You're running JS (an 'interpreted', managed language) - it's already intentionally designed to be executed in a sandbox. Unless you provide hooks out to the host system, it can't do anything bad. With mquickjs, the untrusted code can't even overflow your heap or take too much execution time.
If you were running untrusted C or something, it would make more sense to add the WASM layer.
I'm having trouble finding a library for running v8 isolates from Node.js or Python doesn't include a warning in the README not to use it to run untrusted code.
You're running JS (an 'interpreted', managed language) - it's already intentionally designed to be executed in a sandbox. Unless you provide hooks out to the host system, it can't do anything bad. With mquickjs, the untrusted code can't even overflow your heap or take too much execution time.
If you were running untrusted C or something, it would make more sense to add the WASM layer.