Python on the Edge: Fast, Sandboxed, and Powered by Webassembly
Posted3 months agoActive3 months ago
wasmer.ioTechstoryHigh profile
excitedpositive
Debate
60/100
WebassemblyPythonServerless ComputingSandboxing
Key topics
Webassembly
Python
Serverless Computing
Sandboxing
The Wasmer team has successfully run Python on the edge using WebAssembly, sparking discussion on its potential applications, performance, and sandboxing benefits.
Snapshot generated from the HN discussion
Discussion Activity
Very active discussionFirst comment
24m
Peak period
91
0-12h
Avg / period
26
Comment distribution156 data points
Loading chart...
Based on 156 loaded comments
Key moments
- 01Story posted
Sep 24, 2025 at 11:48 AM EDT
3 months ago
Step 01 - 02First comment
Sep 24, 2025 at 12:12 PM EDT
24m after posting
Step 02 - 03Peak activity
91 comments in 0-12h
Hottest window of the conversation
Step 03 - 04Latest activity
Sep 29, 2025 at 9:09 PM EDT
3 months ago
Step 04
Generating AI Summary...
Analyzing up to 500 comments to identify key contributors and discussion patterns
ID: 45362023Type: storyLast synced: 11/20/2025, 7:40:50 PM
Want the full context?
Jump to the original sources
Read the primary article or dive into the live Hacker News thread when you're ready.
I've been trying to find a robust, reliable and easy way to run a Python process in WebAssembly (outside of a browser) for a few years.
My previous attempts are described here:
- https://til.simonwillison.net/deno/pyodide-sandbox
- https://til.simonwillison.net/webassembly/python-in-a-wasm-s...
see https://pyodide.org/en/stable/development/building-packages-...
> Pyodide provides an experimental command line runner for testing packages against Pyodide. Using it requires nodejs version 20 or newer.
Looks like it's a recent addition?
I want a robust sandbox I can run untrusted code in, outside of the browser.
Forgot to put it on the article, but the latest Python requires the Wasmer rc.5 to run! (the final release will be coming very soon)
error: Spawn failed
╰─▶ 1: compile error: Validate("exceptions proposal not enabled (at offset 0x191a)")
```
We unfortunately didn't get the final release out quite in time...
"wasmer run python/python@=0.2.0" on the same machine gets me into Python 3.12.0 almost instantly.
So please wait a bit - subsequent runs will be fast, since compiled Python will be cached.
Any chance `wasmer run python/python` might download a pre-compiled version in the future?
It did give me one warning message:
[0] https://github.com/python/cpython/issues/131189
What’s the use case? Is it the sandboxing? Is it easier than running Python in a container?
Firecracker is meant to be secure but it's a lot harder to work with.
You can almost think of a prompt injection attack as a supply chain attack - but regular supply chain attacks are a concern too, what if an LLM installs a new version of an NPM package that turns out to have been deliberately infected with malware that can escape a container?
With reverse proxy you can log requests, or filter them if needed, restrict the allowed domains, do packet inspection if you want to go crazy mode.
And if an actor is able to tailor fit a prompt to escape docker, I think you have bigger issues in your supply chain.
I feel this wasm is bad solution. What it brings a VM or docker can't do?
And escaping a docker container is not that simple, require a lot of heavy lifting and not always possible.
I want to build software that regular users can install on their own machines. Telling them they have to install Docker first is a huge piece of friction that I would rather avoid!
The lack of network support for WASM fits my needs very well. I don't want users running untrusted code which participates in DDoS attacks, for example.
The vulnerability is in kernel syscalls. More info here: https://news.ycombinator.com/item?id=32319067
If you're going to make containers hard to escape, you have to host them under a hypervisor that keeps them apart. Firecracker was invented for this. If Docker could be made unescapable on its own, AWS wouldn't need to run their container workloads under Firecracker.
So if your docker container gets vulnerable and it can somehow break through a container, I think that with default sudo docker, you might get sudo privileges whereas in default podman, you would be having it as a user run executable and might need another zero day or smth to have sudo privilege y'know?
When was the last time we have heard container escape actually happening?
It's probably better to make some kind of risk assessment and decide whether you're willing to accept this risk for your users / business. And what you can do to mitigate this risk. The truth is the risk is always there and gets smaller as you add several isolation mechanisms to make it insignificant.
I think you meant “container escape is not as difficult as VM escape.” A malicious workload doesn’t need to be root inside the container, the attack surface is the shared linux kernel.
Not allowing root in a container might mitigate a container getting root access outside of a namespace. But if an escape succeeds the attacker could leverage yet another privilege escalation mechanism to go from non-root to root
More here: https://news.ycombinator.com/item?id=32319067
Like it's also possible in a VM.
What about running non privileged containers! You need really to open some doors to make it easier!
Breaking out of a VM requires a hypervisor vulnerability, which are rare.
Breaking out of a shared-kernel container requires a kernel syscall vulnerability, which are common. The syscall attack surface is huge, and much of it is exploitable even by unprivileged processes.
