The workerd runtime “shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more portable to other environments,” said Cloudflare’s Kenton Varda, tech lead for Cloudflare Workers. The code is on GitHub under the Apache 2.0 license.
Although it shares code with Cloudflare Workers, Varda notes that the “full Cloudflare Workers service involves a lot of technology beyond workerd itself,” covering security, orchestration and more, so this does not mean that the entire platform is open source. Nevertheless, the existence of the runtime means that developers writing code for Cloudflare Workers can also run the code locally, or self-hosted, or on other services, reducing the risk of lock-in.
“When one Worker explicitly sends a request to another Worker, the destination Worker actually runs in the same thread with zero latency,” Varda explained.
This is great for performance but not for security. A workerd worker is designed so that it cannot access resources to which it has not been granted access, but is not secure against bugs or vulnerabilities in either workerd itself or in the V8 engine. Therefore, additional security is required, said Varda, and the security pieces in Cloudflare Workers are not part of the open source release. Cloudflare is therefore still protecting its investment in the platform.
The capabilities of the runtime are extensive. It can be used as a web server, or as a forward or reverse proxy, or as a local development server. The API is designed to match the “same standard APIs found in browsers,” said Varda, so that web developers can easily transition to writing server-side code.
Varda has responded to some questions on this Hacker News thread, which also includes some positive comments from developers. “Our small tech shop has been using Workers since Jan 2020. Leaving behind the monstrous and intimidating world of AWS, I simply couldn’t contain my excitement … it is almost comical (or diabolical, depending) that none of the Big3 have bothered competing with them. It is only the upstarts like Bun, Deno, SecondState, Kalix (Lightbend) and others that are keeping Cloudflare honest,” said one.
A key benefit of workerd is that “it allows for a new development model where you split your application into smaller components,” said Varda, adding that “it’s also just a lot easier to deploy code on Workers than it is to manage servers on traditional cloud providers.”