Exactly, I'm not sure what people are trying to fix here. They want code they import in their projects to be sandboxed so they import untrusted code. That seems a bit f*cked up to me. Running untrusted apps is already pretty hard, running apps where some code is trusted and some not, seems... a bad idea.
IMO since the problem is generic to all languages we should have a generic solution, using standard sandboxing technics (containers, VMs, jail, etc)
Makes me think of Plan 9 and its almost religious use of the 9P protocol to control what resources are available to a process. Or perhaps the Erlang VM with communication via messages. Composing systems in this way is very different than adding untrusted code to your application but seems like an interesting alternative approach.
IMO since the problem is generic to all languages we should have a generic solution, using standard sandboxing technics (containers, VMs, jail, etc)