I posted this thread elsewhere here, but for more info: https://news.ycombinator.com/item?id=32319067
Also it says "Pay CDN-like costs for your cloud applications – that’s Wasmer Edge." and I don't understand why I need to pay for the cloud if the app is serverless. That's exactly the point of serverless app that you don't need to pay for the servers because, well, the name implies that there is no server.
Normally, if you want to run your apps serverlessly you'll need to adapt your source code to it (both AWS Lambda and Cloudflare Workders require creating a custom HTTP handler).
In our case, you can run your normal server (lets say uvicorn) without any code changes required from our side.
Of course, you can already do this in Docker-enabled workloads: Google Cloud or Fly.io, for example. But that means that your apps will have long cold-start times at a way higher cost (no serverless).
Hope this makes things clear!
My preferred definition of serverless is scale-to-zero - where if your app isn't getting any traffic you pay nothing (as opposed to paying a constant fee for having your own server running that's not actually doing any work), then you pay more as the traffic scales up.
Frustratingly there are some "serverless" offerings out there which DO charge you even for no traffic - "Amazon Aurora Serverless v1" did that, I believe they fixed it in v2.
I mostly choose not to use it, because I don't like using ambiguous terminology if I can be more specific instead. So I'll say things like "scale-to-zero".
It seems like a horrible way to build a system with any significant level of complexity, but idk maybe it makes sense for very rarely used and light routes?
See https://github.com/ninia/jep
Brendan Eich ( the creator of JavaScript) was kind enough chime in that it would be impossible for variety of reasons.
Obviously he knows more about this than me, but I think Google could put Dart in there if they really wanted.
WebAssembly is pretty close though.
Internet explorer just didn't provide the same experience as Chrome.
For example if Firefox decides to add Rust support it doesn't mean every other browser needs to support it.
Just a handful of web experiences are going to be exclusive to Firefox. As is having Chrome as the only browser most people use isn't great for innovation.
Most sane HN commenter. Jesus Christ.
Me: Well different browsers could support different features.
HN: NOT LIKE THAT, we want every website to be compatible with everything!
People want different browsers so that chromium doesn't get to enforce their monopoly on web standards but I mean, its already happening. Like, if something runs on chrome and it doesn't run on firefox and is used by a lot of people...
Effectively firefox is ALSO forced to have those chromium features...
Basically the web standards is held hostage by chromium and we need a very heavy migration of large swathes of people away from chrome to something like firefox and that's whats being advocated I suppose.
I use zen / firefox because I also don't want chromium. I mean, idk if I have a particular reason except the above logic that I shared. honestly, idk to be honest.
You simply can't expect to run Roblox games inside of Chrome
Roblox can't generally be used to file your taxes.
But your visiting user created experiences.
The big problem is it's all controlled by one super company .
There's no reason we can't have an open source browser like which allows you to play various games, or run other sandbox applications. These applications could be programmed in a variety of different languages.
In this scenario, whatever I still need Chrome to handle certain important business, but I can use this alternate browser to engage with tons of other content.
Minecraft in a similar vein too.
I was actually thinking of creating a roblox alternative or atleast proposing the idea of modifying luanti which is open source to have roblox esque graphics.
So it would be the open source browser which allows you to play various games in some sense.
If you want sandbox applications, there is libriscv created by legendary fwsgonzo which can run on any device or wasm I suppose
https://www.luanti.org/
https://github.com/libriscv/libriscv
I would be interested to see how short the time to run "Hello World" can be with python in a webpage, counting the time to load the whole page without cache.
Or you can use MicroPython which is much smaller:
Demo: https://static.simonwillison.net/static/2025/pyscript-microp...Part of why WebAssembly was successful is that it's a way of generating javascript runtime IR instead of a completely new language + standard library - browsers can swap out their JavaScript frontend for a WASM one and reuse all the work they've done, reusing most of their native code generator, debugger, caches, etc. The primitives WASM's MVP exposes are mostly stuff browsers already knew how to do (though over time, it accumulated new features that don't have a comparison point in JS.)
And then WASM itself has basically no standard library, which means you don't have to implement a bunch of new library code to support it, just a relatively small set of JS APIs used to interact with it.
That being said, I'm also 100% behind the effort to standardize WASM as the cross-platform compilation target of choice.
Would be way more exciting if it could _compile_ Python to Wasm (or does it?).
I remember when I was in 6th grade wanting to make some minecraft mods but didn't want to learn java for it and wanted something like python.
I also remember a video that did something like that but it was highly limited or smth iirc.
Could this be used to create a minecraft plugin in python?
Edit: Damn, there is this pyspigot thing which seems really fascinating..
https://pyspigot-docs.magicmq.dev/#getting-started
Tbh, nowadays I would prefer writing minecraft mods in kotlin but the pyspigot code is also definitely really interesting!
If you use wasm's native GC your objects are managed by the WASM runtime (in browsers, a JS runtime).
