Overhaul CloudFlare worker Node implementation#90
Merged
Conversation
The worker is ~40 lines of edge code, but carried a full node/webpack/
TypeScript/itty-router/jest/eslint toolchain inherited from the
worker-typescript-template. That toolchain shipped nothing to the edge yet
was a perpetual source of npm audit churn, and finally hit irreconcilable
upstream version conflicts (jest 30 vs ts-jest 27 among them). None of it
earned its keep.
Rather than keep patching the build, remove it. Go-compiled-to-WASM was
considered and rejected: Workers have no native Go runtime, so it needs a
third-party bridge (syumai/workers) plus TinyGo and a build step -- a heavier
toolchain, not a lighter one. Plain JavaScript with no build step is the
smaller, simpler target.
Worker:
- Rewrite src/handler.ts + index.ts as a single dependency-free ES module,
src/worker.js (export default { fetch }). ASSETS moves from a service-worker
global to the env binding. Behaviour is preserved: GET|HEAD /current-nightly,
GET /nightly/:id with an extension-derived Content-Type, 404 otherwise.
- Routing is now two pathname checks; itty-router is dropped.
- No bundler: wrangler uploads the one file directly (dry-run: 2.10 KiB).
- Type safety retained via // @ts-check + JSDoc, checked by `tsc --noEmit`
(checkJs), so there is still no build artifact.
Config / tests:
- wrangler.toml modernised for wrangler 4: `main`, per-route `zone_id`,
dropped the top-level `zone_id`, `[build]`, and service-worker upload format.
- Replace the jest + service-worker-mock suite (whose one test was dead: it
asserted a response the handler never produced) with a vitest smoke suite
that runs against the real workerd runtime via
@cloudflare/vitest-pool-workers, seeding an in-memory KV per test.
- Delete webpack.config.js, jestconfig.json, .prettierrc, .cargo-ok, and the
old src/*.ts. tsconfig.json becomes typecheck-only.
The result has zero runtime dependencies; the remaining npm packages (wrangler,
vitest) are dev-only and never reach the edge. `npm test` passes 5/5 in workerd
and `tsc` is clean.
Docs:
- Top-level README: deploy via `npm install` / `npm run deploy`, not
`cargo install wrangler` / `wrangler publish`; the open "switch to a WASM
language?" question is resolved inline.
- CLOUDFLARE.md: describe the current single-file worker instead of the old
handler.ts/webpack setup, and rewrite the credentials guidance to bias
toward a scoped token in CLOUDFLARE_API_TOKEN sourced from a secrets
manager, over long-lived credentials left on disk by `wrangler login`.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
`npm audit` reported 6 advisories (5 high), all confined to dev/test tooling — esbuild, undici, ws — pulled in transitively. None ship in the deployed worker (src/worker.js is dependency-free) and the esbuild advisory is a Windows-only dev-server issue, so production exposure was nil; this is hygiene, not an incident. `npm audit fix` couldn't act on them: every vulnerable copy came from @cloudflare/vitest-pool-workers pinning an older nested wrangler + miniflare, and the fix (0.17.0) sits outside the declared `^0.12.0` range, so the non-forced fixer just re-printed the report. The top-level wrangler was already clean. Bumping vitest-pool-workers to ^0.17.0 pulls clean esbuild 0.28.1 / miniflare 4.20260630.0 (undici 7.28.0, ws 8.21.0) / wrangler 4.106.0, but 0.17 peers on vitest 4, forcing a coupled major with two breaking API changes: - vitest.config.js: the `/config` subpath and defineWorkersConfig are gone; migrate to cloudflareTest() as a plugin over defineConfig, per the shipped vitest-v3-to-v4 codemod. - tsconfig.json: the `cloudflare:test` ambient types moved to the /types export; add it to the types array. - test/env.d.ts: `env` is now typed as Cloudflare.Env rather than ProvidedEnv; retarget the ASSETS binding augmentation accordingly. audit clean (0 vulnerabilities), tsc --noEmit clean, 5/5 tests pass on Node 24.9.0 / npm 11.6.0. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Refactors the nightlies-serving Cloudflare Worker to a dependency-free, single-file ES module (no TS/webpack/router at runtime), modernizes the local tooling around Wrangler v4 + Vitest pool-workers, and updates documentation for deployment and real-KV testing.
Changes:
- Replace the previous TypeScript + webpack + itty-router worker with a single
src/worker.jsES module uploaded directly by Wrangler. - Swap Jest/service-worker-mock tests for Vitest running against the real
workerdruntime via@cloudflare/vitest-pool-workers, plus TS checking of JSDoc-typed JS. - Update docs and Wrangler configuration to align with the new deploy/test workflow and token-based auth guidance.
Reviewed changes
Copilot reviewed 16 out of 20 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| README.md | Updates top-level Cloudflare Workers deployment instructions and rationale for the new implementation. |
| CLOUDFLARE.md | Expands guidance around Wrangler auth (tokens vs persisted login) and documents the worker/toolchain overhaul. |
| nightlies-serving/wrangler.toml | Switches to main = src/worker.js, updates compatibility date, and uses per-route zone_id format for Wrangler v4. |
| nightlies-serving/package.json | Removes build/bundle/runtime deps; adds Wrangler/Vitest tooling and typecheck/dev scripts; sets ESM module type. |
| nightlies-serving/tsconfig.json | Moves to JS+JSDoc typechecking (allowJs/checkJs/noEmit) and adds Vitest pool-workers types. |
| nightlies-serving/vitest.config.js | Adds Vitest configuration to run the worker under workerd with an in-memory KV namespace. |
| nightlies-serving/src/worker.js | New dependency-free worker implementation with minimal routing and KV-backed responses. |
| nightlies-serving/test/worker.test.js | New smoke tests using cloudflare:test + workerd runtime and seeded KV. |
| nightlies-serving/test/env.d.ts | Adds type augmentation for Cloudflare.Env to expose ASSETS binding in tests. |
| nightlies-serving/README.md | Replaces template README with project-specific design/dev/live-testing documentation. |
| nightlies-serving/.gitignore | Removes dist/transpiled ignores; adds .wrangler. |
| nightlies-serving/webpack.config.js | Deleted (no longer bundling). |
| nightlies-serving/src/index.ts | Deleted (no longer using addEventListener/service-worker style entry). |
| nightlies-serving/src/handler.ts | Deleted (removed itty-router/TS handler). |
| nightlies-serving/src/bindings.d.ts | Deleted (bindings now modeled via env + test type augmentation). |
| nightlies-serving/test/handler.test.ts | Deleted (replaced by Vitest/workerd tests). |
| nightlies-serving/jestconfig.json | Deleted (Jest removed). |
| nightlies-serving/.prettierrc | Deleted (formatting tooling removed from this package). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Deploying nats-tools with
|
| Latest commit: |
df8da28
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://bc7453a4.nats-tools.pages.dev |
| Branch Preview URL: | https://pdp-overhaul-node-nightlies.nats-tools.pages.dev |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This consists of three commits which should be kept distinct, not squashed:
The core routing logic is unchanged, but the implementation is overhauled entirely. It's now pure JS, with no runtime dependencies, so any supply chain issues will affect local dev but will not affect production deploys, ever. The local dev dependency set is significantly reduced too.
This is smaller, lighter, and less exposed to supply chain forced bumps.
Along the way, we updated things such as Wrangler versions and so forth, and overhauled the docs, so that we will hopefully be good for another few years without needing to focus on this again.