heatdrop.ai

The hottest AI & LLM repositories on GitHub — measured, ranked, and explained.

← all repositories
pinokiocomputer/pinokio

A browser that installs AI apps without wrecking your laptop

Pinokio wraps open-source AI projects in JSON scripts and runs them inside a sandboxed home folder, so one-click install doesn't mean one-click system pollution.

7.5k stars JavaScript App BuildersOther AI
View on GitHub Homepage
pinokio
Velocity · 7d
+7.1
★ / day
Trend
steady
star history

What it does

Pinokio is a desktop “AI browser” that launches open-source projects through JSON-based scripts. It handles downloads, dependency installation, and execution behind a friendly UI—essentially a terminal with training wheels and better posture. Everything lives under ~/pinokio, so your system paths stay clean.

The interesting bit

The security model is refreshingly paranoid in a specific, legible way. Scripts are isolated by default through a constrained JSON syntax—path and venv attributes keep execution scoped to each app’s folder, making misbehavior mechanically obvious during review. The “Discover” page scripts undergo a manual gatekeeping process: repository transfer to a controlled GitHub org, admin review, and frozen code. It’s app-store bureaucracy applied to shell scripts, which is either comforting or stifling depending on your worldview.

Key highlights

  • JSON script syntax declares execution paths and virtual environments explicitly, making sandbox escapes auditable
  • Built-in package managers (Conda, Homebrew, Pip, NPM) install into ~/pinokio/bin by default
  • “Discover” page scripts require publisher verification, repo transfer to Pinokio Factory org, and admin testing
  • All scripts are open source and downloaded from public Git repositories
  • Admin retains modification rights to frozen repos for post-release fixes

Caveats

  • The verification pipeline is centralized and manual—contact an admin on X, get invited to a GitHub org, transfer your repository
  • The README’s security claims assume scripts don’t intentionally deviate from the isolated path; the “risk factor” is acknowledged but not technically prevented
  • “Guaranteed to be secure and safe” is stated; the actual guarantee is human review, not cryptographic or sandbox enforcement

Verdict

Worth a look if you regularly install finicky open-source AI tools and want guardrails without reading every requirements.txt. Skip it if you chafe at centralized gatekeepers or need enterprise-grade isolation guarantees—the sandbox here is convention and review, not hard boundaries.

heatdrop uses Google Analytics to see which pages get read — nothing else. Your call. How we handle data.