A JavaScript/Wasm server runtime powering Cloudflare Workers, workerd enables self-hosting of Workers-compatible applications, local development, and programmable HTTP proxying. It offers high performance and composability for server-side applications, targeting developers and organizations seeking efficient, standards-based execution environments.

How It Works

workerd is built on "server-first" principles, utilizing web platform standards like fetch(). Its "nanoservices" architecture decouples components for independent deployment while maintaining local-call performance. "Homogeneous deployment" simplifies load balancing by distributing all nanoservices across cluster machines. "Capability bindings" enhance security by preventing SSRF attacks and improving code composability. Backward compatibility is ensured through configurable compatibilityDate settings.

Quick Start & Requirements

Building from source requires Bazel, specific versions of Clang/LLVM (19+ on Linux), libc++ (19+), LLD (19+), Python 3, and Tcl 8.6. macOS requires Xcode 16.3. Windows requires App Installer/winget and specific scripts. Prebuilt binaries are available via npm (npx workerd), requiring glibc 2.35+ (Linux), macOS 13.5+, Xcode command line tools, and specific CPU extensions. Local development is supported with Wrangler (v3.0+). Production deployment examples using systemd are provided.

Highlighted Details

• Nanoservices achieve the "performance of a local function call."
• Capability bindings make code "immune to SSRF attacks."
• Guaranteed backward compatibility via compatibilityDate.
• Supports use as an application server, development tool, or programmable HTTP proxy.

Maintenance & Community

No specific details on contributors, sponsorships, or community channels were found in the provided text.

Licensing & Compatibility

The license type and any associated restrictions are not explicitly stated in the provided README snippet.

Limitations & Caveats

workerd itself is not a hardened sandbox. Running potentially malicious code necessitates an external secure sandbox, such as a virtual machine, due to the possibility of implementation bugs.