Show HN: QuickBEAM β run JavaScript as supervised Erlang/OTP processes
44 points - yesterday at 9:03 PM
QuickBEAM is a JavaScript runtime embedded inside the Erlang/OTP VM.
If youβre building a full-stack app, JavaScript tends to leak in anyway β frontend, SSR, or third-party code.
QuickBEAM runs that JavaScript inside OTP supervision trees.
Each runtime is a process with a `Beam` global that can: - call Elixir code - send/receive messages - spawn and monitor processes - inspect runtime/system state
It also provides browser-style APIs backed by OTP/native primitives (fetch, WebSocket, Worker, BroadcastChannel, localStorage, native DOM, etc.).
This makes it usable for: - SSR - sandboxed user code - per-connection state - backend JS with direct OTP interop
Notable bits:
- JS runtimes are supervised and restartable - sandboxing with memory/reduction limits and API control - native DOM that Erlang can read directly (no string rendering step) - no JSON boundary between JS and Erlang - built-in TypeScript, npm support, and native addons
QuickBEAM is part of Elixir Volt β a full-stack frontend toolchain built on Erlang/OTP with no Node.js.
Still early, feedback welcome.
Comments
2. can the BEAM scheduler pre-empt the JS processes?
3. How is memory garbage collected? Do the JS processes garbage collect for each individual process?
4. Are values within JS immutable?
5. If they are not immutable, are there risk for memory errors? And if there is a memory error, would it crash the JS process without crashing the rest of the system?
I'm interested to hear about your sandboxing approach running untrusted JS code. So you are setting an memory/reduction limit to the process which 100% is a good idea. What other defense-in-depth strategies are you using? possible support for seccomp in the future?
https://github.com/ityonemo/yavascript
glad to see someone do a fuller implementation!