I'm unreasonably excited about WASI. WASI is the thing which takes WebAssembly from a tool for running stuff in a browser to a tool that can run entire portable sandboxed applications on a computer - with controlled filesystem and network access.
I don't ever want to run untrusted code from the internet outside of a sandbox ever again. If WASI lives up to its full potential I won't have to - we'll have a robust, cross-platform sandboxing solution for running real applications.
> I don't ever want to run untrusted code from the internet outside of a sandbox ever again
WASM is great, but I think it's a wrong approach for sandboxing problem. It's technically possible to sandbox native applications (compiled into target machine code) using OS-builtin mechanisms, but it's not done for compatibility reasons, because this is the way things were done last 50 years or so.
sandboxing native apps just gives you security. with wasm you also get a single portable binary that can run on x86 windows, arm64 linux and in your browser with zero modification. you dont need to write platform specific code or use third party frameworks.
Exactly. It is entirely a misconception to believe that WASM is this silver bullet on sandboxing and it is not that great security-wise I’m afraid.
It is only now being inspected by researchers and attackers who have found sandbox escapes [0] (chrome 0day), out-of-bounds [1] / use-after-free [2] and many other [3] flaws [4] in WebAssembly which I also agree that it is not enough for sandboxing at all.
i had this same vision when i created hyper-mcp with modular plugin system via WASM plugins. Too bad, the community moves on from MCP to CLI with coding agent
Hey, this is also my interest. I was just looking into whether it was possible to e.g. build an archive extractor that runs like a normal program but does the actual extraction completely in wasm. Unfortunately, AFAICT it's possible but requires custom code; you can't (yet, I hope) just compile unzip/libarchive/whatever with CC=wasicompiler and get a sandboxed binary. But we're getting close.
You should be able to do exactly that though? Why do you think you can't?
You will of course need to include a lot of support code to provide the relevant syscalls and otherwise emulate the environment that the code expects. But there are plenty of examples of that at this point.
Programs written in Java require installation of a middleware called Java runtime. It adds extra friction for end-users. And even if one has Java runtime installed, a newer version may be necessary for a recently-published application.
With WASM it may be the same, unless al major OS vendors integrate a WASM runtime so that it doesn't need to be installed separately.
My main one is: distribution & access. If major browsers implement the WASI runtime then using and distributing a WASI app will be way simpler than the Java equivalent ever was.
The thing that interests me the most is that execution is deterministic. If the inputs to a WASM module are logged you get durable execution and rr style reverse debugging as part of the package.
Sorry but how exactly does the sandboxing help? You download and run an app that you expect to be useful and that you need. The app needs permission to access your data. If you want to use the application what choice do you have except to grant it access?
Point being you wouldn't run untrusted code in the first place and for "trusted code" you end up accepting it's access requirements anyway.
So logically I'd think that the malware would just get piggy bagged into actual non-obvious utility apps and nothing is gained.
Second problem is that the security model hoops make for terrible APIs and user experiences. Just look at the current filesystem browser APIs. It must be mentally challenging to design APIs to Be usable and the nerf them for security purposes to make them "not too usable".
Finally one must note that at least right now the webasm ecosystem is rather immature and the de-facto only tool (emscripten) is an amateur hour hobby project. So it's going to take some decades still before the tooling is really getting there.
I like the technical design of WASM, but I feel that better OS sandboxes for regular native code will be the common approach to running untrusted code.
As soon as you compile to WASM you no longer have the C FFI and the ability to call the OS systems interfaces for files, network and others.
It is extra work to move something to WASM vs just compiling it and running it in a sandbox.
I don't get it why you need direct DOM access. Just wrap it in JS calls.
It's not like current websites are super fast and creating a wrapper will slow it down unnecessarily.
I'm pretty sure you'll will still need a JS shim to talk to most web APIs. For instance the Mozilla DOM experiments seems to use a special JS variant with a 'use component' header (similar to the old 'use asm' for asm.js) as shim, but the JS shim is still there. The component model can marshal 'record types' between different WASM modules, but AFAIK not between a WASM module and a web API.
> For instance the Mozilla DOM experiments seems to use a special JS variant with a 'use component' header
As per the article, that's temporary until Component Model 1.0 is implemented natively in the browser. In the meantime, jco can be used:
> The groundwork for browser implementations is being laid today: jco’s transpile command already converts any component into equivalent core Wasm and JavaScript glue, making components runnable in any browser without native support.
