npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@wasm-sandbox/runtime

v1.3.0

Published

wasm-sandbox runtime

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

guyoungguyoung

Keywords

wasmwebassemblywasisandbox

Readme

@wasm-sandbox/runtime

npm version npm downloads License

English / 简体中文

@wasm-sandbox/runtime is a high-performance, secure WebAssembly sandbox package for Node.js. Built on the WebAssembly Component Model and WASI (WebAssembly System Interface), it provides Capability-based security to ensure your host environment remains protected.

The package allows you to execute WebAssembly modules in a restricted environment with granular control over file system access, network requests, environment variables, and computational resources (memory, CPU fuel, and execution time).

Note: This package does not support running a Core WebAssembly module directly. You can use wasm-tools to convert a Core wasm module into a WebAssembly Component.

Features

  • 🛡️ Capability-based Security: Strict control over file I/O and outbound HTTP/network requests.
  • 🌐 HTTP Hosting: Native support for running Wasm-based HTTP services inside the sandbox.
  • High Performance: Powered by Rust (via NAPI-RS) with support for AOT (Ahead-of-Time) compilation caching.
  • ⚖️ Resource Quotas: Limits for memory usage, stack size, execution fuel, and timeouts.

Installation

npm install @wasm-sandbox/runtime

Quick Start

1. Run a CLI-based Wasm Module (run)

Ideal for executing one-off tasks or command-line tools.

const { run } = require('@wasm-sandbox/runtime');

run({
  wasmFile: './my_app.wasm',
  args: ['arg1', 'arg2'],
  // Capability: Map host directory to guest
  mapDirs: [{ key: './host-data', value: '/data' }],
  // Capability: Allow access to specific domains
  allowedOutboundHosts: ['https://api.github.com'],
  // Resource Limits
  wasmTimeout: 30, // 30 seconds timeout
  wasmMaxMemorySize: 1024 * 1024 * 64, // 64MB memory limit
});

2. Start a Wasm HTTP Server (serve)

Ideal for running Cloud-Native or Serverless HTTP handlers written in Wasm.

const { serve } = require('@wasm-sandbox/runtime');

serve({
  wasmFile: './http_handler.wasm',
  ip: '0.0.0.0',
  port: 8080,
  envVars: {
    'NODE_ENV': 'production'
  },
  // Block specific network ranges
  blockNetworks: ['192.168.0.0/16'],
  // Pre-set data for WASI Key-Value API
  keyvalueVars: [{ key: 'cache_size', value: '100' }]
});

Configuration Options

Security & Capabilities

  • workDir: Grants access to a host directory as the guest's root directory.
  • mapDirs: Fine-grained directory mapping (e.g., mapping ./usr/hello on the host to /hello in the sandbox).
  • allowedOutboundHosts: A whitelist for network destinations. Supports wildcards like https://*.example.com or *://localhost:*.
  • blockNetworks: A blacklist for IP networks to prevent the Wasm module from accessing sensitive internal infrastructure.

Resource Constraints

  • wasmFuel: Enables the "fuel" mechanism. Wasm instructions consume fuel; the module traps once it runs out, preventing infinite loops.
  • wasmMaxMemorySize: Sets the maximum size (in bytes) that the linear memory is allowed to reach.
  • wasmMaxWasmStack: Limits the maximum stack size to prevent stack overflow.
  • wasmTimeout: Maximum execution time in seconds before the module is terminated.

Performance Optimization

  • wasmCacheDir: Directory for storing precompiled *.cwasm files. Enabling this significantly reduces startup time for subsequent runs.

Supported Platforms

Thanks to NAPI-RS, this package supports the following platforms and architectures:

  • Windows (x64, arm64)
  • macOS (x64, arm64)
  • Linux (x64, arm64, both glibc and musl)

Requirements

  • Node.js >= 12.22.0

License

MIT

Repository: https://github.com/guyoung/wasm-sandbox-node