micropython-wasm

Simon Willison has been building developer tools for over a decade—Datasette, LLM, sqlite-utils, the works. He loves plugins as a mechanism for extending software because they let you try wild ideas without touching the core application. There's just one problem: his plugin systems all use Python and Pluggy, which means plugin code executes with full privileges. A buggy or malicious plugin could wipe everything or leak private data. So he built micropython-wasm, an alpha package that runs MicroPython inside a WebAssembly sandbox.

This isn't your average sandbox. micropython-wasm enforces strict resource limits and maintains persistent interpreter state, so you can run untrusted code in an environment that literally cannot read unapproved files, connect to a network, or do anything risky to your application or the user's machine. He's already using it for datasette-agent-micropython, a code execution sandbox plugin for Datasette Agent. The vision: scheduled jobs that fetch JSON from approved locations, run a tiny bit of code to reformat it, and insert rows into a SQLite database—all without handing that code the keys to your entire system.

WebAssembly is the security boundary people have been promising for years, and Simon just shipped a working implementation. If you build any software that runs user code, this is the foundation you've been waiting for. The future of safe plugin execution just got a whole lot closer.