Hi folks, I built Afterburner: a fast, embeddable JavaScript/TypeScript runtime in Rust with a capability sandbox built in. Every script runs sealed by default - no network, no filesystem, no env - and you grant capabilities explicitly, with hard fuel, memory, and timeout caps per call.

It's built to slot into what you already do, not replace it:

- Embed a JS/TS engine in a Rust program with one crate: run user scripts, plugins, rules, or edge logic, each call sandboxed. - Wrap the toolchain you already have: `burn node app.js`, `burn npm test`, `burn bun`, `burn deno run`, `burn npx tsx`. It is not a node/npm replacement; it runs them under the sandbox. Take an unmodified Express/Fastify/Hono app and run it with zero I/O and a memory ceiling. - Publish and install through its own registry (registry.afterburner.sh): `burn publish` / `burn install` / `burn add`, with dependencies pinned by content digest. Every package ships its capability manifest, so installed code is sandboxed by default, and it interops with npm so you can still vendor npm libraries.

Because every script runs with no ambient authority, it's also a clean way to run untrusted code without having to trust it.

Repo: https://github.com/afterburner-sh/afterburner Site: https://afterburner.sh Registry: https://registry.afterburner.sh

The full feature tour, how it works, and the benchmarks (up to ~16.8M rows/sec) are all in one post, and it's the best way to see what it does, so give it a read: https://vertexclique.com/blog/burn-after-reading/

Note: source-available under BSL-1.1 (converts to Apache-2.0 four years after each release). It's free to use and self-host for your own projects, so go build with it.