WebVM

Run a full Linux virtual machine entirely in your browser using WebAssembly — no server required.

17Kstars
3.2Kforks
Apache License 2.0
JavaScript

WebVM is a server-less Linux virtual machine that runs entirely in the browser using WebAssembly and the CheerpX virtualization engine. It executes unmodified x86-64 Debian and Alpine Linux binaries — including native compilers, interpreters, and system tools — without any backend, making it possible to deliver complete Linux environments as a static web page.

Powered by CheerpX’s x86-to-WebAssembly JIT compiler, WebVM provides a full Linux ABI-compatible sandbox with a virtual block-based filesystem, Linux syscall emulation, and xterm.js terminal emulation. Tailscale integration via WebSocket transport allows the browser VM to join private networks and route internet traffic through exit nodes, enabling real networking without a server proxy.

WebVM ships with Claude AI integration, allowing users to supply an Anthropic API key and interact with the Linux environment through natural language. The AI agent has access to a bash tool for executing commands directly in the sandboxed VM and, in graphical Alpine mode, a computer-use tool for screenshot-based visual interaction. This makes WebVM a compelling platform for AI-assisted CTF challenges, debugging sessions, and interactive tutorials.

Deployment is designed for simplicity: fork the GitHub repository, enable GitHub Pages, run the Deploy workflow, and your custom Linux environment is live. Disk images are built from Dockerfiles via GitHub Actions, enabling teams to ship tailored Linux environments — Python REPLs, C compilers, Node.js runtimes — as zero-install web applications.

What You Get

  • x86-to-WebAssembly JIT execution - CheerpX compiles x86-64 instructions to WebAssembly at runtime, enabling unmodified Debian and Alpine Linux binaries — including GCC, Python, Node.js, and Ruby — to run at near-native speed inside any modern browser with no plugins.
  • Tailscale VPN networking - Connect the browser VM to your private Tailscale network via WebSocket transport, gaining access to all machines in your tailnet. With an exit node configured, the VM can reach the public internet without any server proxy.
  • Claude AI integration with bash and computer-use tools - Provide an Anthropic API key to unlock an in-browser AI agent that can execute commands directly in the sandboxed Linux VM, capture terminal output, and in graphical mode use screenshot-based computer-use to interact with the X11 desktop.
  • Custom disk images via Dockerfile - Define your Linux environment in a Dockerfile, run the included GitHub Actions Deploy workflow, and get a shareable URL backed by a custom .ext2 disk image — supporting Debian mini, Alpine, Python REPLs, C compilers, and more.
  • Graphical Alpine / Xorg / i3 desktop - Beyond the terminal, WebVM supports a full graphical desktop environment using Alpine Linux, Xorg, and the i3 window manager, rendered in-browser via CheerpX’s display API and accessible at webvm.io/alpine.html.
  • GitHub Pages one-click deploy - Fork the repository, enable GitHub Pages with the GitHub Actions source, and run the Deploy workflow — no infrastructure required. Every build is immutable, guaranteeing that a working deployment stays working indefinitely.
  • Headscale support for self-hosted control servers - Run your own Tailscale control server with Headscale and point WebVM at it via the controlUrl URL fragment parameter, keeping all networking infrastructure under your control.

Common Use Cases

  • Interactive browser-based Python REPL - Change the Dockerfile CMD from /bin/bash to /usr/bin/python3, run the Deploy workflow, and share a URL that drops visitors directly into a Python interpreter with no installation required.
  • AI-assisted CTF challenge platform - Deploy a WebVM instance with a challenge binary, integrate Claude AI, and let participants interact with the binary through natural language — the AI executes commands in the sandboxed environment and explains results.
  • Zero-install developer onboarding environment - Ship a custom Dockerfile with your project’s toolchain pre-installed, giving new contributors a fully functional Linux development environment accessible via a single URL, eliminating local setup friction.
  • Secure private-network browser terminal - Use Tailscale to connect the browser VM into a private tailnet, giving remote workers or contractors a browser-based terminal with access to internal services without exposing SSH ports or installing VPN clients.
  • Embedded Linux tutorials in educational platforms - Integrate WebVM into LMS systems or documentation sites to deliver hands-on Linux command-line lessons, where students interact with a real shell rather than a simulated environment.
  • Serverless security sandboxing - Run untrusted or experimental binaries in the CheerpX sandbox, isolated from the host OS and network, for malware analysis or safe execution of unknown code.

