This has been responded to in the past by another HN poster: https://news.ycombinator.com/item?id=47612726
replyFurthermore, you can use native sandboxing on macOS if you prefer.
If neither looks serious to you, then please educate me on a better sandboxing approach.