Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
quickjs-emscripten
Safely execute untrusted Javascript in your Javascript, and execute synchronous code that uses async functions
To run a JavaScript interpreter (spidermonkey, in this case) in Wasm, as well as running that same wasm in a JS engine, you want to look at `jco` https://github.com/bytecodealliance/jco
The component model tooling is getting very close to maturity and will solve many of these problems.
The idea of Wasm as a universal plugin system is very promising. But string passing is maybe not the best example to highlight, considering that Wasm is introducing stringref to enable zero-copy string sharing between the Wasm runtime and host language.
https://github.com/WebAssembly/stringref/blob/main/proposals...
While it'd be a nice addition, I wouldn't expect it any time soon.
It's currently still a stage 1 proposal, while we've been waiting for years for other proposals to be merged. The last time a proposal was actually finished was over 2 years ago.
https://github.com/WebAssembly/proposals
https://github.com/WebAssembly/proposals/blob/main/finished-...
Indeed, webassembly is moving extremely slowly. I started a project years ago expecting https://github.com/WebAssembly/memory-control/blob/main/prop... and https://github.com/WebAssembly/memory64 to be fixed at some point. Neither are yet, and the project still suffers from it to this day.
I think wasm is still great without these fixes, but I have lost confidence in the idea that wasm will reach its full potential any time soon.
Indeed, webassembly is moving extremely slowly. I started a project years ago expecting https://github.com/WebAssembly/memory-control/blob/main/prop... and https://github.com/WebAssembly/memory64 to be fixed at some point. Neither are yet, and the project still suffers from it to this day.
I think wasm is still great without these fixes, but I have lost confidence in the idea that wasm will reach its full potential any time soon.
[1] https://github.com/WebAssembly/js-string-builtins/blob/main/...
The thing I want to achieve with WebAssembly is still proving a lot harder than I had anticipated.
I want to be able to take strings of untrusted code provided by users and execute them in a safe sandbox.
I have all sorts of things I want this for - think custom templates for a web application, custom workflow automation scripts (Zapier-style), running transformations against JSON data.
When you're dealing with untrusted code you need a really robust sandbox. WebAssembly really should be that sandbox.
I'd like to support Python, JavaScript and maybe other languages too. I want to take a user-provided string of code in one of those languages and execute that in a sandbox with a strict limit on both memory usage and time taken (so I can't be crashed by a "while True" loop). If memory or time limit are exceeded, I want to get an exception which I can catch and return an error message to the user.
I've been exploring options for this for quite a while now. The furthest I've got was running Pyodide inside of Deno: https://til.simonwillison.net/deno/pyodide-sandbox
Surprisingly I've not found a good pattern for running a JavaScript interpreter in a WASM sandbox yet. https://github.com/justjake/quickjs-emscripten looks promising but I've not found the right recipe to call it from server-side Python or Deno yet.
Can Extism help with this? I'm confident I'm not the only person who's looking for a solution here!
you should also check out modsurfer[0]
"modsurfer generate -p cowsay.wasm -o mod.yaml"
Especially for non-component core modules that wont have wit definitions
[0]: https://github.com/dylibso/modsurfer
Firecracker is a fine technology, but serverless companies have started taking advantage Wasm's faster start-up times for use cases of running Wasm on the server (https://www.youtube.com/watch?v=yqgCxhPAao0). The deny by default security policy makes Wasm a great choice to run your code in isolation, particularly for maximizing hardware resources in the multi-tenant environments these serverless companies operate.
In the past few years, we have seen more use cases of Wasm emerge outside of the browser. JavaScript engines are now just a fraction of the total number of runtimes available. Wasmtime, Wasmer, WasmEdge, wazero are popular ones for non-browser use cases like blockchain, serverless, and edge computing (although Cloudflare uses V8's Wasm engine). WAMR is a popular one for cyber physical/IoT devices. There's a nice list here: https://github.com/appcypher/awesome-wasm-runtimes