sandbox-exec isn't really deprecated. It's just a tiny wrapper around some semi-private undocumented APIs, it says that because it's not intended for public use. If it were actually deprecated Apple would have deleted it at some point, or using it would trigger a GUI warning, or it'd require a restricted entitlement.

The reason they don't do that is because some popular and necessary apps use it. Like Chrome.

However, I tried this approach too and it's the wrong way to go IMHO, quite beyond the use of undocumented APIs. What you actually want to do is virtualize, not sandbox.