That's no longer needed once native support is there.
Very exited about WASM/WCM as a portable format for capability-secure applications.
I had a spec file sitting around for an OS project idea I had, where the kernel would just be the WASM compiler + a few small shim drivers, and everything else (including e.g. PCIe device drivers) would be WASM modules with WIT interface specs. I handed the spec off to Fable and it seems to have made a working proof-of-concept. Has a maximally-WASM OS running on browser/QEMU/Orange Pi. https://eo9.org
The microkernel analogy for the Component Model vs WASI is actually a really useful mental model that I hadn't seen framed that way before. Component Model as the always-present kernel, WASI as optional OS services on top. That framing makes it obvious why browser implementation of the Component Model is tractable even though browsers have strong opinions about I/O, and why 1.0 for the Component Model and WASI are separate milestones. The lazy ABI change is also underrated, zero-copy forwarding between calls is going to matter a lot for the use cases where WASM actually competes with native.
I will be interested in getting details about the experiments of Ryan Hunt about DOM performances.
I am currently developing a WASI runtime for exaequOS and Woua programming language that will target WASI and will have access to DOM through a virtual/dev/dom driver.
Please please please bring it to the browser. I'm so done with the terrible ergonomics of everything at the was bounary having to pretend it's JavaScript
Pretty sure the JS shim is still needed to talk to web apis, even if it might look slightly different (there is a 'use component' now in the JS shim in Mozilla's experiment similar to the old 'use asm' for asm.js - at least that's what the post says).
It works in the browser already, by bundling another browser runtime engine into wasm. You need a whole fork of Mozilla's SpiderMonkey engine, compiled to wasm, running in whatever browser you have, to run wasm components today.
I confess I was quite frustrated at first when browsers all said no to wasi / wasm components. But honestly, it was the right call. It's taken so long to make wasm components happen, to get them far enough along to start really consider implementing. I can accept that as just the reality of what it takes for a small team to do such amazing work. I am so thankful for the folks who have kept this going, kept advancing.
But it's time now. 0.3 delivers an incredibly comprehensive & gorgeous suite of capabilities that offer a winning combination of characteristics (fast, lightweight, sandboxable, runtime composeable components) that is ideal for the web. I hope browsers can help get us set up for 1.0, help steer us forwards towards that spec, and I hope they're moving quickly towards being ready to implement!
The ABI stuff is huge, we might be heading (at least in the WASM world) to a place where non-C libraries are not locked to certain dev ecosystems. On top of not having to deal with C linking madness.
> The Component Model can’t formally reach 1.0 without native implementation in at least two browser engines.
I don't quite understand why the Component Model is now suddenly a browser thing, and on top something that needs to be implemented natively in browsers instead of a convention between different compiler toolchains.
Keep that boondoggle in WASI and the Bytecode Alliance. WASM in the browser works just fine without the added runtime complexity.
If you want compilers to be able to natively target browsers and access the browser DOM APIs, then you need to define some kind of contract between browsers and compilers on how to call APIs in one from the other. That is what the Wasm Component Model provides.
Perhaps some people are happy to keep the status quo where each call between Wasm and the browser needs to roundtrip through a JS glue layer. But personally I'm excited about a future where that is no longer needed.
From what I've been reading so far the component model in browsers cannot eliminate the JS glue layer, it can at most auto-generate and hide the JS shim to some extent (but that's nothing that can't be done without the component model, and with currently solutions you'll also usually don't need to deal with the JS shim, the various compiler toolchains will do that for you, e.g. Emscripten).
The only advantage you'll get is slightly faster string marshalling, which admittedly is important for DOM access, since the DOM is an extremely string heavy API.
Eliminating the glue layer completely would only be possible if the browser offers a separate 'WASM API' for each web API, but this is very unlikely to happen.
Because no one cares about yet another CORBA, gRPC is good enough, and going forward stuff like MCP and A2A are way more relevant even, so they need the browser for having any use case at all that people would actually care about.
Otherwise in a couple of years no one would care Component Model ever existed.
Billions use HTML+CSS+JavaScript. Who really uses WASM? There are of course users, but very, very few in absolute numbers. Many projects are not web-based really. For Autodesk Fusion, as one example for many, I have some mega-slow application that takes forever to work with in some cases on my laptop (it is not the fastest laptop, but I recently tested this on a faster desktop computer with 32GB RAM and it is still slow to no ends; using it all WASM based would be even slower I bet. That's not winning anyone over ...).
