ResourceLoader/Architecture

This page documents the architecture and features of ResourceLoader. ResourceLoader is Wikipedia's delivery system for JavaScript, CSS, localised interface icons, and localised interface text.

See also Presentations for recorded tech talks and slide decks that explain these features in audio-visual form.

Principles
ResourceLoader principles, in order of their relative importance:


 * 1) Users.
 * 2) Developers.
 * 3) Servers.

These are inspired by the W3C Design Principles.

User experience
First and foremost is the end-user's experience. The user experience here is defined as the perceived performance of the overall system. This includes key metrics for the loading of content and interactive features.

Developer experience
Once a goal has been set for the user experience, the developer experience comes right after that. This means we strive for the best possible developer experience, as long as it doesn't compromise the user experience or make it less likely for that experience to be realised.

The public interface presented to developers should:


 * not expose its internals,
 * be easy to understand and comprehend,
 * provide good defaults,
 * make it easy to do the right thing for users,
 * make other things possible.

Backend performance
A better backend latency directly improves the end-user experience. If that means the server can handle more load as a result, that's great. But, if it means using the same or more resources in a shorter amount of time (e.g. more RAM, CPU, or an extra server), that may be acceptable as well. The frontend costs (bandwidth, computation, and latency) must take precedence over server-side optimizations.

Having said that, ResourceLoader is highly scalable. Its server responses are always cacheable and applicable to all users, allowing it to scale to a large deployment (such as Wikipedia) with only a handful of backend servers. This means that unlike for MediaWiki page views, ResourceLoader assets fully utilize the CDN even for registered users.

In July 2011, Wikipedia's had about 400 servers (CDN edge servers and application servers). Our CDN served 90,000 requests per second at peak, of which 40,000 for ResourceLoader (e.g. JS and CSS resources). These 40,000 requests were served worldwide by only 9 Varnish frontend servers and 4 backend application servers. The cache hit ratio was 99.82%, resulting in only 73 req/s cache misses toward the backends.

In September 2019, the cache hit ratio over a 2-day period was 99.86% – with a hit-peak of 31,000/s and a miss-peak of 55/s (in total the edge saw 7,500,000 cache hits and 9,800 cache misses over the 2 days, data). Our on-going optimisations and cache defragmentation have thus lowered the overall request volume to ResourceLoader, despite Wikipedia's overall growth in traffic over the same decade.

Modules
ResourceLoader works with a concept of modules. A module is a bundle of resources identified by a symbolic name. They can contain any of the following types of resources:
 * Scripts
 * Styles
 * Messages

Aside from that a module may have several properties:
 * Dependencies
 * Group

All in all, this makes it possible to enqueue or load a module bundle by just using its name (instead of listing out all the resources and/or dependencies etc.).

Multiple module bundled are delivered to the client in a single request. More about this follows in the resource sections below. The response is unboxed by the Client.

Module scope
Scripts are automatically wrapped in a closure to ensure each module bundle has its own local variable context (compatible with Node.js execution, and similar to ES6 modules).

Then the browser downloads a module, it is not immediately executed when the browser parses the script response. Instead, the closure is passed to the ResourceLoader Client. This allows the browser to download multiple modules and their dependencies in parallel, whilst still controlling the order in which they execute (even if a module arrives quicker than one of its dependencies). See the ResourceLoader Client section to learn about the loading procedure and a walkthrough of example scenarios.

Minification
All scripts are minified before being included in the bundle. For this we use the JavaScriptMinifier library. In case of an internal cache-miss, the application backend will minify the code on-the-fly on the web server. See also the Caching section to learn more about the performance of packaging, and the caching infrastructure around it.

Conditions
Scripts can be conditionally included in a module based on the context of the requesting client (e.g. language code and skin ID). This keeps responses relatively small by only including components relevant to the client context.

