Server-Side WebAssembly you own this product

Lightweight apps with Wasm

Danilo Chiarlone

MEAP began October 2024
Last updated October 2025
Publication in December 2025 (estimated)

ISBN 9781633436206
272 pages (estimated)

Included with a Manning Online subscription

printed in black & white

available in Korean

catalog / Programming Languages and Styles / System Programming

table of content

1 Introduction to Wasm on the server

1.1 What is the server-side and where does Wasm fit in?

1.2 The advantages of Wasm for server-side development

1.2.1 Language-agnosticism

1.2.2 Performance

1.2.3 Hardware-agnosticism

1.2.4 Security

1.2.5 Standards-based and vendor neutrality

1.3 When and where to use Wasm (and when not to)

1.4 How to navigate this book

1.5 Summary

PART 1: WEBASSEMBLY FOR ARCHITECTS

2 Building server-side applications with Wasm modules

2.1 Understanding Wasm’s building blocks

2.2 Understanding the guest-host architecture of server-side Wasm

2.3 Creating a Wasm app using Rust

2.3.1 Creating a Rust library project

2.3.2 Specifying compilation to a Wasm module

2.3.3 Writing the code for our application

2.3.4 Compiling the Rust code into a Wasm module

2.3.5 Executing the Wasm module with the custom host

2.3.6 Reflecting on the "Hello, World" application

2.4 Building on Wasm’s simple types with WebAssembly Interface Types

2.5 Building the foundation of a smart content management system (CMS)

2.6 Summary

3 Enhancing portability and security with Wasm components

3.1 Benefits of Wasm components

3.1.1 Cross-language portability

3.1.2 Shared-nothing security

3.1.3 Only what-you-need security and improved vulnerability mitigation response

3.2 Building a componentized "Hello, World" guest application with JavaScript

3.2.1 Setting up the project and installing the toolchain

3.2.2 Implementing the component logic

3.2.3 Compiling the Wasm component

3.3 Building a Python host for a JavaScript bundled Wasm component

3.3.1 Setting up the project and installing the toolchain

3.3.2 Implementing the host logic

3.3.3 Running the Python host

3.4 Expanding the example project with Wasm components

3.4.1 Improving the WIT file for the key-value store

3.4.2 Creating the Smart CMS host

3.4.3 Implementing and running a guest Wasm component inside our smart CMS host

3.5 Summary

4 Interfacing Wasm with the underlying system

4.1 The WebAssembly System Interface

4.2 What can you build with WASI?

4.2.1 Creating a CLI Application

4.2.2 Creating Libraries

4.2.3 Creating HTTP proxies

4.3 Converting a Wasm module to a Wasm component

4.4 Managing component capabilities

4.5 Composing components together

4.6 Expanding our example project with WASI and composability

4.7 Summary

5 From machine learning to databases: applications of Wasm

5.1 WebAssembly Standard interfaces

5.2 Machine learning with Wasm

5.2.1 Using wasi-nn

5.3 Running Wasm inside databases

5.3.1 Making Wasm UDFs

5.3.2 Getting Wasm into SQL

5.3.3 Running Wasm UDFs in libSQL

5.4 Improving our example project with wasi nn

5.4.1 Setting up our project

5.4.2 Writing the ML Wasm component

5.4.3 Updating our host to use ONNX for wasi:nn

5.5 Summary

PART 2: WEBASSEMBLY FOR DEVELOPERS

6 Creating production-grade Wasm applications

6.1 Creating a wasmCloud "Hello, World" application

6.2 Adding persistent storage to our Wasm app

6.2.1 Modifying our WIT and wadm manifest

6.2.2 Modifying our application and re-deploying it

6.3 Scaling our wasmCloud application

6.4 Distributing our wasmCloud application

6.5 Another off-the-shelf host: Spin

6.5.1 Creating a Spin "Hello, World" application

6.5.2 Comparing wasmCloud and Spin

6.6 Implementing the example project as a wasmCloud app

6.6.1 Adding persistent storage to the smart CMS

6.6.2 Adding machine learning to the smart CMS

6.7 Summary

7 Introduction to Wasm containers

7.1 Containers vs. Wasm

7.2 Wasm containers

7.3 Running a Wasm container

7.3.1 Setting up containerd and Wasm support

7.3.2 Building and running the Wasm container

7.4 Wasm and the Open Container Initiative

7.4.1 Packaging and publishing Wasm components as OCI images

7.4.2 Inspecting Wasm component OCI images

7.4.3 Pulling and running Wasm OCI images

7.5 wasmCloud and Wasm containers

7.6 Converting Linux containers to Wasm

7.6.1 Introducing container2wasm

7.6.2 Installing container2wasm

7.6.3 Using container2wasm

7.7 Summary

8 Scalability for Wasm with Kubernetes

8.1 Kubernetes and Wasm

8.2 Running Wasm in Kubernetes with SpinKube

8.2.1 Preparing the cluster for SpinKube

8.2.2 Running a Wasm app in Kubernetes with SpinKube

8.2.3 Scaling Wasm in Kubernetes with SpinKube

8.3 Running Wasm in Kubernetes with wasmCloud

8.3.1 Preparing the cluster for wasmCloud

8.3.2 Running a Wasm app in Kubernetes with wasmCloud

8.4 Running the SmartCMS example on Kubernetes

8.4.1 Preparing the SmartCMS image and manifest

8.4.2 Preparing the Ollama dependency

8.4.3 Running the app

8.5 Summary

9 The future of Wasm

