Cloudflare previews workerd, an open source JavaScript/Wasm runtime for ‘nanoservices’

Cloudflare has released workerd in beta, an open-source JavaScript/Wasm (WebAssembly) runtime based on the same code as Cloudflare Workers, a serverless platform which runs on the company’s content delivery network, the aim being low-latency for users in any region.

The workerd runtime “shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more portable to other environments,” said Cloudflare’s Kenton Varda, tech lead for Cloudflare Workers. The code is on GitHub under the Apache 2.0 license.

Although it shares code with Cloudflare Workers, Varda notes that the “full Cloudflare Workers service involves a lot of technology beyond workerd itself,” covering security, orchestration and more, so this does not mean that the entire platform is open source. Nevertheless, the existence of the runtime means that developers writing code for Cloudflare Workers can also run the code locally, or self-hosted, or on other services, reducing the risk of lock-in.

The workerd runtime is not just V8 (the JavaScript engine used by Chrome and Node.js) running in a container. Rather, “workerd is a nanoservice runtime,” said Varda. A workerd function or “isolate” is much lighter weight than a container, because multiple workers run in the same process, even though each has its own isolated code and global scope.

“When one Worker explicitly sends a request to another Worker, the destination Worker actually runs in the same thread with zero latency,” Varda explained.

This is great for performance but not for security. A workerd worker is designed so that it cannot access resources to which it has not been granted access, but is not secure against bugs or vulnerabilities in either workerd itself or in the V8 engine. Therefore, additional security is required, said Varda, and the security pieces in Cloudflare Workers are not part of the open source release. Cloudflare is therefore still protecting its investment in the platform.

The capabilities of the runtime are extensive. It can be used as a web server, or as a forward or reverse proxy, or as a local development server. The API is designed to match the “same standard APIs found in browsers,” said Varda, so that web developers can easily transition to writing server-side code.

Varda has responded to some questions on this Hacker News thread, which also includes some positive comments from developers. “Our small tech shop has been using Workers since Jan 2020. Leaving behind the monstrous and intimidating world of AWS, I simply couldn’t contain my excitement … it is almost comical (or diabolical, depending) that none of the Big3 have bothered competing with them. It is only the upstarts like Bun, Deno, SecondState, Kalix (Lightbend) and others that are keeping Cloudflare honest,” said one.

A key benefit of workerd is that “it allows for a new development model where you split your application into smaller components,” said Varda, adding that “it’s also just a lot easier to deploy code on Workers than it is to manage servers on traditional cloud providers.”

Why JavaScript/Wasm rather than other languages such as Java, .NET or Python? “Containers are just too heavy to support the nanoservices model … JavaScript and Wasm are really the only viable options we have for something lighter-weight that meets our isolation needs. Other language VMs are generally not designed nor battle-tested for this sort of fine-grained isolation use case,” Varda stated.