Server-Side WebAssembly you own this product

Lightweight apps with Wasm

Danilo Chiarlone

MEAP began October 2024
Last updated October 2025
Publication in December 2025 (estimated)

ISBN 9781633436206
272 pages (estimated)

Included with a Manning Online subscription

printed in black & white

available in Korean

catalog / Programming Languages and Styles / System Programming

table of content

1 Introduction to Wasm on the server

1.1 What is the server-side and where does Wasm fit in?

1.2 The advantages of Wasm for server-side development

1.2.1 Language-agnosticism

1.2.2 Performance

1.2.3 Hardware-agnosticism

1.2.4 Security

1.2.5 Standards-based and vendor neutrality

1.3 When and where to use Wasm (and when not to)

1.4 How to navigate this book

1.5 Summary

PART 1: WEBASSEMBLY FOR ARCHITECTS

2 Building server-side applications with Wasm modules

2.1 Understanding Wasm’s building blocks

2.2 Understanding the guest-host architecture of server-side Wasm

2.3 Creating a Wasm app using Rust

2.3.1 Creating a Rust library project

2.3.2 Specifying compilation to a Wasm module

2.3.3 Writing the code for our application

2.3.4 Compiling the Rust code into a Wasm module

2.3.5 Executing the Wasm module with the custom host

2.3.6 Reflecting on the "Hello, World" application

2.4 Building on Wasm’s simple types with WebAssembly Interface Types

2.5 Building the foundation of a smart content management system (CMS)

2.6 Summary

3 Enhancing portability and security with Wasm components

3.1 Benefits of Wasm components

3.1.1 Cross-language portability

3.1.2 Shared-nothing security

3.1.3 Only what-you-need security and improved vulnerability mitigation response

3.2 Building a componentized "Hello, World" guest application with JavaScript

3.2.1 Setting up the project and installing the toolchain

3.2.2 Implementing the component logic

3.2.3 Compiling the Wasm component

3.3 Building a Python host for a JavaScript bundled Wasm component

3.3.1 Setting up the project and installing the toolchain

3.3.2 Implementing the host logic

3.3.3 Running the Python host

3.4 Expanding the example project with Wasm components

3.4.1 Improving the WIT file for the key-value store

3.4.2 Creating the Smart CMS host

3.4.3 Implementing and running a guest Wasm component inside our smart CMS host

3.5 Summary

4 Interfacing Wasm with the underlying system

4.1 The WebAssembly System Interface

4.2 What can you build with WASI?

4.2.1 Creating a CLI Application

4.2.2 Creating Libraries

4.2.3 Creating HTTP proxies

4.3 Converting a Wasm module to a Wasm component

4.4 Managing component capabilities

4.5 Composing components together

4.6 Expanding our example project with WASI and composability

4.7 Summary

5 From machine learning to databases: applications of Wasm

5.1 WebAssembly Standard interfaces

5.2 Machine learning with Wasm

5.2.1 Using wasi-nn

5.3 Running Wasm inside databases

5.3.1 Making Wasm UDFs

5.3.2 Getting Wasm into SQL

5.3.3 Running Wasm UDFs in libSQL

5.4 Improving our example project with wasi nn

5.4.1 Setting up our project

5.4.2 Writing the ML Wasm component

5.4.3 Updating our host to use ONNX for wasi:nn

5.5 Summary

PART 2: WEBASSEMBLY FOR DEVELOPERS

6 Creating production-grade Wasm applications

6.1 Creating a wasmCloud "Hello, World" application

6.2 Adding persistent storage to our Wasm app

6.2.1 Modifying our WIT and wadm manifest

6.2.2 Modifying our application and re-deploying it

6.3 Scaling our wasmCloud application

6.4 Distributing our wasmCloud application

6.5 Another off-the-shelf host: Spin

6.5.1 Creating a Spin "Hello, World" application

6.5.2 Comparing wasmCloud and Spin

6.6 Implementing the example project as a wasmCloud app

6.6.1 Adding persistent storage to the smart CMS

6.6.2 Adding machine learning to the smart CMS

6.7 Summary

7 Introduction to Wasm containers

7.1 Containers vs. Wasm

7.2 Wasm containers

7.3 Running a Wasm container

7.3.1 Setting up containerd and Wasm support

7.3.2 Building and running the Wasm container

7.4 Wasm and the Open Container Initiative

