Need help with isolated-core?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

207 Stars 11 Forks MIT License 59 Commits 0 Opened issues


Seamless in-page cold updates using iframes.

Services available


Need anything else?

Contributors list

# 8,171
React N...
57 commits
# 1,659
1 commit

Isolated Core

Build Status Coverage Status npm npm

A library for seamless in-page cold updates using iframes.

:zap: DEMO


In long running web apps, such as chat clients or music players, users leave pages open for weeks. It's useful to push code updates to existing clients, but in-page updates must be extremely fast and reliable to not become disruptive to the user experience.

With Isolated Core, your client-side JS (the "core") is contained within an

. To render UI, the iframe reaches up to manipulate the DOM of its parent document. This pattern decouples app execution from the visible UI, making it possible to seamlessly reload the entire app separately from the page without navigation or jank. This has some cool advantages:

  • Speed: updates load in the background and "swapping cores" is extremely fast.
  • Fault-tolerance: network and JS errors during init are caught before performing an update.
  • Predictability: loading an update runs the same code paths as reloading the page.

Isolated Core is complementary to existing techniques like Hot Module Replacement (HMR) and is framework agnostic. Unlike HMR, Isolated Core reloads your entire app environment *cold* from a blank slate. This makes updates predictable and easy to reason about, and facilitates updating components that previously required a full page reload. In addition, Isolated Core makes rollouts safer: since updates load and initialize in the background, failures can be caught rapidly without disrupting the user.

Browser Compatibility

Isolated core works on IE9+ and all other modern browsers. IE8 support is possible but not complete -- if you need it, please file an issue!

Sauce Test Status


In the entry point of your app, call

, passing it the URL to the current script and a function to run to initialize your app. When
is first invoked from a script tag, it will create a new iframe, injecting the script you specify. Then, inside the iframe, your script runs again and
calls the
function you specify.

This design makes Isolated Core compatible with a Content Security Policy and browsers which do not support Data URIs in iframes.


import { coreInit } from 'isolated-core'

coreInit({ // In non-IE, you can use document.currentScript.src here. scriptURL: '/main.js',

// Note: we are deferring require()ing our code until the "run" function // executes inside the iframe. Our init function is exported by index.js. run: core => require('./').init(core), })

In your initialization function, take a

argument and call
with handlers to
your UI. These handlers are responsible for instantiating and decontructing your UI in the parent document when your core is loaded or replaced. Both of these handlers receive the parent document ("uidocument") as an argument. For example, here's a basic React setup:


import React from 'react'
import ReactDOM from 'react-dom'
import MyComponent from './MyComponent'

export function init(core) { core.ready({ attach(uidocument) { ReactDOM.render(, uidocument.getElementById('container')) },

detach(uidocument) {

}) }


creates the first iframe, it automatically attaches it, calling your attach handler.

To load an update, call

with a script URL to execute. It returns a promise which resolves when the new core is loaded and ready to attach. It rejects if a script request fails to load (script tag
) or a JS exception is thrown during initialization. Under the hood,
is creating a new iframe, injecting the script specified. Inside the new iframe,
runs like before, and when it calls
, the promise resolves. For example:
  scriptURL: '/main.js',
  function success(coreRef) => {
    // Call launchCore to detach the current core and attach the new one.

function failure(coreErr) { // coreErr.type will be either "request" or "js" // "request" type errors have a "src" property with the URL that failed to load. // "js" type errors have an "err" property with the exception. console.error(core #${} failed to load: ${coreErr.type} error)

// Call destroyCore to remove the iframe from the document.

} )

You should use CSS to hide core iframes. The easiest way to do it is to match the

iframe[data-coreid] { display: none }


While in general the Isolated Core pattern provides a lot of benefits, there are a few trade-offs worth mentioning:

  • Cores typically share the same browser thread for a page, so if an update initializing in the background ties up the thread, it can cause framerate drops or pauses in the UI.

  • By its nature, cold loading requires more initialization time and memory than hot replacing modules. When a core is ready but not attached yet, it adds significant memory footprint to the page.

  • It's necessary to set aggressive HTTP caching headers for your core script because it will be loaded in both the initial page and then immediately again inside the first core iframe. For best results, use a CDN and include the hash of your bundles in the filename.


coreInit({ scriptURL, run, args })

Initialize a core, creating an iframe on first page load if necessary.

When called outside a core iframe,

passes its options to
and automatically attaches the first core when it's ready.

When called inside a core iframe,

invokes the
function with a
object, e.g.:
  id: 0,              // A unique numeric id for the core
  args: {...},        // An object passed to loadCore by the invoking context
  ready: ,  // Call with a handlers object when finished loading


function must be called by your
function when your core is ready to attach:
  attach(uidocument) {
    // render your UI to uidocument

detach(uidocument) { // clean up your event handlers, etc. } })

loadCore({ scriptURL, args })

Load a new core with specified

by creating an iframe and injecting a script with the specified
into it. Returns a promise which resolves when the core is ready to attach, or rejects in case of request or JS error.

When the promise resolves or rejects, it passes an object of the form:

  id: 0,                    // A unique numeric id for the core
  args: {...},              // The args object you specified
  context: ,        // A reference to the window object of the iframe
  destroyCore: ,  // Call to remove the core's iframe

If the promise resolves, the return type will also include:

  launchCore: ,   // Call to detach the current core and attach this new one


will remove the current execution context from the DOM. Statements following
will not execute.

If the promise rejects, the return type will also include:

  type: 'request'|'js',     // Either 'request' on network error, or 'js' on exception
  src: ,               // If type: 'request', the URL that failed to load
  err: ,             // If type: 'js', the exception object thrown



We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.