awesome-wasm-runtimes
cap-std
awesome-wasm-runtimes | cap-std | |
---|---|---|
8 | 12 | |
1,275 | 622 | |
- | 0.8% | |
1.9 | 6.6 | |
2 months ago | about 1 month ago | |
Rust | ||
- | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
awesome-wasm-runtimes
-
Extism Makes WebAssembly Easy
Firecracker is a fine technology, but serverless companies have started taking advantage Wasm's faster start-up times for use cases of running Wasm on the server (https://www.youtube.com/watch?v=yqgCxhPAao0). The deny by default security policy makes Wasm a great choice to run your code in isolation, particularly for maximizing hardware resources in the multi-tenant environments these serverless companies operate.
In the past few years, we have seen more use cases of Wasm emerge outside of the browser. JavaScript engines are now just a fraction of the total number of runtimes available. Wasmtime, Wasmer, WasmEdge, wazero are popular ones for non-browser use cases like blockchain, serverless, and edge computing (although Cloudflare uses V8's Wasm engine). WAMR is a popular one for cyber physical/IoT devices. There's a nice list here: https://github.com/appcypher/awesome-wasm-runtimes
-
I think [...] the "future of computing" is going to be [...] CISC. I’ve read of IBM mainframes that have [hardware instructions for] parsing XML [...]; if you had garbage collection, bounds checking, and type checking in hardware, you’d have fewer and smaller instructions that achieved just as much.
There's plenty of other ways to interact with Wasm, most of which are secure. (Wasmtime is the one I'm most familiar with, which is why I linked to it.)
-
Lunatic is an Erlang-inspired runtime for WebAssembly
Yeah, this is one of many non-browser runtimes, e.g. see https://github.com/appcypher/awesome-wasm-runtimes
Lunatic is more opinionated than most of these or node, though, in that it's trying to emulate a particular concurrent system design pattern borrowed from Erlang/BEAM.
-
Web Assembly OS guidance
There's an overview of different WASM runtimes with features: https://github.com/appcypher/awesome-wasm-runtimes
- Wasmer – The Universal WebAssembly Runtime
-
What to learn in 2022
Now, the creation Bytecode Alliance, the development of multiple WebAssembly runtimes and the work of the W3C WebAssembly Community Group is why I belive it will get popular, but the capability-based security model is why I want it to get popular.
-
Ho Ho Ho, WasmEdge 0.9.0 is here!
⚖ I think it's really cool that a plugin author could compile their C++ to .wasm such that a single plugin binary can run on either Linux or Windows (don't need an x86 .dll, x64 .dll, x86 .so, x64 .so...) and in a sandbox (no arbitrary syscalls or Win32 calls, just the interfaces given to it), while still getting near native AOT speed. Though, it's hard to judge which one to choose from now with all the wasm engines that are available (https://github.com/appcypher/awesome-wasm-runtimes), with wasmtime or inNative being two others I've considered for my project. I'll definitely look into this one though, given it supports many of the newer proposals.
-
Why WebAssembly is innovative even outside the browser
Numerous native runtimes for webassembly already exist[0], with the current popular choices apparently being Wasmer[1] and Wasmtime[2].
All one would need to do (AFAIK) is ship a client for all major platforms, as is done with Electron (and web browsers themselves, and everything else.)
[0]https://github.com/appcypher/awesome-wasm-runtimes
cap-std
-
Rust Library Team Aspirations | Inside Rust Blog
I believe you mean capability based, like cap-std.
-
A Performance Evaluation on Rust Asynchronous Frameworks
There might be another reason to prefer async-std right now: the Bytecode Alliance is working on a version of std with support for capability-based security (called cap-std: https://github.com/bytecodealliance/cap-std ), and their async version is based on async-std (called cap-async-std: https://github.com/bytecodealliance/cap-std/tree/main/cap-async-std ). Given the clout that the Bytecode Alliance has, async-std might end up carving a niche out in the Wasm domain.
-
Backdooring Rust crates for fun and profit
Would love to see something like this implemented around creating a Process in cap-std ( https://github.com/bytecodealliance/cap-std/issues/190 )
-
Scripting Languages of the Future
I think it's not discussed enough how things like language features shape how library APIs are formed. People usually seem to only consider the question "how would I use this feature?" and not "how would the standard library look like with this feature?", which is surprising given how much builtin libraries affect the pleasantness of a language.
One of the things I'm excited to see is the cap-std project for Rust [0] given what Pony [1] has demonstrated is possible with capabilities. I'm also hoping that languages like Koka [2] and OCaml [3] will demonstrate interesting use cases for algebraic effects.
[0] https://github.com/bytecodealliance/cap-std
[1] https://www.ponylang.io/discover
[2] https://koka-lang.github.io
[3] https://github.com/ocaml-multicore/effects-examples
- Is using crates more safe than using npm?
-
Why WebAssembly is innovative even outside the browser
I'm not sure you could hack the control flow when running bytecode on the JVM, but I strongly doubt that. (The JVM is "high-level" as pointed out previously and doesn't execute ASM like code. So there is no of the attack surface you have to care on the ASM level).
And capabilities are anyway something that belongs into the OS — and than programs need to be written accordingly. The whole point of the capability-security model is that you can't add it after the fact. That's why UNIX isn't, and never will be, a capability secure OS.
But "sanboxing" some process running on a VM is completely independent of that!
WASM won't get you anything beyond a "simple sanbox" ootb. Exactly the same as you have in the other major VM runtimes.
If you want capability-secure Rust, there is much more to that. You have to change a lot of code, and use an alternative std. lib¹. Of course you can't than use any code (or OS functionality) when it isn't also capability-secure. Otherwise the model breaks.
To be capability-secure you have actually to rewrite the world…
¹ https://github.com/bytecodealliance/cap-std
-
Security review of "please", a sudo replacement written in Rust
The type system could definitely help. There's all sorts of things we can do. One really cool project is https://github.com/bytecodealliance/cap-std
- Preparing rustls for wider adoption
- cap-std: Capability-oriented version of the Rust standard library
-
First class I/O
On the topic of unsafe being used to describe raw file descriptors, on one hand, there is a sense in which file descriptors are pointers, into another memory. They can leak, dangle, alias, or be forged, in exactly the same way. On the other, there is an open issue about this.
What are some alternatives?
wasmer - 🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten
godot-wasm-engine
Graal - GraalVM compiles Java applications into native executables that start instantly, scale fast, and use fewer compute resources 🚀
watt - Runtime for executing procedural macros as WebAssembly
Odin - Odin Programming Language
cargo2nix - Granular builds of Rust projects for Nix
wasm-micro-runtime - WebAssembly Micro Runtime (WAMR)
rusty-wacc-viewer
TinyGo - Go compiler for small places. Microcontrollers, WebAssembly (WASM/WASI), and command-line tools. Based on LLVM.
cargo-supply-chain - Gather author, contributor and publisher data on crates in your dependency graph.
Nim - Nim is a statically typed compiled systems programming language. It combines successful concepts from mature languages like Python, Ada and Modula. Its design focuses on efficiency, expressiveness, and elegance (in that order of priority).
effects-examples - Examples to illustrate the use of algebraic effects in Multicore OCaml