denoland-deno/docs/runtime/workers.md

## Workers

Deno supports
[`Web Worker API`](https://developer.mozilla.org/en-US/docs/Web/API/Worker/Worker).

Workers can be used to run code on multiple threads. Each instance of `Worker`
is run on a separate thread, dedicated only to that worker.

Currently Deno supports only `module` type workers; thus it's essential to pass
the `type: "module"` option when creating a new worker.

Use of relative module specifiers in the main worker are only supported with
`--location <href>` passed on the CLI. This is not recommended for portability.
You can instead use the `URL` contructor and `import.meta.url` to easily create
a specifier for some nearby script. Dedicated workers, however, have a location
and this capability by default.

```ts
// Good
new Worker(new URL("./worker.js", import.meta.url).href, { type: "module" });

// Bad
new Worker(new URL("./worker.js", import.meta.url).href);
new Worker(new URL("./worker.js", import.meta.url).href, { type: "classic" });
new Worker("./worker.js", { type: "module" });
```

### Instantiation permissions

Creating a new `Worker` instance is similar to a dynamic import; therefore Deno
requires appropriate permission for this action.

For workers using local modules; `--allow-read` permission is required:

**main.ts**

```ts
new Worker(new URL("./worker.ts", import.meta.url).href, { type: "module" });
```

**worker.ts**

```ts
console.log("hello world");
self.close();
```

```shell
$ deno run main.ts
error: Uncaught PermissionDenied: read access to "./worker.ts", run again with the --allow-read flag

$ deno run --allow-read main.ts
hello world
```

For workers using remote modules; `--allow-net` permission is required:

**main.ts**

```ts
new Worker("https://example.com/worker.ts", { type: "module" });
```

**worker.ts** (at https[]()://example.com/worker.ts)

```ts
console.log("hello world");
self.close();
```

```shell
$ deno run main.ts
error: Uncaught PermissionDenied: net access to "https://example.com/worker.ts", run again with the --allow-net flag

$ deno run --allow-net main.ts
hello world
```

### Using Deno in worker

> This is an unstable Deno feature. Learn more about
> [unstable features](./stability.md).

By default the `Deno` namespace is not available in worker scope.

To enable the `Deno` namespace pass `deno.namespace = true` option when creating
new worker:

**main.js**

```ts
const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
  type: "module",
  deno: {
    namespace: true,
  },
});
worker.postMessage({ filename: "./log.txt" });
```

**worker.js**

```ts
self.onmessage = async (e) => {
  const { filename } = e.data;
  const text = await Deno.readTextFile(filename);
  console.log(text);
  self.close();
};
```

**log.txt**

```
hello world
```

```shell
$ deno run --allow-read --unstable main.js
hello world
```

### Specifying worker permissions

> This is an unstable Deno feature. Learn more about
> [unstable features](./stability.md).

The permissions available for the worker are analogous to the CLI permission
flags, meaning every permission enabled there can be disabled at the level of
the Worker API. You can find a more detailed description of each of the
permission options [here](../getting_started/permissions.md).

By default a worker will inherit permissions from the thread it was created in,
however in order to allow users to limit the access of this worker we provide
the `deno.permissions` option in the worker API.

- For permissions that support granular access you can pass in a list of the
  desired resources the worker will have access to, and for those who only have
  the on/off option you can pass true/false respectively.

  ```ts
  const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
    type: "module",
    deno: {
      namespace: true,
      permissions: [
        net: [
          "https://deno.land/",
        ],
        read: [
          new URL("./file_1.txt", import.meta.url),
          new URL("./file_2.txt", import.meta.url),
        ],
        write: false,
      ],
    },
  });
  ```

- Granular access permissions receive both absolute and relative routes as
  arguments, however take into account that relative routes will be resolved
  relative to the file the worker is instantiated in, not the path the worker
  file is currently in

  ```ts
  const worker = new Worker(new URL("./worker/worker.js", import.meta.url).href, {
    type: "module",
    deno: {
      namespace: true,
      permissions: [
        read: [
          "/home/user/Documents/deno/worker/file_1.txt",
          "./worker/file_2.txt",
        ],
      ],
    },
  });
  ```

- Both `deno.permissions` and its children support the option `"inherit"`, which
  implies it will borrow its parent permissions.

  ```ts
  // This worker will inherit its parent permissions
  const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
    type: "module",
    deno: {
      namespace: true,
      permissions: "inherit",
    },
  });
  ```

  ```ts
  // This worker will inherit only the net permissions of its parent
  const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
    type: "module",
    deno: {
      namespace: true,
      permissions: {
        env: false,
        hrtime: false,
        net: "inherit",
        plugin: false,
        read: false,
        run: false,
        write: false,
      },
    },
  });
  ```

