Python on the Edge: Fast, sandboxed, and powered by WebAssembly

Original Article ↗ Hacker News Discussion ↗

Getting Python running with Wasmer

  • Users report wasmer run python/python@=0.2.0 gives a fast-starting Python 3.12 shell in a WASM sandbox.
  • The latest Python package (3.13) requires Wasmer 6.1.0-rc.5 and triggers a long first-run LLVM compilation (several minutes) before cached subsequent runs become fast.
  • Some see validation errors without the right Wasmer version, and a warning about pyrepl/msvcrt on macOS. Wasmer plans precompiled artifacts and better UX (spinner, etc.).

Comparison to Pyodide and other approaches

  • Initial claim that Pyodide only works in browsers is corrected: it has had an experimental Node-based CLI runner since 2022, used in CI.
  • JupyterLite is cited as another Python-on-WASM example with its own “pip” and prebuilt packages.
  • Wasmer’s stated philosophy is to avoid special forks of tools (pip, Jupyter) and run unmodified Python/Jupyter stacks in WASM.

Sandboxing, security, and containers vs WASM

  • Main use case: running untrusted code (including LLM-generated code and user scripts) with tight blast-radius control, especially for AI agents.
  • Several participants distrust Docker as a strong security boundary due to shared-kernel exploits and cite multiple container-escape CVEs; they prefer hypervisors (Firecracker, gVisor) or WASM.
  • Others argue container escapes are rare, mitigable with good hygiene, and that WASM doesn’t obviously beat well-configured containers or cgroups+namespaces.
  • WASM’s default lack of networking is seen by some as a feature (e.g., preventing DDoS participation) versus containers where networking must be explicitly disabled.

Serverless/edge model and “Wasmer Edge”

  • Confusion around marketing terms: “serverless” here means scale-to-zero, on-demand execution similar to Lambda, but you still pay for underlying cloud resources.
  • Wasmer Edge aims to run unmodified app servers (e.g., uvicorn/FastAPI) as WASM at the edge, promising lower cold-start times and costs than container-based offerings.
  • Discussion contrasts this with AWS Lambda (adapters, WebSocket limitations) and Cloudflare Workers; some point out AWS now has a maintained web adapter.

Packages, C extensions, and interop

  • Users ask about numpy/scipy; numpy and some C-heavy packages (Pillow, ffmpeg) exist in Wasmer’s Python index, but scipy is not yet available, which is a blocker for some.
  • FFI and support for major C-extension ecosystems are seen as critical for Python-on-WASM to be truly useful.
  • There is interest in polyglot scenarios: sharing simple data between Python and JS via Wasmer-JS, similar in spirit to GraalVM; tutorials are requested.

Browser languages and WebAssembly

  • A side debate asks whether browsers should natively support multiple languages (e.g., Dart, Python). Concerns include browser complexity and standardization burden.
  • WebAssembly is framed as the practical compromise: a low-level target reused by JS engines without a full new standard library.
  • Some want direct DOM access and inline <python>-style scripting; examples are given using PyScript/MicroPython on top of WASM.

Technical limits: async, GC, performance

  • Questions arise about how WASM handles language-specific concurrency (goroutines, asyncio) and garbage collection.
  • Explanations note:
    • GC can be done in linear memory or via the new WASM GC proposal, though integration is nontrivial.
    • Goroutines can be transformed into state machines; stack switching is still emerging in the WASM feature set.
    • CPython’s WASI build lacks standard asyncio I/O primitives; projects like Pyodide ship custom event loops for async.
  • Participants stress that “fast” here means “close to native CPython speed,” not on par with optimized JVM/.NET/Rust, and some criticize the headline wording.

Use cases and platforms

  • Proposed uses include: AI agent sandboxes, user-supplied transformation scripts stored in databases, embedded scripting for robotics, and safer embedded Python akin to Lua but with Python’s ecosystem.
  • Some are enthusiastic about mobile (iOS/Android) and browser support; maintainers say it is feasible but resource-limited, and patches are welcome.
  • Questions are raised about scheduling/cron jobs, outbound networking for Python apps, and support for frameworks like FastAPI/Starlette/FastHTML; Wasmer representatives claim these are supported or imminent.