The code in spectre.c won't compile or work on JS or WASM because it uses high-precision timing intrinsics not available in the browser sandbox. It was possible to exploit performance.now(), but all browsers have released updates which reduce precision of perf.now() dramatically.
May be there are other time sources lurking somewhere in the browser which could be exploited, but the article is just spreading FUD.
Joke's on them, my chrome browsers performance.now() already hat crappy millisecond precision ever since I've built my PC a few months ago.
There is no cache flushing in asm.js or wasm, so a key component of the example spectre.c, "mm_clflush()" is a no-op.
Even if the example were to compile, I don't see how it would work as is. It might be possible to attempt an alternative attack where you attempt stuff the cache and determined what got evicted, but that is a different attack and certainly not in the vein of "just recompile your c/c++ based exploits for the web".