9.1 SmartCMS closing remarks

9.2 What’s next for Wasm?

9.2.1 Confidential computing

9.2.2 AI and machine learning

9.2.3 Compute at the edge

9.3 What’s next for WASI?

9.4 Staying in the loop

9.5 Summary

Appendices

Appendix A: Citations

Appendix B: Required tools

B.1 Rust

B.1.1 Target installation

B.1.2 Cargo installs

B.2 Git LFS

B.3 Docker

B.4 JS toolchain

B.5 Python toolchain

B.6 Spin

B.7 Ollama setup

B.8 Regctl

B.9 container2wasm

B.10 Kubernetes setup

Appendix C: Deploying the SmartCMS to Azure Kubernetes Service

C.1 Pre-requisites

C.2 Prepare the cluster

C.3 Deploy the SmartCMS

C.3.1 Deploy the backend components

C.3.2 Deploy the frontend

C.3.3 Configure Ingress

Overview

1 Introduction to Wasm on the server

WebAssembly (Wasm) began as a browser technology to run compute-heavy code at near-native speed and quickly evolved into a portable, secure, and language-agnostic execution format for the server. Rather than a physical CPU target, Wasm acts like a hardware abstraction layer that can be compiled from many languages and executed on any host via a runtime. With the introduction of the WebAssembly System Interface (WASI), Wasm gained a standardized way to interact with operating systems outside the browser, positioning it well across today’s server models—especially container-centric PaaS and serverless FaaS—while remaining standards-based and vendor-neutral.

On the server, Wasm’s key strengths are performance, security, portability, and small footprint. Benchmarks show near-native speed for single-threaded workloads, dramatically faster cold starts than traditional containers, and much smaller artifacts that improve download times and boost workload density in orchestrated environments. Its sandboxed, capability-based model isolates code by default, reducing blast radius for supply-chain risks. Being hardware-agnostic, Wasm enables “build once, run anywhere” across x86_64 and ARM64, and its efficiency makes it a strong fit for edge computing where resources are constrained. Language-wise, Wasm is broadly supportive and lightweight compared to heavyweight VMs, with ongoing proposals such as WasmGC and threads aimed at improving runtimes for garbage-collected and concurrent workloads.

Wasm shines in serverless and edge scenarios where fast startup, portability, and safety matter most, and it is gaining traction for plugins, cross-platform desktop/mobile reuse, microcontrollers, and polyglot systems. However, limitations remain: multi-threading support is still maturing, ecosystem and tooling (including debugging) can be inconsistent, and some language runtimes require extra work or size overhead. For highly concurrent, traditional PaaS services, latency can lag due to limited threading, though horizontal scaling and per-request instance models can mitigate this. Overall, the chapter frames Wasm as a pragmatic new runtime layer: already compelling for modern cloud and edge patterns, rapidly improving through open standards, and advancing toward broader applicability as proposals and tooling mature.

Wasm as an abstraction layer virtualizing over various kinds of hardware.

Compiling to Wasm from various languages.

Java and Wasm's similarities

Running a PHP Wasm without garbage collection application in the browser.

Dockerfiles for a Docker container and a Wasm container

A native (traditional) application security model vs. Wasm's capability-based security model.

Summary

Wasm is akin to an ISA like x86_64, in the sense that your code can target it for compilation. But it is not a real platform, and instead, just virtualizes actual hardware.
Wasm apps can run outside of browser primarily through the Wasm System Interface (WASI) that allows communication with the OS.
Docker supports running two types of containers: the traditional Docker container, and the newly introduced Wasm container.
Wasm's language-agnosticism makes it so that over 40 languages can be compiled to it, but that is a double-edged sword as support for a particular language might not be as mature as it is for others.
While benchmarks show that standalone Wasm apps can be 10-50% faster than containerized apps, real-world applications can struggle due to Wasm's lack of support for multi-threading.
Wasm, when paired with serverless and its scale-to-zero requirement, leads to 80% faster execution times on average when compared to traditional serverless technologies.
A Wasm binary is completely independent of the platform or hardware where it is built and can theoretically run on any system due to its hardware-agnosticism property.
Wasm employs a capability-based security model that restricts the binary to only access the native OS through specific capabilities made available by the Wasm runtime.
Aside from serverless and edge computing, Wasm has found its footing in mobile and desktop applications, microcontrollers, smart contracts, and polyglot programming.
When targeting Wasm, it is commonplace to make sacrifices of particular packages that do not support Wasm.

