diff --git a/doc/changes/changed/13619.md b/doc/changes/changed/13619.md
new file mode 100644
index 00000000000..253c1479a4e
--- /dev/null
+++ b/doc/changes/changed/13619.md
@@ -0,0 +1,3 @@
+- Start sandboxing Melange rules by default in the `(library ..)` and 
+  `(melange.emit ..)` stanzas (#13619, @anmonteiro)
+
diff --git a/src/dune_rules/compilation_context.ml b/src/dune_rules/compilation_context.ml
index bdb8427a8da..b629d7874d3 100644
--- a/src/dune_rules/compilation_context.ml
+++ b/src/dune_rules/compilation_context.ml
@@ -193,7 +193,11 @@ let create
     | None -> Resolve.Memo.return []
     | Some parameters -> parameters_main_modules parameters
   in
-  let sandbox = Sandbox_config.no_special_requirements in
+  let sandbox =
+    match for_ with
+    | Compilation_mode.Ocaml -> Sandbox_config.no_special_requirements
+    | Compilation_mode.Melange -> Sandbox_config.needs_sandboxing
+  in
   let modes =
     let default = { Lib_mode.Map.ocaml = Mode.Dict.make_both true; melange = false } in
     Option.value ~default modes
diff --git a/src/dune_rules/melange/melange_rules.ml b/src/dune_rules/melange/melange_rules.ml
index c4d75e5681a..cb0ab16043b 100644
--- a/src/dune_rules/melange/melange_rules.ml
+++ b/src/dune_rules/melange/melange_rules.ml
@@ -356,6 +356,10 @@ let build_js
           Action_builder.dyn_paths_unit paths >>> command)
       | None -> command
     in
+    let build =
+      let open Action_builder.With_targets.O in
+      build >>| Action.Full.add_sandbox Sandbox_config.needs_sandboxing
+    in
     Super_context.add_rule sctx ~dir ~loc ~mode build)
 ;;
 
@@ -594,6 +598,10 @@ let setup_runtime_assets_rules
         | Some (Ok false) | Some (Error _) | None ->
           Left dst, Action_builder.copy ~src ~dst
       in
+      let builder =
+        let open Action_builder.With_targets.O in
+        builder >>| Action.Full.add_sandbox Sandbox_config.needs_sandboxing
+      in
       let+ () = Super_context.add_rule ~loc ~dir ~mode sctx builder in
       dst
     | Some directory_target_ancestor ->
@@ -603,6 +611,10 @@ let setup_runtime_assets_rules
         Path.Build.relative dst rel
       in
       let builder = Action_builder.symlink_dir ~src:new_src ~dst in
+      let builder =
+        let open Action_builder.With_targets.O in
+        builder >>| Action.Full.add_sandbox Sandbox_config.needs_sandboxing
+      in
       let+ () = Super_context.add_rule ~loc ~dir ~mode sctx builder in
       Right dst)
   >>| List.partition_map ~f:Fun.id
diff --git a/src/dune_rules/module_compilation.ml b/src/dune_rules/module_compilation.ml
index 67b967109d4..2335e2ef11f 100644
--- a/src/dune_rules/module_compilation.ml
+++ b/src/dune_rules/module_compilation.ml
@@ -186,7 +186,11 @@ let build_cm
   let ctx = Super_context.context sctx in
   let mode = Lib_mode.of_cm_kind cm_kind in
   let sandbox =
-    let default = Compilation_context.sandbox cctx in
+    let default =
+      match mode with
+      | Melange -> Sandbox_config.needs_sandboxing
+      | Ocaml _ -> Compilation_context.sandbox cctx
+    in
     match Module.kind m with
     | Root ->
       (* This is need to guarantee that no local modules shadow the modules