Simon Willison released micropython-wasm, an alpha library that enables secure, sandboxed execution of Python code by leveraging MicroPython within a WebAssembly runtime. The developer created this tool to address security concerns when running third-party plugins in his Datasette ecosystem, which previously permitted unrestricted host system access. By utilizing WebAssembly (a portable binary format for safe, high-performance execution), the library allows code to run in a constrained environment without file system or network access unless explicitly authorized.

The project relies on the wasmtime library to execute WebAssembly binaries. To manage persistent interpreter states across multiple calls, the system uses a threaded message queue where the host manages execution requests. The MicroPython interpreter blocks waiting for new input through host functions, allowing variables to remain resident in memory. This approach solves the overhead of restarting the interpreter for every individual instruction while maintaining strict CPU and memory boundaries.

The library is now available as an alpha release on PyPI, with an included command-line interface for testing execution limits, such as forcing an exit when a script exhausts its allocated fuel (a mechanism for limiting execution operations in wasmtime). Willison tested the sandbox using GPT-5.5 to attempt breakout attacks, reporting that the implementation maintained its constraints under these conditions. The project is currently used in the datasette-agent-micropython plugin, which allows users to perform data transformations and run code securely within the Datasette Agent platform.

Simon Willison released micropython-wasm, an alpha library that enables secure, sandboxed execution of Python code by leveraging MicroPython within a WebAssembly runtime. The developer created this tool to address security concerns when running third-party plugins in his Datasette ecosystem, which previously permitted unrestricted host system access. By utilizing WebAssembly (a portable binary format for safe, high-performance execution), the library allows code to run in a constrained environment without file system or network access unless explicitly authorized.

The project relies on the wasmtime library to execute WebAssembly binaries. To manage persistent interpreter states across multiple calls, the system uses a threaded message queue where the host manages execution requests. The MicroPython interpreter blocks waiting for new input through host functions, allowing variables to remain resident in memory. This approach solves the overhead of restarting the interpreter for every individual instruction while maintaining strict CPU and memory boundaries.

The library is now available as an alpha release on PyPI, with an included command-line interface for testing execution limits, such as forcing an exit when a script exhausts its allocated fuel (a mechanism for limiting execution operations in wasmtime). Willison tested the sandbox using GPT-5.5 to attempt breakout attacks, reporting that the implementation maintained its constraints under these conditions. The project is currently used in the datasette-agent-micropython plugin, which allows users to perform data transformations and run code securely within the Datasette Agent platform.