run-wasm: open-source WASM code evaluation

Sep 22, 2021

We're building an easier way to embed and run executable code in the browser via WASM

TL;DR - We started work on an open-source project called run-wasm. Drop by and give it a ⭐️

It's a library that will make it easier for developers to include executable code examples (via wasm) in blog posts, websites, and in the Slip authoring tool. You can play with the tool here:

Remote Code Execution is a pain to get right

Letting users run code on your system is a huge attack vector. Attackers see these systems as opportunities to run malicious code, run up your resource costs, and otherwise mess with you and your business.

When we launched Slip, we let users execute arbitrary code via an API we made. We recently turned that feature off and started work on run-wasm. How our old system worked

  1. Client makes a post request to our api api/python with a payload like {input: "print('hi')"}
  2. API endpoint is an ALB in AWS. The ALB routes the request to an EC2 in it's target group
  3. The EC2s run a FastAPI server which spin up a particular docker container based on the endpoint requested. The execution happens inside a one-off docker container. This part of the process was powered by epicbox
  4. The FastAPI server returns the executed program back through a response like
{'exit_code': 0,
 'stdout': b'hi',
 'stderr': b'',
 'duration': 0.143358,
 'timeout': False,
 'oom_killed': False}

It was the part of our stack we iterated on the least. It was painful to make changes to this system because it had so many moving parts. FastAPI server, infrastructure for spinning up the AWS resources, downloading and running the FastAPI code, adding new docker containers, dealing with cloud formation etc. Additionally, there was always a looming feeling of what happens if the service goes down? Would we wake up with an enormous AWS bill one day? Would our authors be mad that their students can't take their courses?

An image from Notion
Crude drawing of our old code execution system

The amount of executions we saw which were just attempts at doing malicious activities were surpisingly high.

We want to allow free interactive tutorials on our platform, and we'd like the cost of running our product scale well for free users. So we decided to move away from the docker based system and find a better, more scalable way of delivering interactive code executions

Enter WASM

WASM is cool. Lot's of incredibly interesting projects are built with it (like StackBlitz, which runs full-stack web dev projects right in your browser!).

It's powerful, and there are already a bunch of languages that can compile to wasm.

Using WASM would allow us to scale to millions of users at no additional cost on the code execution side. It also allows us to freely let anyone run code on the platform.

We started looking around for a system that would allow us to easily run many of these languages. We didn’t find much.

So we put together a wishlist:

  1. Library should have an API which allows you to select a language, run code in that language, and return whatever the code execution produced
  2. Library should come bundled with a code editor for easy integration on websites. It can be a pain to manually bring in your own web based code editor
  3. The editor should be easily themable
  4. The library should allow you to use any WASM based language of your choice
  5. There should be an easy way to include libraries and/or packages for each language

Building open-source

We decided to open-source this project. Our mission is to build the best way for developers to share instructional programming knowledge.

We love open-source projects and rely on them everyday at Slip! (Notably Next.js and Supabase). We love the idea of building something the entire dev community can benefit from, not just those on our platform.

We launched run-wasm a week ago and folks have already added code editor support, and support for using Python libraries like pandas and numpy!

We’d love your help!

Drop by our repo and give us a star!

Or better yet, come contribute to the code and help build a better way to share programming knowledge!