7.4.1 Packaging and publishing Wasm components as OCI images

7.4.2 Inspecting Wasm component OCI images

7.4.3 Pulling and running Wasm OCI images

7.5 wasmCloud and Wasm containers

7.6 Converting Linux containers to Wasm

7.6.1 Introducing container2wasm

7.6.2 Installing container2wasm

7.6.3 Using container2wasm

7.7 Summary

8 Scalability for Wasm with Kubernetes

8.1 Kubernetes and Wasm

8.2 Running Wasm in Kubernetes with SpinKube

8.2.1 Preparing the cluster for SpinKube

8.2.2 Running a Wasm app in Kubernetes with SpinKube

8.2.3 Scaling Wasm in Kubernetes with SpinKube

8.3 Running Wasm in Kubernetes with wasmCloud

8.3.1 Preparing the cluster for wasmCloud

8.3.2 Running a Wasm app in Kubernetes with wasmCloud

8.4 Running the SmartCMS example on Kubernetes

8.4.1 Preparing the SmartCMS image and manifest

8.4.2 Preparing the Ollama dependency

8.4.3 Running the app

8.5 Summary

9 The future of Wasm

9.1 SmartCMS closing remarks

9.2 What’s next for Wasm?

9.2.1 Confidential computing

9.2.2 AI and machine learning

9.2.3 Compute at the edge

9.3 What’s next for WASI?

9.4 Staying in the loop

9.5 Summary

Appendices

Appendix A: Citations

Appendix B: Required tools

B.1 Rust

B.1.1 Target installation

B.1.2 Cargo installs

B.2 Git LFS

B.3 Docker

B.4 JS toolchain

B.5 Python toolchain

B.6 Spin

B.7 Ollama setup

B.8 Regctl

B.9 container2wasm

B.10 Kubernetes setup

Appendix C: Deploying the SmartCMS to Azure Kubernetes Service

C.1 Pre-requisites

C.2 Prepare the cluster

C.3 Deploy the SmartCMS

C.3.1 Deploy the backend components

C.3.2 Deploy the frontend

C.3.3 Configure Ingress

Overview

1 Introduction to Wasm on the server

WebAssembly began as a way to run high‑performance code safely in the browser, but with the introduction of WASI it has become a portable, standards‑based runtime for the server as well. Rather than being tied to a specific chip, Wasm acts like a hardware‑agnostic instruction set that hosts translate to native code, making the same binary runnable across machines and environments. This portability aligns naturally with today’s server‑side landscape—spanning IaaS, PaaS, FaaS, containers, and the edge—where Wasm modules can be packaged and orchestrated similarly to containers while remaining smaller, quicker to start, and more isolated by default.

The chapter highlights Wasm’s core strengths: language‑agnostic compilation, lightweight runtimes, and a capability‑based sandbox that tightly controls access to the host system. In practice, these traits translate to near‑native performance in many scenarios, dramatically faster cold starts, tiny artifacts that boost workload density, and seamless execution across architectures like x86_64 and ARM64. These qualities make Wasm particularly compelling for serverless and edge computing, where startup latency, memory footprint, and portability matter most, and its open, vendor‑neutral standards reduce lock‑in while enabling consistent deployment across cloud, on‑prem, and edge environments.

At the same time, the chapter is clear about trade‑offs and where Wasm shines today. It excels for short‑lived functions, event‑driven and edge workloads, plugins, and polyglot or cross‑platform applications, and it is gaining traction even on microcontrollers. Current limitations include immature multi‑threading support and uneven ecosystem maturity, which can affect latency under heavy concurrency and complicate library compatibility and debugging. These gaps are being addressed through active proposals (such as threads and garbage‑collection support) and practical patterns like scaling via many short‑lived instances, positioning Wasm as a powerful complement to—rather than a wholesale replacement for—traditional containers and platforms.

Wasm as an abstraction layer virtualizing over various kinds of hardware.

Compiling to Wasm from various languages.

Java and Wasm's similarities

Running a PHP Wasm without garbage collection application in the browser.

Dockerfiles for a Docker container and a Wasm container

A native (traditional) application security model vs. Wasm's capability-based security model.

