Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
A complete and mature WebAssembly runtime for Python based on Wasmer.
Features:
wasmer
API mimics the standard WebAssembly API,wasmer
executes the WebAssembly modules as fast as
possible, close to native speed,wasmer
can compile the WebAssembly modules with
different engines or compiler.Documentation: browse the detailed API documentation full of examples.
Examples as tutorials: browse the examples/
directory,
it's the best place for a complete introduction!
The wasmer
package brings the required API to execute WebAssembly
modules. In a nutshell, wasmer
compiles the WebAssembly module into
compiled code, and then executes it. wasmer
is designed to work in
various environments and platforms: From nano single-board computers
to large and powerful servers, including more exotic ones. To address
those requirements, Wasmer provides 2 engines and 3 compilers.
Succinctly, an engine is responsible to drive the compilation and
the execution of a WebAssembly module. By extension, a headless
engine can only execute a WebAssembly module, i.e. a module that has
previously been compiled, or compiled, serialized and deserialized. By
default, the wasmer
package comes with 2 headless engines:
wasmer.engine.JIT
, the compiled machine code lives in memory,wasmer.engine.Native
, the compiled machine code lives in a shared
object file (.so
, .dylib
, or .dll
), and is natively executed.Because wasmer
does not embed compilers in its package, engines are
headless, i.e. they can't compile WebAssembly module; they can only
execute them. Compilers live in their own standalone packages. Let's
briefly introduce them:
We generally recommend wasmer_compiler_cranelift
for development
purposes and wasmer_compiler_llvm
in production.
Learn more by reading the documentation of the wasmer.engine
submodule.
To install the wasmer
Python package, and let's say the
wasmer_compiler_cranelift
compiler, just run those commands in your shell:
$ pip install wasmer==1.1.0
$ pip install wasmer_compiler_cranelift==1.1.0
And you're ready to get fun!
We highly recommend to read the
examples/
directory, which contains a sequence of examples/tutorials. It's the
best place to learn by reading examples.
But for the most eager of you, and we know you're numerous you
mischievous, there is a quick toy program in
examples/appendices/simple.rs
, written in Rust:
#[no_mangle]
pub extern fn sum(x: i32, y: i32) -> i32 {
x + y
}
After compilation to WebAssembly, the
examples/appendices/simple.wasm
binary file is generated. (Download
it).
Then, we can execute it in Python:
from wasmer import engine, Store, Module, Instance
from wasmer_compiler_cranelift import Compiler
# Let's define the store, that holds the engine, that holds the compiler.
store = Store(engine.JIT(Compiler))
# Let's compile the module to be able to execute it!
module = Module(store, open('simple.wasm', 'rb').read())
# Now the module is compiled, we can instantiate it.
instance = Instance(module)
# Call the exported `sum` function.
result = instance.exports.sum(5, 37)
print(result) # 42!
And then, finally, enjoy by running:
$ python examples/appendices/simple.py
The Python extension is written in Rust, with pyo3
and
maturin
.
First, you need to install Rust and Python. We will not make you the
affront to explain to you how to install Python (if you really need,
check pyenv
). For Rust though, we
advise to use rustup
, then:
$ rustup install stable
To set up your environment, you'll need just
, and then, install
the prelude of this project:
$ cargo install just
$ just --list # to learn about all the available recipes
$ just prelude
It will install pyo3
and maturin
for Python and for Rust. It will
also install virtualenv
.
Then, simply run:
$ source .env/bin/activate
$ just build api
$ just build compiler-cranelift
$ python examples/appendices/simple.py
We try to provide wheels for as many platforms and architectures as possible. For the moment, here are the supported platforms and architectures:
Platform | Architecture | Triple | Packages | |
---|---|---|---|---|
Linux | amd64 | x86_64-unknown-linux-gnu | wasmer | ✅ |
wasmer_compiler_singlepass | ✅ | |||
wasmer_compiler_cranelift | ✅ | |||
wasmer_compiler_llvm | ✅ | |||
aarch64 | aarch64-unknown-linux-gnu | wasmer | ✅ | |
wasmer_compiler_singlepass | ❌ 1 | |||
wasmer_compiler_cranelift | ✅ | |||
wasmer_compiler_llvm | ✅ | |||
Darwin | amd64 | x86_64-apple-darwin | wasmer | ✅ |
wasmer_compiler_singlepass | ✅ | |||
wasmer_compiler_cranelift | ✅ | |||
wasmer_compiler_llvm | ✅ | |||
Windows | amd64 | x86_64-pc-windows-msvc | wasmer | ✅ |
wasmer_compiler_singlepass | ✅ | |||
wasmer_compiler_cranelift | ✅ | |||
wasmer_compiler_llvm | ❌ 2 |
Notes:
wasmer_compiler_singlepass
does not support
aarch64
for the momentwasmer_compiler_llvm
is not packaging properly on
Windows for the momentWheels are all built for the following Python versions:
py3-none-any
wheelpy3-none-any.whl
A special wasmer-$(version)-py3-none-any
wheel is built as a
fallback. The wasmer
libray will be installable, but it will raise
an ImportError
exception saying that “Wasmer is not available on
this system”.
This wheel will be installed if none matches before (learn more by reading the PEP 425, Compatibility Tags for Built Distributions).
Build all the packages and run the tests:
$ just build-all
$ just test
Quoting the WebAssembly site:
WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable target for compilation of high-level languages like C/C++/Rust, enabling deployment on the web for client and server applications.
About speed:
WebAssembly aims to execute at native speed by taking advantage of common hardware capabilities available on a wide range of platforms.
About safety:
WebAssembly describes a memory-safe, sandboxed execution environment […].
The entire project is under the MIT License. Please read the
LICENSE
file.
FAQs
Python extension to run WebAssembly binaries
We found that wasmer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.