LSP.js: Using Wasm and Javascript to support OCaml on Windows
Semgrep now supports Windows for our VSCode and IntelliJ extensions. We did this by transpiling OCaml to Javascript, and C to Wasm. This post details the saga of how we did it.
Here at Semgrep, we make a super fast SAST tool that users can run locally from their command line. We publish Semgrep binaries for Linux and macOS, but not Windows. While Windows users are able to work around this limitation by using Windows Subsystem for Linux (WSL), this comes with a new set of problems: complicated setup, performance penalties, and organizations that flat-out disallow WSL on their machines.
While it’s common for Windows shops to have a docker-based CI pipeline (meaning they can scan their code with Semgrep in a docker container), these folks wouldn't be able to run Semgrep locally - either for pre-commit, or while coding in the IDE!Ultimately, we want every developer to benefit from Semgrep as early as possible in the development process, regardless of their environment.
Forcing Windows developers to wait until CI time to get feedback from Semgrep isn't great - we've worked hard to build a product that surfaces findings that are accurate and easy to action on, so our goal is to be able to inform every developer of security issues while they code, not just after the fact.
