Cloudflare Dynamic Workers: Sandboxed Code Execution at the Edge

I needed to run user-defined JavaScript templates from a database — code that formats RSS feed items into social media posts. The templates could be anything: hand-written, AI-generated, pasted from a blog. Running arbitrary code strings inside my production Worker, with access to D1 databases and R2 buckets, wasn't an option. Cloudflare's Dynamic Workers , released in March 2026, solved this. They let a parent Worker spawn new Workers at runtime from code strings, each in its own V8 isolate with explicitly controlled access. I wired them into my publishing stack in an afternoon. The Problem Before Dynamic Workers If you had a JavaScript function stored in a database and wanted to execute it inside a Cloudflare Worker, you had three options — all bad: new Function() / eval() — runs the code inside your Worker process, with full access to every binding, every secret, and the open internet. One malicious template and your D1 database, R2 buckets, and API keys are exposed. String interpol