- Not specifying the `deno.permissions` option or one of its children will cause
  the worker to inherit by default.

  ```ts
  // This worker will inherit its parent permissions
  const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
    type: "module",
  });
  ```

  ```ts
  // This worker will inherit all the permissions of its parent BUT net
  const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
    type: "module",
    deno: {
      namespace: true,
      permissions: {
        net: false,
      },
    },
  });
  ```

- You can disable the permissions of the worker all together by passing false to
  the `deno.permissions` option.

  ```ts
  // This worker will not have any permissions enabled
  const worker = new Worker(new URL("./worker.js", import.meta.url).href, {
    type: "module",
    deno: {
      namespace: true,
      permissions: "none",
    },
  });
  ```
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			`## Workers`

			`Deno supports`
			[`Web Worker API`](https://developer.mozilla.org/en-US/docs/Web/API/Worker/Worker).

			Workers can be used to run code on multiple threads. Each instance of `Worker`
			`is run on a separate thread, dedicated only to that worker.`

			Currently Deno supports only `module` type workers; thus it's essential to pass
fix(cli/js/web/worker): Disable relative module specifiers (#5266) 2020-06-09 08:33:52 -04:00			the `type: "module"` option when creating a new worker.

feat: add --location=<href> and globalThis.location (#7369) 2021-01-07 13:06:08 -05:00			`Use of relative module specifiers in the main worker are only supported with`
			`--location <href>` passed on the CLI. This is not recommended for portability.
			You can instead use the `URL` contructor and `import.meta.url` to easily create
			`a specifier for some nearby script. Dedicated workers, however, have a location`
			`and this capability by default.`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
			```ts
			`// Good`
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`new Worker(new URL("./worker.js", import.meta.url).href, { type: "module" });`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
			`// Bad`
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`new Worker(new URL("./worker.js", import.meta.url).href);`
			`new Worker(new URL("./worker.js", import.meta.url).href, { type: "classic" });`
fix(cli/js/web/worker): Disable relative module specifiers (#5266) 2020-06-09 08:33:52 -04:00			`new Worker("./worker.js", { type: "module" });`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			```

feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`### Instantiation permissions`
refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00
			Creating a new `Worker` instance is similar to a dynamic import; therefore Deno
			`requires appropriate permission for this action.`

			For workers using local modules; `--allow-read` permission is required:

doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			`main.ts`

refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00			```ts
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`new Worker(new URL("./worker.ts", import.meta.url).href, { type: "module" });`
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			```
refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			`worker.ts`

			```ts
refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00			`console.log("hello world");`
			`self.close();`
			```

			```shell
			`$ deno run main.ts`
			`error: Uncaught PermissionDenied: read access to "./worker.ts", run again with the --allow-read flag`

			`$ deno run --allow-read main.ts`
			`hello world`
			```

doc: fix typo in workers.md (#5256) 2020-05-13 06:13:06 -04:00			For workers using remote modules; `--allow-net` permission is required:
refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			`main.ts`

refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00			```ts
			`new Worker("https://example.com/worker.ts", { type: "module" });`
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			```
refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			`worker.ts (at https[]()://example.com/worker.ts)`

			```ts
refactor: check permissions in SourceFileFetcher (#5011) This PR hot-fixes permission escapes in dynamic imports, workers and runtime compiler APIs. "permissions" parameter was added to public APIs of SourceFileFetcher and appropriate permission checks are performed during loading of local and remote files. 2020-05-11 07:13:27 -04:00			`console.log("hello world");`
			`self.close();`
			```

			```shell
			`$ deno run main.ts`
			`error: Uncaught PermissionDenied: net access to "https://example.com/worker.ts", run again with the --allow-net flag`

			`$ deno run --allow-net main.ts`
			`hello world`
			```

BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			`### Using Deno in worker`

Docs for deno test + minor other changes (#5185) * Added fs events example. * Added docs for `deno test`. * Renamed file server example. * Unified markdown code types. * Removed plugin topics from TOC. * Fixed links. 2020-05-09 21:09:42 -04:00			`> This is an unstable Deno feature. Learn more about`
			`> [unstable features](./stability.md).`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
adjust docs (#5598) 2020-05-18 15:53:25 -04:00			By default the `Deno` namespace is not available in worker scope.
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			To enable the `Deno` namespace pass `deno.namespace = true` option when creating
			`new worker:`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			`main.js`

BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			```ts
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
fix(cli/js/web/worker): Disable relative module specifiers (#5266) 2020-06-09 08:33:52 -04:00			`type: "module",`
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`deno: {`
			`namespace: true,`
			`},`
fix(cli/js/web/worker): Disable relative module specifiers (#5266) 2020-06-09 08:33:52 -04:00			`});`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			`worker.postMessage({ filename: "./log.txt" });`
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			```
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			`worker.js`

			```ts
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			`self.onmessage = async (e) => {`
			`const { filename } = e.data;`
			`const text = await Deno.readTextFile(filename);`
			`console.log(text);`
			`self.close();`
			`};`
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			```