Under The Hood

Architecture WebVM uses a layered SvelteKit-based architecture where the frontend orchestrates a black-box WebAssembly virtualization engine. The main WebVM.svelte component coordinates three distinct subsystems — terminal I/O via xterm.js, VM lifecycle management through CheerpX’s JavaScript API, and AI interaction through the Anthropic SDK — communicating through Svelte reactive stores that propagate CPU activity, disk latency, AI state, and network status to the sidebar UI. The SideBar component declaratively renders a configurable tab system using an array-driven icon manifest, cleanly separating navigation from tab content. Configuration is externalized through swappable JS config files resolved at build time via Vite aliases, enabling the same codebase to serve terminal and graphical deployment targets. SvelteKit’s static adapter and server-side load functions handle blog metadata scraping at build time, making the entire deployment a static artifact.

Tech Stack The frontend is built with Svelte 4 and SvelteKit 2 using a static adapter for fully client-side deployment, with Vite 5 orchestrating the build. The virtualization engine is CheerpX — distributed as an NPM package by Leaning Technologies — providing x86-to-WebAssembly JIT compilation, virtual block-based filesystem, and Linux syscall emulation. Terminal emulation uses xterm.js 5 with fit and web-links addons. Networking integrates Tailscale’s WebSocket transport with lwIP as the TCP/IP stack, compiled via the Cheerp C++-to-WebAssembly compiler. AI integration uses the Anthropic SDK targeting Claude 3.7 Sonnet with computer-use and bash tool betas. Blog post metadata is scraped server-side using node-html-parser during the SvelteKit build phase. Styling uses Tailwind CSS 3 with PostCSS. Disk images are served over WebSocket from disks.webvm.io in production.

Code Quality No test files exist anywhere in the repository — no test framework is configured and no testing scripts appear in package.json. Error handling is inconsistent: the Anthropic integration has structured try/catch with specific 401 handling and Plausible analytics event tracking for errors, but the VM orchestration code relies primarily on CheerpX’s internal error surfacing. The codebase is entirely JavaScript with no TypeScript, and no ESLint, Prettier, or other quality tooling is configured. Component organization is adequate, with concerns separated into focused Svelte files for each sidebar tab, though WebVM.svelte accumulates substantial responsibility bridging terminal, VM lifecycle, activity monitoring, and UI coordination. Naming conventions are clear and consistent within modules.

What Makes It Unique WebVM’s defining technical achievement is executing unmodified x86-64 Linux binaries entirely in a browser tab via CheerpX’s JIT compiler, with no server executing any code on behalf of the user. The combination of virtual block-based filesystem, full Linux ABI syscall emulation, and WebSocket-backed Tailscale VPN networking in a purely client-side context is genuinely novel — enabling private network access from a sandboxed browser VM without any backend proxy. The Claude AI integration goes beyond a chat interface: it provides the AI with a bash tool that captures command output via a sentinel-based terminal parsing mechanism, and in graphical mode a computer-use tool that captures canvas screenshots and synthesizes mouse/keyboard events via CheerpX’s display API. This makes WebVM one of the few platforms where an AI agent can interactively operate a real Linux environment running entirely in the browser.

Self-Hosting

WebVM’s source code is released under the Apache License 2.0, which is a permissive open-source license. You may freely use, modify, and redistribute the repository code for any purpose, including commercial use, without copyleft obligations — forks and derivative works do not need to be released under the same license. However, the license terms make an important distinction: the CheerpX engine itself, which powers the virtualization, is a proprietary product developed by Leaning Technologies. The Apache 2.0 license covers the WebVM frontend and tooling, while CheerpX’s public deployment at cheerpx.io is free for individual exploration, testing, and personal use only. Any organizational use — including non-profit, academic, and public sector — requires a commercial license from Leaning Technologies.

Running WebVM yourself requires serving a static build plus access to disk images. For local development, you clone the repository, build with npm, and serve via Nginx with appropriate headers for SharedArrayBuffer (COOP/COEP). Disk images (.ext2 files) are either downloaded from the GitHub releases or built from Dockerfiles using the included GitHub Actions workflow. In production, the public deployment streams disk images over WebSocket from disks.webvm.io; if you self-host, you are responsible for hosting these potentially large binary files and handling the WebSocket streaming yourself. There are no databases, authentication systems, or stateful backends to manage — the entire runtime is client-side.

Compared to a managed cloud Linux environment or a traditional VPS, self-hosting WebVM trades SLA guarantees and support contracts for complete client-side isolation and zero server costs per user. You gain full control over the Linux environment and networking configuration, but you take on responsibility for keeping disk images updated, managing Tailscale or Headscale configuration, and handling CheerpX licensing compliance. Organizations wanting to build products on CheerpX/WebVM should contact Leaning Technologies for commercial licensing options, as the engine itself is not open source.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search