When I last played with it checking out its capabilities, I found the thing I was mostly missing to really make use of it was the thing referenced in this article, the Component Model. Without a type model and binary specifications, interop was made a lot harder than it'd have been otherwise. Now that that's in, it becomes a lot more useful.
I was mostly looking at it for its state as being a cross-platform supported output platform of bytecode that's fairly well sandboxed. That makes it an excellent target for things like running untrusted plugins in an application in a performant manner.
I'm unreasonably excited about WASI. WASI is the thing which takes WebAssembly from a tool for running stuff in a browser to a tool that can run entire portable sandboxed applications on a computer - with controlled filesystem and network access.
I don't ever want to run untrusted code from the internet outside of a sandbox ever again. If WASI lives up to its full potential I won't have to - we'll have a robust, cross-platform sandboxing solution for running real applications.
> I don't ever want to run untrusted code from the internet outside of a sandbox ever again
WASM is great, but I think it's a wrong approach for sandboxing problem. It's technically possible to sandbox native applications (compiled into target machine code) using OS-builtin mechanisms, but it's not done for compatibility reasons, because this is the way things were done last 50 years or so.
sandboxing native apps just gives you security. with wasm you also get a single portable binary that can run on x86 windows, arm64 linux and in your browser with zero modification. you dont need to write platform specific code or use third party frameworks.
5 replies →
Exactly. It is entirely a misconception to believe that WASM is this silver bullet on sandboxing and it is not that great security-wise I’m afraid.
It is only now being inspected by researchers and attackers who have found sandbox escapes [0] (chrome 0day), out-of-bounds [1] / use-after-free [2] and many other [3] flaws [4] in WebAssembly which I also agree that it is not enough for sandboxing at all.
[0] https://nvd.nist.gov/vuln/detail/CVE-2026-11645
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=2009901
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=2013741
[3] https://www.miggo.io/vulnerability-database/cve/CVE-2026-269...
[4] https://github.com/bytecodealliance/wasm-micro-runtime/secur...
5 replies →
Use cases I am more excited about:
1) Replace webhooks in web apps with wasm binaries provided by the customer, but that run in the web app servers.
2) Safer plugin system for professional software (plugins for photoshop, plugins for IDEs, etc)
3) Safer mod system for games and server-side mods that run on the game-maker server.
We had that in the 90's with Java. Why would this approach succeed today?
8 replies →
Check out https://extism.org, it is built for those kinds of use cases. However I think WASI and components could enhance it.
1 reply →
i had this same vision when i created hyper-mcp with modular plugin system via WASM plugins. Too bad, the community moves on from MCP to CLI with coding agent
https://github.com/hyper-mcp-rs/hyper-mcp
Hey, this is also my interest. I was just looking into whether it was possible to e.g. build an archive extractor that runs like a normal program but does the actual extraction completely in wasm. Unfortunately, AFAICT it's possible but requires custom code; you can't (yet, I hope) just compile unzip/libarchive/whatever with CC=wasicompiler and get a sandboxed binary. But we're getting close.
What do you mean? You absolutely can run compression in WASM.
For example here is Gzip in WASM: https://github.com/ColinTimBarndt/wasm-gzip
You should be able to do exactly that though? Why do you think you can't?
You will of course need to include a lot of support code to provide the relevant syscalls and otherwise emulate the environment that the code expects. But there are plenty of examples of that at this point.
1 reply →
I'm curious if people have a good story for why WASI will succeed where Java failed
My main one is that WASI has benefitted from an additional 31 years of accumulated industry-wide experience compared to when Java was first released.
2 replies →
Programs written in Java require installation of a middleware called Java runtime. It adds extra friction for end-users. And even if one has Java runtime installed, a newer version may be necessary for a recently-published application.
With WASM it may be the same, unless al major OS vendors integrate a WASM runtime so that it doesn't need to be installed separately.
9 replies →
Because Java was doing nothing similar, a better comparison would be .NET CLR that actually tried to be a decent compilation target.
Also security, Java has reflection so you cannot reliably sandbox java libraries
My main one is: distribution & access. If major browsers implement the WASI runtime then using and distributing a WASI app will be way simpler than the Java equivalent ever was.
The thing that interests me the most is that execution is deterministic. If the inputs to a WASM module are logged you get durable execution and rr style reverse debugging as part of the package.
If you're interested in this, then you should check out https://github.com/golemcloud/golem
Golem is a durable workflow platform and can run any wasm.