FAQ

What is WebAssembly (Wasm) and how is it different from a CPU architecture?

Wasm is a portable binary format that acts like a virtual instruction set, not a physical chip. You compile code to Wasm and run it inside a host runtime that translates Wasm instructions to the underlying hardware. Think of it as a hardware abstraction layer and a W3C web standard designed to be a common denominator across architectures.

How does Wasm run on the server outside the browser?

Outside the browser, Wasm runs in a host runtime that implements the WebAssembly System Interface (WASI). Introduced in 2019, WASI defines secure, portable system APIs (files, clocks, networking, etc.), letting Wasm modules interact with the OS while remaining sandboxed.

Where does Wasm fit among IaaS, PaaS, FaaS, and containers?

Wasm is most impactful in container-centric layers—PaaS and FaaS. Its tiny artifacts and fast startup make it ideal for scale-to-zero serverless. Docker’s 2022 Docker+Wasm preview runs Wasm workloads using familiar OCI images and tooling while leveraging a Wasm runtime instead of a full OS userland.

What are the key benefits of Wasm for server-side development?

- Portability: compile once, run anywhere (across x86_64, ARM64, and more). - Performance: near-native execution with cold starts often in microseconds. - Small artifacts and memory footprint: KBs to low MBs, enabling high density. - Security: strong, capability-based sandbox isolation by default. - Standards and vendor neutrality: open W3C/WASI ecosystem avoids lock-in.

How does Wasm performance compare to native apps and containers?

Benchmarks show Wasm is close to native in many cases (about 14% slower than x86_64 for single-threaded workloads). For short-running tasks, Wasm can cold-start ~10x faster than Docker and be 10–50% faster on warm starts. However, a simple HTTP+DB server was ~17x slower than Docker due to Wasm’s current single-threaded nature. Even so, Wasm containers had ~160% faster cold starts and significantly smaller images.

What is the status of multi-threading in Wasm, and how do I handle concurrency today?

Wasm’s threading proposal is in progress; many server runtimes treat Wasm as single-threaded. Today, concurrency is achieved by running many Wasm instances (often one per request) and scaling horizontally with orchestration (e.g., Kubernetes). This mitigates latency limits while retaining fast startup and isolation benefits.

How is Wasm’s language support different from the JVM, and what about garbage collection?

The JVM primarily targets Java-like languages, whereas Wasm is designed to be truly language-agnostic and lightweight. Historically, GC languages had to ship their own runtimes in Wasm. The WasmGC proposal adds host-managed GC reference types, reducing duplication—but language runtimes (e.g., interpreters) still ship pieces they need. Maturity varies by language.

Why are Wasm containers so small, and how do they integrate with existing tooling?

Wasm containers typically start FROM scratch and don’t bundle an OS, so images are just the app plus minimal metadata. They’re OCI-compliant and work with existing registries and tooling (e.g., Docker+Wasm). Smaller images reduce pull times and improve density—e.g., one team shrank a Node.js app from 423MB to 2.4MB, enabling over 50× more workloads per Kubernetes node.

Which use cases are a good fit for Wasm, and when should I avoid it?

Great fits: serverless (scale-to-zero, fast cold starts), edge computing (low memory, cross-CPU), secure plugins, microcontrollers, cross-platform app logic, and some ML workloads (reported speed-ups with less memory). Be cautious for multi-threaded, latency-sensitive PaaS workloads until threading matures, and account for ecosystem gaps (library compatibility, debugging tools).

How does Wasm’s security model reduce risk?

Wasm runs in a memory-safe sandbox and can only access host capabilities explicitly granted (e.g., stdout, specific files, sockets). This capability-based model isolates components by default, limiting blast radius and reducing supply-chain risks common in shared OS environments.

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

pdf, ePub, online

$39.99 $19.99

you save $20.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more

eBook

$39.99 $19.99

you save $20.00 (50%)

eBook

pdf, ePub, online

$39.99 $19.99

you save $20.00 (50%)

pro $24.99 per month

access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
choose one free eBook per month to keep
exclusive 50% discount on all purchases
renews monthly, pause or cancel renewal anytime

lite $19.99 per month

access to all Manning books, including MEAPs!

team

5, 10 or 20 seats+ for your team - learn more