Reference

JavaScript / ECMAScript

Cloudflare Workers use the V8 JavaScript engine from Google Chrome. The Workers runtime is updated at least once a week, to at least the version that is currently used by Chrome’s stable release. This means you can safely use latest JavaScript features, with no need for “transpilers”.

Standard APIs

This is a summary of the JavaScript APIs available to Cloudflare Worker scripts, and links to their documentation on MDN. Cloudflare currently implements a subset of these APIs, as shown on this table. We are adding support for more APIs all the time – let us know if we’re missing one you need.

API Support
ECMAScript Builtins Everything supported by current Google Chrome stable release.
eval() and new Function() are disallowed for security reasons.
WebAssembly is currently disabled (stay tuned).
Date.now() returns the time of last I/O; it does not advance during code execution.
Service Worker API "fetch" event
Web Global APIs Base64 utility methods
Timers1
Encoding API UTF-8
URL API http://, https:// schemes
Fetch API1 fetch(), Headers, Request, and Response classes
(some features inapplicable to the edge, such as CORS-related properties, are not implemented)
Streams API1 ReadableStream class (enough to support the Fetch API)
WritableStream class (constructed via TransformStream)
TransformStream class (zero-argument constructor)
Web Crypto API Cryptographically-secure random number generation1
Digest (SHA family)
Sign and verify (HMAC with SHA family)
Encrypt and decrypt (AES-GCM, AES-CBC)
Key derivation (PBKDF2)
Raw key import/export for all of the above algorithms

  1. Some APIs are only available inside a request context. A request context is active during a "fetch" event callback, and, if you pass a Response promise to FetchEvent.respondWith(), any asynchronous tasks which run before the Response promise has settled. Any attempt to use such APIs during script startup will throw an exception.

    For example:

    const promise = fetch("https://example.com/")       // ERROR
    
    addEventListener("fetch", event => {
      event.respondWith(fetch("https://example.com/"))  // OK
    })

    This code snippet will throw during script startup, and the "fetch" event listener will never be registered.

    [return]