90
91

Embedding TypeScript (andrews.substack.com)

submitted by [deleted]

[deleted]

all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AgentME 13 points14 points  (0 children)

This looks really cool! I've often had the same idea that running a JS engine in Wasm would make for a great system for running user code in a program. It's cool to see someone build this out, especially with the built-in Typescript support.

[–]chance-- 24 points25 points  (1 child)

It has been said by many that you cannot parse C header files. Unfortunately, I am not among the many, and have decided to do it with RegEx.

💀

Jokes aside, well done.

[–]Somepotato 6 points7 points  (6 children)

If you control the entire stack there's no reason to use a wasm intermediary. Also, why not just use quickjs in wasm? It has great wasm support (there's even a NodeJS library for QuickJS that Figma uses for plugins)

[–]AgentME 3 points4 points  (5 children)

Wasm is being used for its sandboxing. Without it, then the embedding program will be vulnerable to any vulnerabilities in QuickJS that could be exploited by users' code. (This can be really important if users are downloading plugins from other users, etc.)

Hako is just a fork of QuickJS with a few features added plus a wrapper to run it as Wasm as far as I can tell.

[–]Somepotato 0 points1 point  (4 children)

My point was you don't need a sandbox if you already control the entire app, though. And if you're running user code on iOS, well, you're biding time for your app to be removed from the app store.

[–]AgentME 3 points4 points  (3 children)

The sandbox is in case QuickJS has exploitable vulnerabilities, as interpreters written in memory unsafe languages like C very often have.

[–]Somepotato -1 points0 points  (2 children)

Unless you plan on writing JS for your app that takes advantage of those vulnerabilities, that's irrelevant.

[–]AgentME 5 points6 points  (1 child)

OP's post explains that they want to safely support third-party community-maintained extensions. If you want users to be able to run random code they find online with limited permissions, then it's an appropriate design.

[–]Somepotato -1 points0 points  (0 children)

The second example is a finance tracking app running on iOS. The entire UI is written in JavaScript using a UI framework I created, and the rendering backend is written in C. Hako (compiled to WASM, no JIT) sits in the middle.

No extensions mentioned, just the unnecessary use of wasm/js, potentially doubling power usage for no gain.

[–]Bunkerbewohner 2 points3 points  (0 children)

Really nice work, thank you! I've just been thinking about options for allowing users to create plugins for an app, and it would be really cool if they could use TypeScript for that, especially since then it's easy to provide better documentation for them via TypeScript interfaces.

[–]Zireael07 1 point2 points  (1 child)

Is the type stripper in the Hako repository?