Sorry but how exactly does the sandboxing help? You download and run an app that you expect to be useful and that you need. The app needs permission to access your data. If you want to use the application what choice do you have except to grant it access?
Point being you wouldn't run untrusted code in the first place and for "trusted code" you end up accepting it's access requirements anyway.
So logically I'd think that the malware would just get piggy bagged into actual non-obvious utility apps and nothing is gained.
Second problem is that the security model hoops make for terrible APIs and user experiences. Just look at the current filesystem browser APIs. It must be mentally challenging to design APIs to Be usable and the nerf them for security purposes to make them "not too usable".
Finally one must note that at least right now the webasm ecosystem is rather immature and the de-facto only tool (emscripten) is an amateur hour hobby project. So it's going to take some decades still before the tooling is really getting there.
> The app needs permission to access your data. If you want to use the application what choice do you have except to grant it access?
But it doesn't need network access to be useful, so it doesn't have that permission and can't exfiltrate your data?
7 replies →
I like the technical design of WASM, but I feel that better OS sandboxes for regular native code will be the common approach to running untrusted code.
As soon as you compile to WASM you no longer have the C FFI and the ability to call the OS systems interfaces for files, network and others.
It is extra work to move something to WASM vs just compiling it and running it in a sandbox.
Why not just run a vm?
Far more overhead.
1 reply →
It’s great we are past the “wasm is not replacing JavaScript” phase. Or “you don’t need DOM for wasm . That’s what JavaScript is for”
I don't get it why you need direct DOM access. Just wrap it in JS calls. It's not like current websites are super fast and creating a wrapper will slow it down unnecessarily.
The article cites the research that JS wrapping of DOM calls slows things down by 50%.
1 reply →
Direct DOM access from WASM is faster:
https://hacks.mozilla.org/wp-content/uploads/2026/02/Screens...
Can I just say fuck JavaScript so we can stop mentioning this time and time again ?
I'm pretty sure you'll will still need a JS shim to talk to most web APIs. For instance the Mozilla DOM experiments seems to use a special JS variant with a 'use component' header (similar to the old 'use asm' for asm.js) as shim, but the JS shim is still there. The component model can marshal 'record types' between different WASM modules, but AFAIK not between a WASM module and a web API.
> For instance the Mozilla DOM experiments seems to use a special JS variant with a 'use component' header
As per the article, that's temporary until Component Model 1.0 is implemented natively in the browser. In the meantime, jco can be used:
> The groundwork for browser implementations is being laid today: jco’s transpile command already converts any component into equivalent core Wasm and JavaScript glue, making components runnable in any browser without native support.
That's no longer needed once native support is there.
we still need js shim for dom access :(
Asking for 0% js 100% wasm website is like wanting a C-free linux distro
4 replies →
Very exited about WASM/WCM as a portable format for capability-secure applications.
I had a spec file sitting around for an OS project idea I had, where the kernel would just be the WASM compiler + a few small shim drivers, and everything else (including e.g. PCIe device drivers) would be WASM modules with WIT interface specs. I handed the spec off to Fable and it seems to have made a working proof-of-concept. Has a maximally-WASM OS running on browser/QEMU/Orange Pi. https://eo9.org
The microkernel analogy for the Component Model vs WASI is actually a really useful mental model that I hadn't seen framed that way before. Component Model as the always-present kernel, WASI as optional OS services on top. That framing makes it obvious why browser implementation of the Component Model is tractable even though browsers have strong opinions about I/O, and why 1.0 for the Component Model and WASI are separate milestones. The lazy ABI change is also underrated, zero-copy forwarding between calls is going to matter a lot for the use cases where WASM actually competes with native.
I will be interested in getting details about the experiments of Ryan Hunt about DOM performances.
I am currently developing a WASI runtime for exaequOS and Woua programming language that will target WASI and will have access to DOM through a virtual/dev/dom driver.
wex —dir /dev /usr/tests/woua/dom_demo.wasm
I’m curious if this helps make WASM a potential alternative to eBPF for userspace kernel extensions.
Please please please bring it to the browser. I'm so done with the terrible ergonomics of everything at the was bounary having to pretend it's JavaScript
Pretty sure the JS shim is still needed to talk to web apis, even if it might look slightly different (there is a 'use component' now in the JS shim in Mozilla's experiment similar to the old 'use asm' for asm.js - at least that's what the post says).
