This version of the Cloudflare Workers documentation is deprecated. Visit the new documentation.

Reference

JavaScript / ECMAScript

Cloudflare Workers uses the V8 JavaScript engine from Google Chrome. The Workers runtime is updated at least once a week, to at least the version that is currently used by Chrome’s stable release. This means you can safely use latest JavaScript features, with no need for “transpilers”.

Standard APIs

This is a summary of the JavaScript APIs available to Cloudflare Worker scripts, and links to their documentation on MDN. Cloudflare currently implements a subset of these APIs, as shown on this table. We are adding support for more APIs all the time – let us know if we’re missing one you need.

API Support
ECMAScript Builtins Everything supported by current Google Chrome stable release.
WebAssembly
eval() and new Function() are disallowed for security reasons.
Date.now() returns the time of last I/O; it does not advance during code execution.
Service Worker API "fetch" event
Cache API1
Web Global APIs Base64 utility methods
Timers2
Encoding API UTF-8
URL API http://, https:// schemes
Fetch API2 fetch(), Headers, Request, and Response classes
(some features inapplicable to the edge, such as CORS-related properties, are not implemented)
Streams API2 ReadableStream/WritableStream classes (except constructors)
TransformStream (zero-argument constructor)
Web Crypto API Cryptographically-secure random number generation2
Digest (SHA family, MD5)
Sign and verify (HMAC (with SHA family, MD5), RSASSA-PKCS1-v1_5, ECDSA)
Encrypt and decrypt (AES-GCM, AES-CBC)
Key derivation (PBKDF2)
Key generation (AES-GCM, HMAC)
Raw key import/export for all of the above algorithms

  1. Some APIs are only available in production, and not in the playground. The playgrounds are the Workers instances which power cloudflareworkers.com and the Workers editor UI on dash.cloudflare.com. They do not currently provide Cloudflare features other than Workers.

    [return]
  2. Some APIs are only available inside a request context. A request context is active during a "fetch" event callback, and, if you pass a Response promise to FetchEvent.respondWith(), any asynchronous tasks which run before the Response promise has settled. Any attempt to use such APIs during script startup will throw an exception.

    For example:

    const promise = fetch("https://example.com/")       // ERROR
    
    addEventListener("fetch", event => {
      event.respondWith(fetch("https://example.com/"))  // OK
    })

    This code snippet will throw during script startup, and the "fetch" event listener will never be registered.

    [return]