sodapopcan
Looking for thoughts on using Lua for allowing backend scripting
I’m experimenting with ways to allow backend scripting for a web app. Lua seemed like an obvious choice and I found Lua (an Elixir package with a semi-confusing name) which is built off of Robert Virding’s luerl. Lua (the package) is quite nice in that it’s not just a wrapper. It has a nice API for exposing Elixir data to Lua scripts and importantly handles sandboxing.
I admittedly don’t have a clear question here, I’m mostly just wondering if anyone has any experience doing this and if it’s a terrible idea or not. I’m thinking of a usercase like Shopify’s legacy scripts where they let you just write plain Ruby, giving you limited access to objects for accomplishing things like creating more complex discounts than its UI can provide. I’m just experimenting to learn here and (probably) not trying to build my own Shopify ![]()
Most Liked
jstimps
One thing to be on the lookout for luerl’s max_reductions and max_time options. Not only do you want to sandbox certain capabilities, but you likely want to protect against infinite loops and unbounded memory growth, or any other resources that could be exploited.
Have fun, I personally love luerl, big fan ![]()
davydog187
One other thing worth mentioning, is that Robert has expressed interest in merging my library into Luerl. I have a few things that I want to agree on with him before this happens, but I am certainly interested in doing so.
As for Dune and Mini-Elixir, I think these are really interesting projects! I’ve chatted with Anthony at Sequin at length about Mini-Elixir, and I am quite interested in experimenting with them.
However, for my use case of using Lua as a compilation target, there are a lot of shortcuts I can take with outputting a object-oriented, mutable language. My hunch is that outputting Elixir would be a much more challenging task due to needing to track variables and propagating state, where with Lua, this can be hidden with method calls, etc.
To that end, I would love to have a different sandboxed language that was readable, an easy compilation target, and had great error messages. I’m not married to Lua, so I’m open to the possibility of switching.
With that being said, I get personal joy out of working on both Lua and Luerl, and I hope to see those libraries improve and grow!
danj
Dave Lucia has talked about extensively using luerl for his product at tvlabs.ai to enable customer scripting. I was present for the codeBEAM talk given by Dave and Robert and the approach is compelling. My takeaway is that it is a good solution.








