# What Everyone Missed About Emdash, Cloudflare's Wordpress Alternative

## Метаданные

- **Канал:** James Q Quick
- **YouTube:** https://www.youtube.com/watch?v=hgOJH9bp75k
- **Дата:** 07.04.2026
- **Длительность:** 10:32
- **Просмотры:** 5,877
- **Источник:** https://ekstraktznaniy.ru/video/51674

## Описание

Cloudflare just dropped EmDash, their AI-native, open-source WordPress alternative, and you might have missed the most important part.

It's not the Astro-powered theming. It's not the AI-native CMS features. It's Dynamic Workers, the isolated runtime that completely rethinks how plugins work. Instead of giving plugins access to your entire site (database, theme, media), EmDash runs each plugin in a sandboxed V8 isolate with only the permissions you explicitly grant. And the implications for AI-generated code are massive.

Links & Resources
EmDash Blog Post - https://blog.cloudflare.com/emdash-wordpress/
Dynamic Workers Documentation - https://developers.cloudflare.com/dynamic-workers/
Craig Dennis - Building Secure Apps with Dynamic Workers - https://www.youtube.com/watch?v=Z9-wwXaoA68

**Newsletter**
Newsletter 🗞 - https://www.jamesqquick.com/newsletter
Follow me on Twitter 🐦 - https://www.twitter.com/jamesqquick

Timestamps / Chapters

0:00 Intro — The feature everyone overlooked
0:

## Транскрипт

### Intro — The feature everyone overlooked []

You might have heard of M-dash, Cloudflare's spiritual successor to WordPress, but I bet you overlooked the most important part. It's something that changes the way we build for the modern web, something that you probably hadn't heard of before, something called dynamic workers. Full disclosure, as of about 2 weeks ago, I officially now work at Cloudflare. Honestly, this is the most excited I've been for a new job in a very long time, but the M-dash announcement was news to me just like it was to you. In fact, when I first saw it, I ignored it because I thought it was an April Fool's joke. Apparently, we have an interesting habit of making major announcements on April Fool's Day. I'll get used to it, I guess. So, in case you

### What is M Dash? [0:37]

don't know what M-dash is, let's talk about that first cuz I think it's important to have some context before we dive into the impact of dynamic workers. So, M-dash is the spiritual successor to WordPress that solves the security or plugin security. That's the most important part that we'll come back to in a second, but I do want to give an overview of the other pieces that are really important. Now, if you scroll down a bit in the blog post, and I'll have a link to that in the description below, I had first references the fact that they rebuilt Next. js in 1 week. That's a really interesting article if you want to go and check that out. And that kind of leads to the inspiration for this project, which is using AI to rebuild systems that are already out there in a new and modern way, which I think is really exciting. If people have used WordPress for any amount of time, you probably will understand the need for a new refresh of what WordPress is. Now, I do like in this blog post that they reference how amazing WordPress has been for so long and the fact that it powers 40% of the internet and all those things, but it also talks about that need for a refresh and a new uh everything to work with, to be quite honest. So, that's particularly exciting. Now, the thing that is really

### Powered by Astro [1:38]

exciting for me is that this is powered by Astro. Now, Cloudflare acquired Astro this year, and so tying Astro into this project with CMS is uh obviously a no-brainer and super fun and exciting for me, something I want to talk a lot about later. So, if you have any questions, let me know in the comments below. But, I'm going to scroll down and skip the plugin cuz that's what we'll come back to in a second and talk more about the other points in here. So, first is modern front-end theming and architecture with Astro. Pages, layouts, components, CSS, uh scoped CSS. Uh all those things are now coming out of the box because you're building this with Astro, and that is really cool. Now, an implication of this that I think is really neat is, let's say you're using Tailwind CSS, which is by far the most popular way to get started building components these days. Uh AI, if you're using AI to generate new components for something that's missing inside of your M-dash site, AI is going to be able to generate Tailwind better than a lot of other things that it could just because of how much uh content and examples there are for Tailwind uh for AI to consume and to learn from. So, that I think is super exciting to be able to use AI and the tools that AI is best prepared to build with in this modern WordPress alternative. Now

### AI-native CMS features [2:49]

speaking of AI, it's considered uh M-dash uh here is considered to be AI native CMS. And what that means is it has an MCP, has CLI, and it has skills for agents to use. Now, if you're anything like me these days with AI, I never think about accessing any of my data directly. I'm always using MCP server through an agent or a chat experience or whatever it is. So, this falls directly in line with that. And they give an example in here of like, let's say you want to change some wording that appears in multiple different posts. Previously, you'd have to go find each different post that had that wording, and then go and do those manual replaces and save. Now, you could use something like a chat experience to say, "Find all instances of this and go and update it to this new thing," which I think is pretty powerful. Now, it also mentions having passkeys, pluggable authentication, cool. Has a tool to import your WordPress site into M-dash. That's going to be really cool for people that have existing sites. And there's a great way to try this with the playground. In the playground, you can have this instance spun up in a couple of minutes, and you'll see that this is pretty uh WordPress adjacent, something that you're probably expecting if you use WordPress before. But, like I said, the most important

