[macOS] Child processes automatically launch with `--no-sandbox` even in clean projects.

[Vardaan2048]

I am investigating the security posture of an NW.js application running on macOS (ARM64). I noticed that all helper processes (GPU, Network, Storage, and Renderer) are launched with the --no-sandbox flag by default.

This behavior persists even when running a clean "Hello World" sample app.

Environment:

• NW.js Version: 0.106.1 (SDK)
• Operating System: macOS (ARM64 / Apple Silicon)
• Architecture: Mixed Context (Default)

Reproduction & Logs:
When running the sample app, ps -axww | grep "helloworld" shows the following flags on child processes:

# GPU Process
.../Helpers/nwjs Helper (GPU).app/... --type=gpu-process --no-sandbox ...

# Network Service
.../Helpers/nwjs Helper.app/... --type=utility --utility-sub-type=network.mojom.NetworkService --no-sandbox ...

# Renderer Process
.../Helpers/nwjs Helper (Renderer).app/... --type=renderer --no-sandbox ...

Questions:

1. Default Behavior: Is this --no-sandbox flag hardcoded into the startup logic for macOS / ARM64 builds by default? I verified that my package.json does not contain this flag.
2. Enforcing Sandbox: Is there a supported configuration (e.g., specific chromium-args) to forcefully remove this flag and enable the Chromium sandbox? I attempted to use --enable-sandbox but the --no-sandbox flag remained in the process list.
3. Node.js Integration: Is the mandatory inclusion of this flag tied to the "Node.js in Renderer" (Mixed Context) architecture? In other words, is the sandbox disabled specifically to allow Node.js fs/system calls to function?