Edge.js: Run Node apps inside a WebAssembly sandbox
syrusakbary
122 points
35 comments
March 17, 2026
Related Discussions
Found 5 related stories in 33.1ms across 3,471 title embeddings via pgvector HNSW
- Node.js needs a virtual file system voctor · 243 pts · March 17, 2026 · 51% similar
- Professional video editing, right in the browser with WebGPU and WASM mohebifar · 196 pts · March 21, 2026 · 50% similar
- Notes on writing Rust-based Wasm vinhnx · 218 pts · March 08, 2026 · 50% similar
- We rebuilt the Shockwave engine in Rust and WASM to save early 2000s web games unleaded · 14 pts · March 17, 2026 · 49% similar
- Go on Embedded Systems and WebAssembly uticus · 142 pts · April 03, 2026 · 48% similar
Discussion Highlights (13 comments)
syrusakbary
Hi HN! I'm Syrus, from Wasmer. We built Edge.js in a few weeks after different trials trying to bring Node.js to the Edge. We used AI and Codex heavily for this project, as otherwise the timeline would have spanned to a year plus to develop. The summary of this announcement is that Edge.js: * Runs using WebAssembly when in `--safe` mode * It's fully compatible with Node.js (passing all their spec tests for non-VM modules) * It has a pluggable JS engine architecture: can work with V8, Javascript, SpiderMonkey, QuickJS, Hermes, etc. Super happy to answer any questions you may have!
alex_reg
It's a bit confusing. Roughly: * a refactor of Node.js, but using a standardized API for JS engine interop * Integration with the Wasmer CLI so it will run JS with v8 but, everything else in Webassembly Interesting idea. Could be a much lighter weight way to sandbox JS...
willquack
Awesome project! Dumb question: could you run this in frontend js using the browser's js engine and wasm environment similar to WebContainers? Maybe `fs` is just in-memory, and some things like forking are disabled. It'd be cool to have "nodejs" in the web!
MillionOClock
Very interesting! On what platforms can this run? If it can run on iOS, how would you handle attempts to access to the file system or networking, is this already wired in somehow? If not is it easy to add custom handlers to handle these actions?
pscanf
Very cool project! Question regarding the pluggable js engine: I have an electron app where I'm currently using QuickJS to run LLM-generated code. Would edge.js be able (theoretically) to use electron's v8 to get a "sanboxed within electron" execution environment?
2001zhaozhao
Huh. Could this be a way to sandbox user-generated JS in web apps?
pacman1337
Not sure I understand the use cases. I'm guessing people want to run unsafe nodejs code. Either cloud providers like for lambdas or on personal computer for AI coding? On cloud why is this better than firecracker, firecrack can run any programming language this is just nodejs so already useless for that use case? For personal computer, people worried about the spin up time of docker? I think that is more of a tooling issue where you spin up one instance and run multiple jobs. What am I missing? What are actually real use cases where this would be better?
robjam
Wow! Node APIs in wasm(wasix)? Something that I have been thinking over for a long time is getting wasm (just wasm, not wasi or com) to be the unit of deployment/packaging for web apps like Nuxt/Next that only depend on, for example SQLite or Postgres. Slightly ignorant question, but would edge.js allow integrating with a caddy plug-in to handle serving the app from wasm? I know of the extism project and played around with it in elixir, but I'm looking to have CF Workers DX with as little operational complexity as possible for many silly pet projects.
actionfromafar
Can that Node app load and run WebAssembly? (A.K.A. are we IBM 360 yet?)
ammmir
I don't get it. You mention being able to choose your own JS engine, so it's not using Wasmer's WebAssembly implementation but that of the chosen JS engine's? In other words, can Edge.js use Wasmer? Or have you managed to compile V8/JSC into WebAssembly and are executing it with Wasmer? If so, amazing!
davispeck
This feels like shifting the trust boundary from the OS (containers) into your runtime (WASIX + shims). Curious how this holds up under hostile workloads, especially with native modules and libuv in the mix.
d0100
I still prefer Deno because I don't need a separate npm install command, which makes running code that much easier Being able to import from " https://my-vpn.com/mypackage@1.2.3 " or "npm:package@1.2.3" and just running code without having to worry about scaffolding node_modules makes sandboxing code much easier
billionverify
Interesting direction, but the real question is whether this survives hostile, real-world workloads. Moving isolation into the runtime (WASIX + shims) sounds great for latency, but it also shifts a lot of trust away from the kernel. In multi-tenant scenarios, that tradeoff tends to break under pressure. The bar isn’t “can it run JS fast”, it’s: - can it safely run untrusted, adversarial code - with full npm compatibility - at high concurrency - without escape vectors or resource abuse Concrete question: Would you be comfortable running something like OpenClaw (multi-tenant agent workloads, arbitrary user-generated code, long-running tasks) on top of this today? If yes, what are the isolation guarantees and known failure modes? If not, where does it break first — syscalls, native modules, or resource isolation? This feels promising for LLM code execution, but that use case is exactly where things get adversarial fast.