It works in the browser already: https://github.com/bytecodealliance/jco
It works in the browser already, by bundling another browser runtime engine into wasm. You need a whole fork of Mozilla's SpiderMonkey engine, compiled to wasm, running in whatever browser you have, to run wasm components today.
I confess I was quite frustrated at first when browsers all said no to wasi / wasm components. But honestly, it was the right call. It's taken so long to make wasm components happen, to get them far enough along to start really consider implementing. I can accept that as just the reality of what it takes for a small team to do such amazing work. I am so thankful for the folks who have kept this going, kept advancing.
But it's time now. 0.3 delivers an incredibly comprehensive & gorgeous suite of capabilities that offer a winning combination of characteristics (fast, lightweight, sandboxable, runtime composeable components) that is ideal for the web. I hope browsers can help get us set up for 1.0, help steer us forwards towards that spec, and I hope they're moving quickly towards being ready to implement!
3 replies →
So, Jini with RMI, CORBA, DCOM, and gRPC, hello again.
Really leave WASM on the browser.
Oh yes give me the component model lets go.
The ABI stuff is huge, we might be heading (at least in the WASM world) to a place where non-C libraries are not locked to certain dev ecosystems. On top of not having to deal with C linking madness.
> The Component Model can’t formally reach 1.0 without native implementation in at least two browser engines.
I don't quite understand why the Component Model is now suddenly a browser thing, and on top something that needs to be implemented natively in browsers instead of a convention between different compiler toolchains.
Keep that boondoggle in WASI and the Bytecode Alliance. WASM in the browser works just fine without the added runtime complexity.
If you want compilers to be able to natively target browsers and access the browser DOM APIs, then you need to define some kind of contract between browsers and compilers on how to call APIs in one from the other. That is what the Wasm Component Model provides.
Perhaps some people are happy to keep the status quo where each call between Wasm and the browser needs to roundtrip through a JS glue layer. But personally I'm excited about a future where that is no longer needed.
From what I've been reading so far the component model in browsers cannot eliminate the JS glue layer, it can at most auto-generate and hide the JS shim to some extent (but that's nothing that can't be done without the component model, and with currently solutions you'll also usually don't need to deal with the JS shim, the various compiler toolchains will do that for you, e.g. Emscripten).
The only advantage you'll get is slightly faster string marshalling, which admittedly is important for DOM access, since the DOM is an extremely string heavy API.
Eliminating the glue layer completely would only be possible if the browser offers a separate 'WASM API' for each web API, but this is very unlikely to happen.
1 reply →
Because no one cares about yet another CORBA, gRPC is good enough, and going forward stuff like MCP and A2A are way more relevant even, so they need the browser for having any use case at all that people would actually care about.
Otherwise in a couple of years no one would care Component Model ever existed.
WASM first appeared in 2017.
It still hasn't really reached a breakthrough.
Billions use HTML+CSS+JavaScript. Who really uses WASM? There are of course users, but very, very few in absolute numbers. Many projects are not web-based really. For Autodesk Fusion, as one example for many, I have some mega-slow application that takes forever to work with in some cases on my laptop (it is not the fastest laptop, but I recently tested this on a faster desktop computer with 32GB RAM and it is still slow to no ends; using it all WASM based would be even slower I bet. That's not winning anyone over ...).
According to https://chromestatus.com/metrics/feature/timeline/popularity... WebAssembly runs on about 6.11% of Chrome page loads, up from 3.37% in January 2024.
Probably all of that is Figma.
3 replies →
When I last played with it checking out its capabilities, I found the thing I was mostly missing to really make use of it was the thing referenced in this article, the Component Model. Without a type model and binary specifications, interop was made a lot harder than it'd have been otherwise. Now that that's in, it becomes a lot more useful.
I was mostly looking at it for its state as being a cross-platform supported output platform of bytecode that's fairly well sandboxed. That makes it an excellent target for things like running untrusted plugins in an application in a performant manner.
> Who really uses WASM?
Everyone who uses Amazon Prime Video: https://www.amazon.science/blog/how-prime-video-updates-its-...
Everyone who uses Google Sheets: https://web.dev/case-studies/google-sheets-wasmgc
I wrote an Unreal file parser in C# and use it in our in-house web based DAM. It was much more ergonomic and performant than writing it in Javascript.
oh no, a new edge case tech has not replace the most popular tech stack ever, yet another failure after webGL
WASM made Figma.
WASM is super useful for FFI in some env