Example uses of conditions:
 * The bundle containing a language grammar parser includes a different implementation based on the user language.
 * The bundle containing the logic for rendering Notification includes an extra stylesheet file optionally provided by the user's currently preferred skin. The Vector skin component can register this custom stylesheet which is picked up by the Notification bundle owned by a different component.
 * Moment.js has regional definitions for 62 different languages. Only one of the regional definition files will be included at run-time. Language chaining and fallbacks are handled by MediaWiki's localization framework.

For how to use these and other module options (such as  and  ), see ResourceModules in the MediaWiki API docs.

Embedding
ResourceLoader makes use of Data URI embedding to automatically embed an image file into your stylesheet. This ensures a faster page rendering experience, a shorter page load time, and also reduces the overall transfer size. To enable embedding for an image, use the " " annotation in a CSS comment over the relevant CSS declaration. For example:

When you enable "embed" mode for an image, its binary contents are automatically base64-encoded and inlined into the stylesheet. This results in numerous benefits.

Initial icons are immediately visible
Without embedding, a browser would generally first render the page without icons. After the stylesheet is completely downloaded, the browser will start rendering portions of the HTML. After any rendered portion, the browser discovers missing images from now-active style rules and requests them.

No delay or flash for interaction states
When interaction with a component (e.g. CSS,  , or ; or   in JavaScript), and a different CSS rule applies, the same missing image scenario as for the initial page load presents itself. The old rule would no longer apply, and the new rule would apply but cause a flash while the missing image is discovered and downloaded by the browser. By embedding the image file as a data URI, it is instantly visible.

Lower transfer costs
By sending the image files a part of a single CSS response, the Gzip compressor applies to it as a whole. This means PNG binary headers and SVG syntax can be liberally compressed, even across unrelated icons. If images were downloaded separately Gzip would be limited compressing each image individually.

We also eliminate the URL from the cost. Generally speaking, when referencing a file in CSS, that URL reference is in itself also data. That data is not actually useful though, as it is merely an instruction to download the actual file. This is sensible from a historical perspective, as this avoids an unwelcome download for large files such as background photos or fonts that may not be needed on some pages, and allows re-using this file from the browser cache later on. We preserve these cache and re-use benefits through the cached CSS, rather than a cached image file.

By embedding the file, we only pay for the file data, instead of the file URL and the file data.

For comparison:



In addition to the URL, we also save costs from having fewer HTTP requests. The CSS and the images naturally share a single HTTP request. As such, there are no additional HTTP transfers with their own request and response header data.

What about inflation?
In theory, this approach may seem inefficient. When using separate HTTP requests, files can be transferred as binary data. For PNG files, this is 30% more compat than base64-encoding, which inflates the binary data.

In practice, due to use of Gzip compression, the CSS response essentially acts as a sprite image, combining the PNG headers across multiple files. This and the other cost savings listed above, make the end result smaller than the sum of the individually compressed and transferred CSS and image binary would have been, this despite the inflation from base64-encoding. In addition to being smaller, it also improves the user experience by loading and appearing faster.

What about sprites?
This technique makes traditional sprite images obsolete. While the motivation behind sprites is good (less HTTP requests, better compression) it comes with a few caveats:


 * Maintenance. If an image needs to be updated, one has to regenerate the sprite file, update the background positions in the CSS output, etc.


 * Produces overly complex CSS.


 * Imposes restrictions on image usage. Properties background-repeat, background-size or background-position may not be used due these leaking other images in the same sprite.

These caveats aren't the end of the world (sprites were in wide use, clearly they did work), and some other resource delivery systems do use sprites, and might even automate their maintenance. Our embedding technique, however, provides the best of both worlds. It holds up the advantages of sprites:


 * Reduce number of HTTP requests.
 * Improve compression by combining images in one file.

With the additional benefits of:


 * No restrictions on image use, and no sprite "leakage" bugs. Properties background-repeat, background-size or background-position may not be used due these leaking other images in the same sprite.
 * Clean CSS.
 * No maintenance.
 * Even fewer HTTP requests. There isn't even 1 image request, the CSS and the images share one request.

