Best approach to sandboxing Nashorn

[Rod Nim]

Hi Nashorn team!
Are there any recommendations for the best way to restrict the classes that 
Nashorn scripts can create to a whitelist? Or is the approach the same as any 
JSR223 engine (custom classloader on the ScriptEngineManager constructor)?
I'm also wondering if you have any tips on managing script .js dependencies; 
like RequireJS, npm etc?
Thanks in advance!
Rod