// ~/zerovm $ ./boot --headline

Run real Linux in the browser. x86 → WebAssembly, on the user's machine.

ZeroVM is a full x86 virtualization sandbox that boots unmodified Linux binaries client-side — no plugins, no install, no backend VMs. Untrusted code executes inside the browser's WASM sandbox on the end user's device, so it never touches your servers and their data never leaves the machine. Drop in the SDK and you have a Linux box on a web page in under ten lines.

Launch live demo ▸ Read the docs

Boots Debian to a shell in <900ms · JIT x86→WASM · runs offline after first load.

user@zerovm: ~

// ~/zerovm $ man architecture

How it doesn't trust anything.

Zero-trust isn't a policy you bolt on. It's the architecture. Your page hands a binary to the sandbox; everything after that boundary runs on your user's hardware. There is no network path back to your servers — by construction, not by configuration.

Boot the hero terminal and this diagram lights up in lockstep.

// ~/zerovm $ ls -la /capabilities

Six parts, one sandbox.

$ JIT engine

~2–4× over interpreted

Translates x86 to WebAssembly on the fly; hot blocks stay cached so loops run near-native.

$ Overlay FS on IndexedDB

persists across reloads

A copy-on-write overlay over a read-only base image; writes land in IndexedDB and survive refreshes.

$ HTTP-streamed disk images

50MB+, streamed on demand

Boot from a remote rootfs without downloading it whole; blocks fetch lazily as the VM reads them.

$ Networking

WebSocket / tunnel

Outbound networking via a WebSocket gateway or Tailscale-style tunnel — opt-in, off by default.

$ Persistent state

snapshot & resume

Freeze a running machine to disk and resume it later, exactly where the user left off.

$ Full TTY

real PTY + ANSI

A complete pseudo-terminal: job control, signals, colors, and curses apps just work.

// ~/zerovm $ cat example.{js,ts,jsx}

Five lines to a Linux VM.

Install the SDK, point it at a disk image, run a binary, and pipe it to your terminal of choice. That's the whole integration.

            
            import { ZeroVM } from "@zerovm/sdk";
const vm = new ZeroVM({ image: "https://cdn.zerovm.io/debian-12.img" });
await vm.boot();                          // streams + JITs on demand
const term = vm.attach(document.getElementById("term"));
await vm.run("/bin/bash", { tty: term }); // a real shell, on the user's machine
          
            import { ZeroVM, BootOptions } from "@zerovm/sdk";
const opts: BootOptions = { image: "https://cdn.zerovm.io/debian-12.img" };
const vm: ZeroVM = new ZeroVM(opts);
await vm.boot();                          // streams + JITs on demand
const term = vm.attach(document.getElementById("term")!);
await vm.run("/bin/bash", { tty: term }); // a real shell, on the user's machine
          
            import { useZeroVM } from "@zerovm/react";

export function Sandbox() {
  const { ref, ready } = useZeroVM({ image: "/debian-12.img", boot: "/bin/bash" });
  return <div ref={ref} className="term" data-ready={ready} />;
}

// ~/zerovm $ ps aux | grep use-case

What teams run inside it.

USER PID %CPU COMMAND DESCRIPTION

zerovm10010.4in-browser-ide Full IDEs and dev environments that boot in a tab — no remote workspace to provision.

zerovm10020.3coding-education Interactive lessons where every student gets a real, isolated Linux box.

zerovm10030.9detonate-untrusted Run and inspect sketchy binaries safely — the blast radius is one browser tab.

zerovm10040.2native-app-demo Ship a live demo of your native app on your marketing site, no download.

zerovm10050.5legacy-modernize Wrap a legacy x86 app in a URL instead of a VDI fleet.

zerovm10060.6ci-sandbox Ephemeral, client-side CI shells for PR previews and checks.

zerovm10070.3tech-interview Candidates code in a real terminal you can watch — nothing to install.

// ~/zerovm $ ./bench --honest

Fast enough to be the real thing.

<900ms

cold boot to interactive shell

~2–4×

JIT throughput vs. interpreted x86

0 bytes

of user data sent to our servers

* Measured on an M2 / Chrome 124 with a warm CDN cache, from page load to an interactive shell prompt.

// ~/zerovm $ cat /security/posture.md

The sandbox is the perimeter.

For the security team

Untrusted code runs only in the browser's WASM sandbox, on the end user's device.
No data egress by default — networking is opt-in.
The threat model is small and explicit: the sandbox boundary is the trust boundary.

For the engineer

MIT-licensed SDK core.
Deterministic, reproducible boot.
Snapshot/restore for repeatable test states.

SOC 2 Type II — in progress Sandbox-escape bounty — live Runs in Chrome · Firefox · Safari · Edge

We don't claim certifications we don't hold yet.

Embed Linux in your product this afternoon.

Get the SDK ▸ Talk to us