Remapping
For icons that are not embedded, ResourceLoader transforms the relative file path into an absolute one. This is necessary because file references in CSS are meant to be relative to where the stylesheet is served from, which changes meaning when these files are bundled and served from a different URL.

The URLs are also made immutable by appending a truncated content hash as query parameter. This can be used by a cache proxy to disambiguate between multiple versions of the same file during a deployment, and to prevent a multi-server cluster from having the response from an "old" server populate the URL a browser got from a "new" server whilst mid-deployment (T102578, T47877)

Flipping

 * See also Directionality support for more information about directionality support in MediaWiki.



With the Flipping functionality it is no longer necessary to manually maintain a copy of the stylesheet for right-to-left languages. ResourceLoader automatically changes direction-sensitive CSS declarations (and more). Internally, the CSSJanus library provides that smart "flipping" logic.

Aside from flipping direction-oriented values, it also converts property names and shorthand values. And it converts references to filenames ending in  into filenames ending in , thereby loading direction-specific iconography,

Consider the following example:

When loaded by ResourceLoader, without any additional changes or configuration, it is automatically turned into the following for users with a right-to-left interface language set:

Sometimes you may want to exclude a rule from being flipped. For that one can use the  annotation. This instructs CSSJanus to skip the next CSS declaration. Or, when used in the selector part, it skips the entire following CSS ruleset.

For example:

Output will be: Note: When using Less CSS and nested selectors, the noflip annotation must be placed above each individual rule, not above the selector.

Bundling
Resources are combined in a single bundle. The loader response from the server bundles both scripts and styles from the requested module(s) in the same request. The Client receives this and loads the stylesheet in the DOM at the right time, so they are in memory when the relevant scripts that use these CSS classes, execute.

This means that neither the JS nor the CSS will run if JS is disabled. However, if you need the CSS to still run, you can add one or more CSS-only module with.

Minification
All stylesheets are minified before being put in the bundle. For this we use the CSSMin library, which was especially developed for ResourceLoader.

Conditions

 * See the Conditions section under Scripts for more information.

Similar to scripts, style bundling also features the ability to compose the module dynamically based on the context.

Resource: Messages
Messages are exported as a JSON blob, mapping the message keys to the correct translation. They're fetched on the server from MediaWiki's localization cache (including its language fallback logic). Only message keys used by the module are included in the bundle.

Bundling
All resources are bundled in the same request. The Client then takes the messages and registers them in the localization system on the client side, before the module's javascript code is executed.

Conditions
As with the other two resource types, the messages component is also optimized to load only what is necessary for the requesting context. This is especially important considering that MediaWiki is localized in over 300 languages. Only 1 unique set of messages is delivered to the client.

Front-end
So, how does all this play out in the front-end? Let's walkthrough a typical page view in MediaWiki, focusing on the ResourceLoader Client.

Startup Module
The startup module is the first and only hardlinked script being loaded on every page from a  tag. It is a lightweight module that does three things:

It starts by performing a quick validity check that stops if the current browser cannot support the base environment This avoids incomplete interfaces and script errors, by preserving the natural non-javascript fallback behavior. For incompatible browsers, the startup module is the first and last script to be loaded. (view source) It exports the module manifest. This contains the dependency information of all modules, request groups (if any) and the current version hash for each module. (see  in the console) It defines the ResourceLoader Client. The use of this manifest allows ResourceLoader to naturally avoid the Cascading Cache Invalidation problem that some bundlers suffer from. It also allows for "perfect" cache fragmentation and cache re-use through a defragmented module store.
 * 1) Validity check
 * 1) Module manifest
 * 1) Define the loader

Client
The ResourceLoader Client is a tiny JavaScript library in charge of loading and executing modules from the server. It reads the module manifest and dependency tree as its input. This client is instructed by the HTML to load modules for the current page.