Summary

Wasm is akin to an ISA like x86_64, in the sense that your code can target it for compilation. But it is not a real platform, and instead, just virtualizes actual hardware.
Wasm apps can run outside of browser primarily through the Wasm System Interface (WASI) that allows communication with the OS.
Docker supports running two types of containers: the traditional Docker container, and the newly introduced Wasm container.
Wasm's language-agnosticism makes it so that over 40 languages can be compiled to it, but that is a double-edged sword as support for a particular language might not be as mature as it is for others.
While benchmarks show that standalone Wasm apps can be 10-50% faster than containerized apps, real-world applications can struggle due to Wasm's lack of support for multi-threading.
Wasm, when paired with serverless and its scale-to-zero requirement, leads to 80% faster execution times on average when compared to traditional serverless technologies.
A Wasm binary is completely independent of the platform or hardware where it is built and can theoretically run on any system due to its hardware-agnosticism property.
Wasm employs a capability-based security model that restricts the binary to only access the native OS through specific capabilities made available by the Wasm runtime.
Aside from serverless and edge computing, Wasm has found its footing in mobile and desktop applications, microcontrollers, smart contracts, and polyglot programming.
When targeting Wasm, it is commonplace to make sacrifices of particular packages that do not support Wasm.

FAQ

What is WebAssembly (Wasm) and how does it relate to hardware architectures?

Wasm is a portable binary instruction format similar in spirit to an instruction set architecture (ISA) like x86_64 or ARM64, but it isn’t tied to a physical CPU. Think of it as a hardware abstraction layer: you compile to Wasm once, and a host runtime translates it to native instructions for the underlying machine.

How did Wasm move from the browser to the server, and what is WASI?

Wasm began in the browser (standardized by the W3C in 2017) to run high‑performance code safely at near‑native speed. In 2019, the WebAssembly System Interface (WASI) arrived, defining an OS interface that runtimes can implement so Wasm modules can run outside the browser, with the host runtime providing controlled access to system resources.

Where does Wasm fit among IaaS, PaaS, and Serverless (FaaS), and what’s its relationship to containers?

Wasm shines in PaaS and FaaS, where containers dominate. It can run inside “Wasm containers” that use OCI images and tooling, benefiting from smaller artifacts, faster cold starts, and strong isolation. This makes Wasm attractive for microservices, serverless, and edge computing scenarios.

What are the key advantages of Wasm for server-side development?

- Performance: near‑native execution with very fast cold starts and low memory overhead.
- Security: a capability-based sandbox that isolates untrusted code by default.
- Portability: compile once, run anywhere (hardware- and language-agnostic).
- Density and size: tiny artifacts enable higher workload density (e.g., in Kubernetes).
- Vendor neutrality: open standards (Wasm/WASI) help avoid cloud or platform lock‑in.

How does Wasm performance compare to native binaries and traditional containers?

Studies show Wasm can be within ~14% of native for single-threaded workloads. For short-running tasks, Wasm often starts 10x faster than Docker and can be 10–50% faster even on warm starts. For long-lived, concurrent HTTP workloads, current single-threading can hurt latency compared to Docker; however, Wasm still offers superior cold starts and smaller artifacts.

Why are Wasm artifacts so small, and how does that affect cold starts and density?

Wasm containers typically package only the application (no OS layer), often yielding MB-scale images versus 100s of MBs for traditional containers. This reduces pull time and improves cold starts (e.g., ~160% faster in one study) and enables higher density; real-world cases report 50x more workloads per node after moving to Wasm.

Does Wasm support multi-threading? How do teams handle concurrency today?

Native multi-threading for Wasm on the server is still evolving. Today, runtimes commonly handle concurrency by spinning up many lightweight Wasm instances (one per request) and scaling horizontally (e.g., via Kubernetes). This mitigates the lack of threads while preserving Wasm’s isolation and startup speed.

How is Wasm different from the JVM with respect to language support and garbage collection?

The JVM primarily targets Java and JVM‑style languages, while Wasm is truly language‑agnostic, well-suited to C/C++/Rust/Zig. Historically, GC languages had to ship their own runtimes inside the Wasm module. The WasmGC proposal adds host-managed GC reference types, reducing duplication and improving support for GC languages over time.

What security benefits does Wasm provide on the server?

Wasm runs in a memory-safe sandbox and can only access the host via explicitly granted capabilities (e.g., stdout, files, network). This sharply reduces the attack surface compared to native processes with broad syscall access and helps contain supply-chain risks by isolating components from each other.

When should I use Wasm on the server—and when might I avoid it?

Use Wasm for serverless and edge workloads (fast cold starts, tiny memory footprint), plugins, microcontrollers, and cross-platform apps. Be cautious for thread-heavy, traditional PaaS services until threading matures; mitigate by scaling horizontally. Expect some ecosystem gaps (package compatibility, debugging tools), which are improving as Wasm/WASI proposals advance.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$39.99 $25.99

you save $14.00 (35%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$39.99 $25.99

you save $14.00 (35%)

eBook

pdf, ePub, online

$39.99 $25.99

you save $14.00 (35%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more