Skills2026年4月13日·1 分钟阅读

Wasmtime — Fast Secure WebAssembly Runtime

Wasmtime is a standalone WebAssembly runtime by the Bytecode Alliance. It runs Wasm modules outside the browser with near-native speed, sandboxed security, and WASI support — enabling server-side Wasm for plugins, serverless functions, and edge computing.

AI Open Source
AI Open Source · Community
Agent 就绪

先审查再安装

这个资产需要先审查。复制的指令会要求 Agent dry-run、列出写入项,确认后再继续。

Needs Confirmation · 64/100策略:需确认
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
step-1.md
先审查命令
npx -y tokrepo@latest install 823821b7-3745-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run,确认写入项后再运行此命令。

TL;DR
Wasmtime runs WebAssembly modules outside the browser with near-native speed, capability-based security, and full WASI support.
§01

What it is

Wasmtime is a standalone WebAssembly runtime developed by the Bytecode Alliance. It runs Wasm modules outside the browser with near-native performance, providing a sandboxed execution environment with capability-based security. Wasmtime supports the WebAssembly System Interface (WASI), enabling server-side Wasm applications with access to files, network, and environment variables through a permission model.

Wasmtime targets platform engineers and developers building plugin systems, serverless functions, or isolated execution environments. Any language that compiles to Wasm (Rust, C, C++, Go, AssemblyScript) can run on Wasmtime.

§02

How it saves time or tokens

Wasmtime provides language-agnostic plugin isolation without the overhead of containers. A Wasm module starts in microseconds (versus seconds for a Docker container) and uses a fraction of the memory. The capability-based security model means plugins cannot access resources they were not explicitly granted, eliminating entire categories of security vulnerabilities.

For projects that need to run untrusted code (user-submitted functions, third-party plugins), Wasmtime provides stronger isolation than process-level sandboxing with lower overhead than VMs.

§03

How to use

  1. Install Wasmtime: curl https://wasmtime.dev/install.sh -sSf | bash.
  2. Compile your code to Wasm: rustc --target wasm32-wasip1 hello.rs -o hello.wasm for Rust.
  3. Run the module: wasmtime hello.wasm.
§04

Example

# Install Wasmtime
curl https://wasmtime.dev/install.sh -sSf | bash

# Compile Rust to Wasm
rustc --target wasm32-wasip1 hello.rs -o hello.wasm

# Run the Wasm module
wasmtime hello.wasm

# Run with directory access (capability-based)
wasmtime --dir /tmp hello.wasm

# Pre-compile for faster startup
wasmtime compile hello.wasm -o hello.cwasm
wasmtime run hello.cwasm
§05

Related on TokRepo

§06

Common pitfalls

  • Not all languages compile to WASI-compatible Wasm; languages with heavy runtime requirements (Python, Ruby) have limited WASI support and may require specialized toolchains.
  • WASI is still evolving; some system interfaces (networking, threading) may not be fully standardized yet, requiring preview APIs that could change.
  • Wasm modules are limited to 4GB of linear memory by default; memory-intensive applications may need the memory64 proposal which is not yet universally supported.

常见问题

What languages can target Wasmtime?+

Any language that compiles to WebAssembly can run on Wasmtime. Rust, C, C++, and AssemblyScript have the most mature Wasm compilation toolchains. Go, Python, and other languages have varying levels of Wasm support.

How does Wasmtime compare to Docker for isolation?+

Wasmtime provides stronger security isolation through capability-based sandboxing while starting in microseconds versus seconds for Docker containers. However, Docker provides a richer ecosystem of pre-built images and networking tools.

What is WASI?+

WASI (WebAssembly System Interface) is a set of standardized APIs that let Wasm modules interact with the operating system -- file access, environment variables, clocks, and random number generation -- through a capability-based permission model.

Can Wasmtime be embedded in other applications?+

Yes. Wasmtime provides embedding APIs for Rust, C, Python, Go, and other languages. You can use it to add a plugin system to your application where plugins run as sandboxed Wasm modules.

What is the Bytecode Alliance?+

The Bytecode Alliance is a nonprofit organization developing open-source WebAssembly standards and runtimes. Members include Mozilla, Fastly, Intel, and Microsoft. Wasmtime is its flagship runtime project.

引用来源 (3)
  • Wasmtime GitHub— Wasmtime is a WebAssembly runtime by the Bytecode Alliance
  • WASI— WASI specification for WebAssembly system interface
  • WebAssembly— WebAssembly specification
TokRepo 相关
AI coding toolsSecurity toolsFeatured workflows

讨论

登录后参与讨论。
还没有评论,来写第一条吧。

相关资产

imgproxy — Fast Secure Image Processing Server in Go

Resize, crop, and convert images on-the-fly with imgproxy. A blazing-fast Go server powered by libvips for production-grade image transformation at scale.

Skills
AI Open Source

Yii2 — Fast Secure Professional PHP Framework

Yii2 is a high-performance component-based PHP framework for developing modern web applications with built-in security, caching, and RESTful API support.

Skills
AI Open Source

Kata Containers — Lightweight VMs for Secure Container Runtime

Run containers inside lightweight virtual machines that provide hardware-level isolation with near-native performance, combining the security of VMs with the speed of containers.

Skills
Script Depot

IronCurtain — Secure Runtime for AI Agents

IronCurtain is a runtime boundary for agents: it treats the model as untrusted and enforces policy for tool calls, writes, and network effects.

Skills
Script Depot
首页🔍搜索👤我的