For things like goroutines you would emulate them using wasm primitives like exception handling, unless you're running in a host that provides syscalls you can use to do stuff like stack switching natively. (IIRC stack switching is proposed but not yet a part of any production WASM runtime - see https://webassembly.org/features/)
Based on what I read in a quick search, what Go does is generate each goroutine as a switch statement based on a state variable, so that you can 'resume' a goroutine by calling the switch with the appropriate state variable to resume its execution at the right point.
In a browser environment there are theoretically ways you could piggyback off of the async support in the native ecosystem. But CPython is written to certain systems, so you're talking about CPython patches.
BUT the kind of beautiful thing is you can show up with your own asyncio event loop! So for example Pyodide just ships its own asyncio event loop[1]. This is possible thanks to Python's async infra just being built off of its generator concepts. async/await is, in itself, not something that "demands" I/O, just asyncio is.
[0]: https://docs.python.org/3.13/library/asyncio.html [1]: https://pyodide.org/en/stable/project/release-notes/v0.17.0....
> wasmer app create --template=static-website
gets you from empty folder to initialized template and deployed static website in like 10 seconds when logged in.
Pretty nice.
In fact, we want to even run it on browsers.
We are small team, so we have to pick our battles very carefully, but we would welcome any patch to make it work (if it doesn't work already!).
https://jupyter.org/try-jupyter/lab/
Philosophically speaking I believe we should not require a special version of pip to install packages, nor a "lite" version of Jupyter to run in WebAssembly.
We should be able to run Jupyter fully within the Wasmer ecosystem without requiring any changes on the package (to run either in the browser or the server).
Still, that close to native Python is an interesting place to be.
I'd love to implement customer supplied transformation scripts for exports of data but I need this python to be fully sandboxed and only operate on the data I give it.
Wasmer's approach hints at faster cold starts and better overall performance; the benchmarking against pyodide is a bit unclear, and it's unclear to me whether that would make or break viability for a use case like this.
But one thing this does make possible is if your arbitrary script is actually a persistent server, you can deploy that to edge servers, and interact with your arbitrary scripts over the network in a safe and sandboxed way!
I'm always on the lookout for ways to run Python in a sandbox but that feels like one too many levels for me.
Pyodide inside Deno removes at least the headless browser layer: https://til.simonwillison.net/deno/pyodide-sandbox
Please no :sob:
Eg something like this flask-based app? (Yes the code is shit, I’m just a sysadmin learning Python with some AI support at that time).
https://github.com/jgbrwn/my-upc/blob/main/app.py
Also, if wasmer supports Starlette, I assume it would support FastHTML (web framework that uses Starlette under the hood) ?
We will release a new Python version by the end of this week / beginning of next one, so by then FastHTML should be fully work in Wasmer! (both runtime and Edge)
We'll be improving our docs soon!
https://www.graalvm.org/latest/reference-manual/polyglot-pro...
I’ve been looking at using lua for something like this: basically, users will be able to program robots in my lab (biotech) to do things, and I need a scripting language I can easily embed and control the runtime of in the larger system.
Lua is theoretically better in… almost every way, except everyone in bio uses python. So it could allow more easy modification of LLM generated scripts (not worried about the libraries because I mostly want to limit them: the scripts are mainly to just run robots, and you can have them webhook out if you need complicated stuff)
My question would be: would running a python sandbox vs a lua sandbox actually be appreciably better? Not sure yet, but will have to investigate with this new package (since it has Go bindings!)
Also, with luajit, it is much faster.
Just want to point out that this section avoids mentioning the best way to do it:
AWS provides https://github.com/awslabs/aws-lambda-web-adapter which is a) supported and b) written Rust, providing a translation of Lambda requests back into HTTP so you can use your usual entry point to the WSGI app. It is simple to set up.WebSockets still not supported of course, but the issue of adapters is solved.
And you can also use Websockets with Cloudflare workers: https://developers.cloudflare.com/workers/runtime-apis/webso...
However it's worth point that due to the concurrency model of AWS Lambda (1 client request / ws message = 1 lambda invocation / one process only ever handles one request at a time before it can handle the next one), you would end up spawning much more AWS Lambda instances than you would with Cloudflare workers or Wasmer Edge.
There are cost implications obviously, but AWS lambda works this way also to make concurrency and scaling "simpler" by providing an easier mental model. Though much more expensive in theory
Since LLMs have made me so lazy that I never bother to search or read on my own, can someone tell me whether I can use uv as my project management tool with wasmer? What's the story here?
I simply CANNOT go back to use packages without uv, it would be unthinkable to me.
Actually, now that I think of it, my laziness might have started when I learned perl 30 years ago.
If you are curious on compiling Python to WebAssembly please check py2wasm: https://wasmer.io/posts/py2wasm-a-python-to-wasm-compiler
I assume this is targeting the standalone WebAssembly use case, we're not...running MySQL in browsers right?
https://people.csail.mit.edu/brooks/papers/fast-cheap.pdf
That said, there is a need for accelerating branchy pure-python workloads too, I did a lot of work with rdflib where PyPy made all the difference and we also need runtimes that can accelerate those workloads.
2 more comments available on Hacker News