### WordPress plugin security problem [3:56]

part of this is the plugin architecture and how it uses dynamic workers to accomplish that. So, let's go and dive into that part. So, let's start with this image to kind of help understand the plugin ecosystem with WordPress versus plugin ecosystem with M-dash. Now, in WordPress, a plugin is basically a chunk of code that you download and install into your WordPress site. Now, this plugin sits along of the source code of your entire WordPress site, including the theme, the database connection, the media library, like all those things a plugin could have access to. So, with a plug uh plugin having access to those things, even if it says, "Hey, I'm not going to delete anything," in theory, it could. It can go and run any kind of script that it wanted to and go and delete media, change your theme in a way that you didn't want to, delete your database, whatever. Now, thankfully, WordPress has built an extensive plugin ecosystem that are good plugins that don't do that, but the reality is still there that plugins are inherently not scoped for security in terms of protecting your WordPress site. So

### How Dynamic Workers fix it [4:57]

let's look at the alternative of this. In M-dash, you're using dynamic workers to be able to run plugin code. Now, dynamic workers in this case basically are isolated environments that have specific scopes to only do specific things that you define and run the code that you give to it, which is the plugin, and they don't have the ability to touch anything unless you specifically advocate for it. Can't touch your database, can't affect your theme, can't affect your media library, can't make queries out to external resources. It can't do any of those things unless you explicitly define its ability to do so. So, this in and of itself is a major upgrade in terms of security with your plugins. There's a bigger implication of this in AI, which I'll come back to in a second. But, I want to go back to the blog post and talk through this a little bit more and see an example. So, in here, we have an example of a plugin, and uh we have this define plugin function that comes from the M-dash library. Inside of here, you give it an ID, version, and then specifically, you define capabilities. Now, in this case, these capabilities are reading content, so reading your blog posts, for example. Notice it's not writing or deleting your content, it's just reading. And then also, you have the ability to send an email. So, in this case, you have a hook that you register. Now, the cool thing about this is these hooks, this code is only going to be run when that hook is triggered. Not only is that true, but also the environment that this runs in, the dynamic worker, which runs on V8 isolates, only spins up when you need it based on that hook, and then it spins back down. Now, because dynamic workers

### V8 isolates & sub-5ms startup [6:28]

run on V8 isolates, they are incredibly fast with like a five or sub-five millisecond uh startup cost. So, it's basically negligible, and you can spin these up and spin these downs as often as you want. Now, the way dynamic workers work is you give them code to be able to run, and they go and run them in that secure environment with only the permissions that you define. Now, in this case, we check for the collection, status to not equal published. If it is published, now we're going to from the context get a reference to email and then go ahead and send an email based on the content that was just published. So, this is a quick example of what a plugin might look like, but again, focus on the fact that you're scoped to these capabilities. You're not giving it access to everything in your M-dash site, just the things you give it scopes for. And then also, focus on the use of dynamic workers to be able to spin up, spin down, execute code in that secure environment. So, the secret engine behind this is really the dynamic worker. Now, you can read a lot in here about the features and how it works and all that kind of stuff. I highly encourage you to, and this is something I am learning at the same time alongside of you as I'm really onboarding and really getting a good understanding of these. But, one of the things I want to

### AI code mode & vibe coding [7:40]

leave you with is how useful this can be in code mode for an AI agent and then AI-generated applications by coding. So, a lot of times, what is happening with vibe coding specifically and/or with AI agent in code mode is AI is able to actually generate code that runs to do something. Let's say, for example, I have a list of receipts on my computer. I want it to iterate through all the receipts, read them, and generate a report, blah blah. Well, it may not have a tool to do that directly. So, AI, in theory, Cloud Co-work, for example, could write its own script to parse through those receipts, get all the information, generate a report, and then return it to you. It could write that code and then execute the code to be able to do that. But, the problem is we don't want AI-generated code having access to everything on our computer, for example, everything in our M-dash site, for example, etc. So, this is really where you get the power of dynamic workers in terms of how quickly they can spin up and spin down, as well as the isolatedness to be able to run code in a safe environment and know that it's not going to have access to do things that you don't want it to do. Now, there's actually a really good example of this on the Cloudflare Developers YouTube channel. My coworker

### Craig Dennis's Dynamic Workers demo [8:52]

Craig Dennis, just created this video talking about building secure apps with dynamic workers. And basically, the use case here is he created a chat agent where he didn't want the chat agent to have access to sensitive data, but he did want the chat agent to be able to generate a report based on that data. So, I highly recommend watching this full video, but in this example, basically, what he does is prompt the LLM to generate code to be able to generate the report based on that data. So, how does it not have access to the data directly? Well, dynamic workers. So, what happens is the agent will determine what the code is to generate the report. It will then create the dynamic worker. It will pass that code to the dynamic worker for it to uh run. That dynamic worker has access to the data. The LLM does not have direct access to the raw data. If you can piece all this together with my arm movements, hopefully, that's working. But, then the dynamic worker just returns that response to the LLM, and now you have this dashboard generated without the LLM having access to any of that sensitive data at all. So, as I am onboarding to Cloudflare

### Final thoughts & what's next [9:57]

this has probably been one of the most mind-blowing and exciting things I think we have from a product perspective is dynamic workers. Now, I think you the implications of this, especially in a new world with AI, are limitless. And I'm super excited to spend some hands-on time with it, build some demos, learn some cool stuff. So, if you have questions or things that you would like to see, let me know in the comments below because I will be a lot more focused on generating useful content for you now that I am working at Cloudflare. So, anyways, I hope you enjoy this. I hope you go and check out M- Dash just to learn about what it is. I hope you are excited about dynamic workers, and I'll catch you in the next video.