sandbox.lua
kernel-wasm
sandbox.lua | kernel-wasm | |
---|---|---|
1 | 8 | |
97 | 718 | |
- | 2.1% | |
10.0 | 0.0 | |
over 5 years ago | about 4 years ago | |
Lua | C | |
MIT License | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sandbox.lua
-
Thoughts on improving security of Neovim plugins
I think this is essential. Maybe plugin managers could add sandboxes. For example, this lua library is a proof of concept: https://github.com/APItools/sandbox.lua. "Packer" could add a method to load plugins with a sandbox, where you allow/disallow certain resources, something like
kernel-wasm
- Safely run WebAssembly in the Linux kernel, with faster-than-native performance.
- Kernel-WASM: Sandboxed kernel mode WebAssembly runtime for Linux
- Kernel-WASM - Sandboxed kernel mode WebAssembly runtime for Linux
-
Thoughts on improving security of Neovim plugins
WASM is not related to JavaScript in any way, it's just a formal definition (see the spec) for a bytecode and a VM that executes it. One of the problems that WASM tries to solve for web development is to get away from JS because it's such a mess. It's unfortunate that WASM has "Web" in its name, as it's rally not just for Web: there are many embedded runtimes, for example, popular proxy server Envoy supports WASM for writing filters (aka extensions) and there's even WASM runtime for the Linux kernel.
-
Helix: a post-modern text editor
Wasm started in the web, but has since been ported even to the Linux kernel [0]. It seems perfect for situation where you near machine code levels of performance, but don't want to carry different binaries for different CPU architectures - exactly what you want from a plugin system. It also allows far greater isolation than "real" compiled code.
[0] https://github.com/wasmerio/kernel-wasm
What are some alternatives?
packer.nvim - A use-package inspired plugin manager for Neovim. Uses native packages, supports Luarocks dependencies, written in Lua, allows for expressive config
helix - A post-modern modal text editor.
lspcontainers.nvim - Neovim plugin for lspcontainers.
coc.nvim - Nodejs extension host for vim & neovim, load extensions like VSCode and host language servers.
firejail - Linux namespaces and seccomp-bpf sandbox
xi-editor - A modern editor with a backend written in Rust.
ua-parser-js - UAParser.js - Free & open-source JavaScript library to detect user's Browser, Engine, OS, CPU, and Device type/model. Runs either in browser (client-side) or node.js (server-side).
keys - My personal ergodox, planck layouts.
kakoune - mawww's experiment for a better code editor
history - Emacs - History utility for source code navigation.