Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@candlecorp/browser_wasi_shim
Advanced tools
A pure javascript shim for WASI
Implementation status: A subset of wasi_snapshot_preview1 is implemented. The rest either throws an exception, returns an error or is incorrectly implemented.
Usage
npm install @bjorn3/browser_wasi_shim --save
import { WASI, File, OpenFile, PreopenDirectory } from "@bjorn3/browser_wasi_shim";
let args = ["bin", "arg1", "arg2"];
let env = ["FOO=bar"];
let fds = [
new OpenFile(new File([])), // stdin
new OpenFile(new File([])), // stdout
new OpenFile(new File([])), // stderr
new PreopenDirectory(".", {
"example.c": new File(new TextEncoder("utf-8").encode(`#include "a"`)),
"hello.rs": new File(new TextEncoder("utf-8").encode(`fn main() { println!("Hello World!"); }`)),
}),
];
let wasi = new WASI(args, env, fds);
let wasm = await WebAssembly.compileStreaming(fetch("bin.wasm"));
let inst = await WebAssembly.instantiate(wasm, {
"wasi_snapshot_preview1": wasi.wasiImport,
});
wasi.start(inst);
Building
$ npm install
$ npm run build
Running tests
This project uses playwright to run tests in a browser using WebAssembly built from the Wasmtime project.
To clone wasmtime and build the test WebAssembly, run:
$ npm test:build
Once the WebAssembly is built, you can run the tests with:
$ npm test
Running the demo
The demo requires the wasm rustc artifacts and the xterm js package. To get them run:
$ git submodule update --init
$ cd examples && npm install
Run the demo with a static web server from the root of this project:
$ npx http-server
And visit http://127.0.0.1:8080/examples/rustc.html in your browser.
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.
FAQs
A pure javascript shim for WASI
We found that @candlecorp/browser_wasi_shim demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025