This looks very promising!<p>The problem I most want to solve with this kind of library is execution of untrusted user-provided code in a sandbox.<p>For that I need three things:<p>1. Total control over what APIs the user's code can call. I don't want their code being able to access the filesystem, or run subprocesses, or make network calls - not without me explicitly allowing a controlled subset of those things.<p>2. Memory limits. I need to be able to run code without fear that it will attempt to allocate all available memory on my computer - generally that means I want to be able to set e.g. a 128MB maximum on the amount it can use.<p>3. Time limits. I don't want someone to be able to paste "while true() {}" into my system and consume an entire CPU thread in an infinite loop. Usually I want to say something like "run this untrusted code and throw an error if it takes more than 1s to run"<p>My most recent favourite solution to this is the <a href="https://pypi.org/project/quickjs/" rel="nofollow">https://pypi.org/project/quickjs/</a> Python library wrapper around QuickJS, which offers those exact features that I want - memory limits, control over what the code can do, and a robust time limit.<p>(The one thing it's missing is good documentation, but the <a href="https://github.com/PetterS/quickjs/blob/master/test_quickjs.py">https://github.com/PetterS/quickjs/blob/master/test_quickjs....</a> test suite covers all of those features and is quite readable.)<p>Can PyMiniRacer handle those requirements as well?
On a related note, Brython lets you run Python in the browser through JavaScript. You can even see Python in the HTML with “text/python” SCRIPT tags.<p><a href="https://brython.info/" rel="nofollow">https://brython.info/</a>
I'm always excited by the idea of rendering jsx from Python in the same process. Mostly as a bridge between eg. an existing Django app and full SPA React land. You'd swap out the scrappy Django string templating with jsx, then once a page passes some frontend interaction complexity threshold shift it over entirely (with shared components between both). Could this project help achieve this or are imports/build processes etc too much of an impediment?
There's also <a href="https://pyodide.org/en/stable/" rel="nofollow">https://pyodide.org/en/stable/</a>