS 11+
macOS Intelx86_64 LinuxmacOS 11+ (untested)
Linux x86_64x86_64 LinuxKVM (/dev/kvm)
Linux aarch64aarch64 LinuxKVM (/dev/kvm)

made by @binsquare · twitter · github

Apache-2.0