Edge.js: Run Node apps inside a WebAssembly sandbox

Hi HN!

I'm Syrus, from Wasmer. We built Edge.js in a few weeks after different trials trying to bring Node.js to the Edge. We used AI and Codex heavily for this project, as otherwise the timeline would have spanned to a year plus to develop.

The summary of this announcement is that Edge.js:

  * Runs using WebAssembly when in `--safe` mode
  * It's fully compatible with Node.js (passing all their spec tests for non-VM modules)
  * It has a pluggable JS engine architecture: can work with V8, Javascript, SpiderMonkey, QuickJS, Hermes, etc.

This feels like shifting the trust boundary from the OS (containers) into your runtime (WASIX + shims).

Curious how this holds up under hostile workloads, especially with native modules and libuv in the mix.

Interesting direction, but the real question is whether this survives hostile, real-world workloads.

Moving isolation into the runtime (WASIX + shims) sounds great for latency, but it also shifts a lot of trust away from the kernel. In multi-tenant scenarios, that tradeoff tends to break under pressure.

The bar isn’t “can it run JS fast”, it’s:

- can it safely run untrusted, adversarial code

- with full npm compatibility

- at high concurrency

- without escape vectors or resource abuse

Concrete question:

Would you be comfortable running something like OpenClaw (multi-tenant agent workloads, arbitrary user-generated code, long-running tasks) on top of this today?

If yes, what are the isolation guarantees and known failure modes?

If not, where does it break first — syscalls, native modules, or resource isolation?

This feels promising for LLM code execution, but that use case is exactly where things get adversarial fast.

Sick! Love me some Wasm solutions like this

Not sure I understand the use cases. I'm guessing people want to run unsafe nodejs code. Either cloud providers like for lambdas or on personal computer for AI coding? On cloud why is this better than firecracker, firecrack can run any programming language this is just nodejs so already useless for that use case?

For personal computer, people worried about the spin up time of docker? I think that is more of a tooling issue where you spin up one instance and run multiple jobs.

What am I missing? What are actually real use cases where this would be better?

Awesome project!

Dumb question: could you run this in frontend js using the browser's js engine and wasm environment similar to WebContainers? Maybe `fs` is just in-memory, and some things like forking are disabled. It'd be cool to have "nodejs" in the web!

I still prefer Deno because I don't need a separate npm install command, which makes running code that much easier

Being able to import from "https://my-vpn.com/[email protected]" or "npm:[email protected]" and just running code without having to worry about scaffolding node_modules makes sandboxing code much easier

I don't get it. You mention being able to choose your own JS engine, so it's not using Wasmer's WebAssembly implementation but that of the chosen JS engine's? In other words, can Edge.js use Wasmer? Or have you managed to compile V8/JSC into WebAssembly and are executing it with Wasmer? If so, amazing!

Very cool project!

Question regarding the pluggable js engine: I have an electron app where I'm currently using QuickJS to run LLM-generated code. Would edge.js be able (theoretically) to use electron's v8 to get a "sanboxed within electron" execution environment?

Very interesting! On what platforms can this run? If it can run on iOS, how would you handle attempts to access to the file system or networking, is this already wired in somehow? If not is it easy to add custom handlers to handle these actions?

It's a bit confusing.

Roughly:

* a refactor of Node.js, but using a standardized API for JS engine interop * Integration with the Wasmer CLI so it will run JS with v8 but, everything else in Webassembly

Interesting idea.

Could be a much lighter weight way to sandbox JS...

Huh. Could this be a way to sandbox user-generated JS in web apps?

Wow! Node APIs in wasm(wasix)? Something that I have been thinking over for a long time is getting wasm (just wasm, not wasi or com) to be the unit of deployment/packaging for web apps like Nuxt/Next that only depend on, for example SQLite or Postgres. Slightly ignorant question, but would edge.js allow integrating with a caddy plug-in to handle serving the app from wasm?

I know of the extism project and played around with it in elixir, but I'm looking to have CF Workers DX with as little operational complexity as possible for many silly pet projects.

Can that Node app load and run WebAssembly?

(A.K.A. are we IBM 360 yet?)

[dead]

[dead]

[dead]

[dead]