			`log.txt`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
doc: various runtime doc updates (#5885) 2020-05-26 22:12:02 -04:00			```
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00			`hello world`
			```

			```shell
			`$ deno run --allow-read --unstable main.js`
			`hello world`
			```

feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`### Specifying worker permissions`
BREAKING: make Worker.deno unstable (#5128) This commit makes "Worker.deno" option unstable. Added new manual entry "docs/runtime/workers.md". Removed stale workers tests. 2020-05-07 15:15:59 -04:00
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`> This is an unstable Deno feature. Learn more about`
			`> [unstable features](./stability.md).`

			`The permissions available for the worker are analogous to the CLI permission`
			`flags, meaning every permission enabled there can be disabled at the level of`
			`the Worker API. You can find a more detailed description of each of the`
			`permission options [here](../getting_started/permissions.md).`

			`By default a worker will inherit permissions from the thread it was created in,`
			`however in order to allow users to limit the access of this worker we provide`
			the `deno.permissions` option in the worker API.

			`- For permissions that support granular access you can pass in a list of the`
			`desired resources the worker will have access to, and for those who only have`
			`the on/off option you can pass true/false respectively.`

			```ts
			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
			`type: "module",`
			`deno: {`
			`namespace: true,`
			`permissions: [`
			`net: [`
			`"https://deno.land/",`
			`],`
			`read: [`
			`new URL("./file_1.txt", import.meta.url),`
			`new URL("./file_2.txt", import.meta.url),`
			`],`
			`write: false,`
			`],`
			`},`
			`});`
			```

			`- Granular access permissions receive both absolute and relative routes as`
			`arguments, however take into account that relative routes will be resolved`
			`relative to the file the worker is instantiated in, not the path the worker`
			`file is currently in`

			```ts
			`const worker = new Worker(new URL("./worker/worker.js", import.meta.url).href, {`
			`type: "module",`
			`deno: {`
			`namespace: true,`
			`permissions: [`
			`read: [`
			`"/home/user/Documents/deno/worker/file_1.txt",`
			`"./worker/file_2.txt",`
			`],`
			`],`
			`},`
			`});`
			```

			- Both `deno.permissions` and its children support the option `"inherit"`, which
			`implies it will borrow its parent permissions.`

			```ts
			`// This worker will inherit its parent permissions`
			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
			`type: "module",`
			`deno: {`
			`namespace: true,`
			`permissions: "inherit",`
			`},`
			`});`
			```

			```ts
			`// This worker will inherit only the net permissions of its parent`
			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
			`type: "module",`
			`deno: {`
			`namespace: true,`
			`permissions: {`
			`env: false,`
			`hrtime: false,`
			`net: "inherit",`
			`plugin: false,`
			`read: false,`
			`run: false,`
			`write: false,`
			`},`
			`},`
			`});`
			```

			- Not specifying the `deno.permissions` option or one of its children will cause
			`the worker to inherit by default.`

			```ts
			`// This worker will inherit its parent permissions`
			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
			`type: "module",`
			`});`
			```

			```ts
			`// This worker will inherit all the permissions of its parent BUT net`
			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
			`type: "module",`
			`deno: {`
			`namespace: true,`
			`permissions: {`
			`net: false,`
			`},`
			`},`
			`});`
			```

			`- You can disable the permissions of the worker all together by passing false to`
			the `deno.permissions` option.

			```ts
			`// This worker will not have any permissions enabled`
			`const worker = new Worker(new URL("./worker.js", import.meta.url).href, {`
			`type: "module",`
			`deno: {`
			`namespace: true,`
fix: Use "none" instead of false to sandbox Workers (#9034) 2021-01-07 05:52:30 -05:00			`permissions: "none",`
feat: Add configurable permissions for Workers (#8215) This commit adds new option to "Worker" Web API that allows to configure permissions. New "Worker.deno.permissions" option can be used to define limited permissions to the worker thread by either: - inherit set of parent thread permissions - use limited subset of parent thread permissions - revoke all permissions (full sandbox) In order to achieve this functionality "CliModuleLoader" was modified to accept "initial permissions", which are used for top module loading (ie. uses parent thread permission set to load top level module of a worker). 2021-01-06 15:31:16 -05:00			`},`
			`});`
			```