Best of WebAssemblyDecember 2025

  1. 1
    Article
    Avatar of denoDeno·18w

    Deno 2.6: dx is the new npx

    Deno 2.6 introduces dx, a new command for running package binaries similar to npx. The release adds granular permission controls with --ignore-read and --ignore-env flags, integrates tsgo for faster type checking, and supports source phase imports for WebAssembly. New features include deno audit for security vulnerability scanning, --require flag for CommonJS preloading, and improved dependency management with deno approve-scripts. The release enhances Node.js compatibility with @types/node included by default, numerous API fixes across crypto, fs, process, and sqlite modules, and better bundler support for different platforms. Additional improvements include transferable web streams, native source map support, and V8 14.2 upgrade.

  2. 2
    Article
    Avatar of fasterthanlifasterthanli.me·17w

    My gift to the rustdoc team

    Arborium is a new open-source project that brings tree-sitter-based syntax highlighting to Rust documentation. It bundles 96 language grammars into Rust crates that compile to both native and WebAssembly targets. The project offers three integration approaches: a JavaScript/WASM script for immediate use on docs.rs, a rustdoc PR to add native highlighting support, and a post-processor that adds highlighting to existing HTML documentation with minimal size overhead. The solution addresses long-standing limitations in docs.rs by providing accurate, comprehensive syntax highlighting without requiring full documentation rebuilds.

  3. 3
    Article
    Avatar of cloudflareCloudflare·18w

    Python Workers redux: fast cold starts, packages, and a uv-first workflow

    Cloudflare Python Workers now support any Pyodide-compatible package with significantly faster cold starts than competitors. Using memory snapshots and WebAssembly architecture, Workers achieve 2.4x faster cold starts than AWS Lambda and 3x faster than Google Cloud Run when loading common packages. The platform integrates with uv for package management through pywrangler tooling, enabling easy deployment of Python applications globally. Technical innovations include memory snapshot restoration, careful entropy handling for randomness, and function pointer table management to eliminate Python initialization overhead during cold starts.

  4. 4
    Article
    Avatar of securityboulevardSecurity Boulevard·19w

    Undetected Firefox WebAssembly Flaw Put 180 Million Users at Risk

    A stack buffer overflow vulnerability in Firefox's WebAssembly implementation went undetected for six months, affecting over 180 million users across versions 143-145. The flaw, caused by a pointer arithmetic error in garbage collection logic, passed code review and regression testing before being discovered by Aisle's AI-driven analyzer. Mozilla patched the high-severity issue (CVE-2025-13016, CVSS 7.5) within two weeks of disclosure. The vulnerability could have allowed arbitrary code execution when WebAssembly arrays triggered specific memory pressure conditions during garbage collection.

See all WebAssembly archives