It raises the interesting question of what is the best isolation for a browser side sandbox.

Running a worker.

Running a worker running a js implementation.

Running a worker running a wasm module running a js implementation (quickjs) running some passed code.

Running a worker running what kyu build runs.

And then of course the possibility of a environment where you pass it an integer n and it geneates n levels of. Nested layers with a randomly chosen implementation at each layer.

Security by obfuscurity, is that a thing?

Might be fun to implent the kyu wasm files as an executable format on my dumb cli idea. https://lerc.neocities.org/

(Kyu seems to fight my autocorrect wanting to turn it into you)