#Plugins architecture with Tauri

Implementing an extension system can be a daunting task, depending on how much you care about your users security

For the frontend it can be enough to just run eval on the text response you get. You said it's text not actual js, but that's wrong, it's actual js, running js is just a matter of passing text to the eval function, there's no magic involved with making a custom uri scheme for that beyond that then it'd be fed to eval via a script tag

You also have to consider whether your app is gonna run as a web app as well. If so then a service worker might be appropriate to add, because then you can use the remote URL's to the scripts even in the Tauri end, and use the service worker to intercept the requests and instead resolve them from a local source

Importing a class is by no means sufficient when it comes to sandboxing execution anyway. You'll need to run the scripts inside iframes and rely on postMessage to communicate with the parent process in order for things to be secure

Like I said, this topic can become an incredibly deep rabbit hole of security questions depending on how much you care about users safety

I'd recommend not caring initially

Make something that works, then change it

An iframe approach with postMessage is the sort of thing that VSCode uses

Then you gotta take care of retrieving the extensions as well, verifying checksums and such

It's a lovely hole to travel down

It can definitely 100% be accomplished, there just aren't any premade solutions for an extension system you can build on so you really gotta take care of every minute detail yourself currently and to some degree know what you're doing for it to end up being safe for people to use

React and Vue can definitely happen fully in the browser but yea Svelte I'm not so sure about

HOWEVER

If you make your extension system based on all components being premade, which you probably should anyway, then the extension developer could use Svelte, and all you really support is vanilla JS/HTML/CSS loading from a folder

So you're basically doing like Tauri, focus on vanilla support, so you're frontend agnostic, so developers can use whatever they want