The client defines mw.loader which can be given a list of module names to load. It automatically handles dependency resolution using the internal dependency map. It also naturally de-duplicates and will not start loading or executing any module more than once.

The loading process is fully asynchronous, and requests modules in batches from the server.

Store

 * See also Research:Module storage performance on Meta-Wiki.

The ResourceLoader client caches the contents of individual modules within the web browser (i.e. HTML5 LocalStorage). This drastically reduces and effectively eliminates cache fragmentation.

For example, imagine two unrelated modules A and B that both make use of a third module C that is exceptionally large. Module A is used on page "Foo", and module B on page "Bar". Without a module store, the following would happen:
 * 1) User views article Foo. Browsers makes network request for
 * 2) User views article Bar. Browsers makes network request for   . (Thus downloading a second copy of C)
 * 3) User views article Foo. Browser uses cache for.
 * 4) User views article Bar. Browser uses cache for.

On the second page view, the browser was unable to use C from its cache, because it is stored under a a batch request url. In the above scenario, the user would fully download the big "C" module multiple times, despite it not having changed, and it already being in the cache somewhere as part of "A+C".

With ResourceLoader's module store, the client caches each part of the response to the batch request separately in a local cache (backed by a localStorage blob). This is not affected by other modules in the same batch request. Let's reconsider the same scenario with these improvements:


 * 1) User views article Foo. Browsers makes network request for   . These two are unpacked on arrival and locally stored separately, as "A" and "C".
 * 2) User views article Bar. Browser executes "C" from local store, and makes network request for   . Then, "B" is also added to the store.
 * 3) User views article Foo. Browser executes "A" and "C" from store. No network request.
 * 4) User views article Bar. Browser executes "B" and "C" from store. No network request.

Execution

 * This section is incomplete


 * Execution separated from loading/parsing.
 * Direct or delayed execution as appropriate based on module dependencies.
 * Insert messages and styles into memory before script execution.

Back-end

 * See also: § Caching

On-demand package generation
ResourceLoader features on-demand generation of the module bundles. The on-demand generation is very important in MediaWiki because cache invalidation can come from many places. Here's a few examples: Core and extensions generally only change when a wiki is upgraded. But especially on large sites such as Wikipedia, deployments happen many times a day (even updates to core). Wiki users granted certain user rights (interface administrators by default) have the ability to modify the "site" module (which is empty by default and will be loaded for everybody when non-empty). This is all without servers-side access, these scripts/styles are stored as wiki pages in the database. On top of that, each user also has its own module space that is only loaded for that user. The interface messages are shipped with MediaWiki core and are generally considered part of core (and naturally update when upgrading/deploying core). However wikis can customize their interface by using the MediaWiki message namespace to modify interface messages (or create new ones to use in their own modules).
 * Core
 * Extensions
 * Users
 * Translators

Response
GET /load.php?modules=foo|bar|quux&lang=en&skin=vector&version=…

Guarantees
ResourceLoader offers the following guarantees to developers and site operators:


 * The page HTML must be highly-cacheable for serving through a CDN, and generally only purged after the actual page content was changed.
 * References from page HTML to ResourceLoader URLs must not vary by user.
 * When people browse around on the website, there is a consistent experience with regards to the versions of styles and scripts.
 * Changes to styles and scripts take effect in most browsers within 5 minutes, and in all browsers within 10 minutes.

These guarantees allow ResourceLoader to operate within the constraints of Wikipedia's global caching strategy.

Change propagation
The pipeline for change propagation both starts and ends with the startup module. The page HTML doesn't change one way or the other. And when the client loads individual modules, the version parameter is always a strict part of all relevant identifiers, cache keys and URLs. As such, the details of how the Client works don't have to be considered when thinking about cache invalidation. The  logic, the browser cache, and the local module store will never serve stale content.

From HTML to stylesheet
We start from the page HTML, which directly loads the bundled stylesheets from load.php. The initial entrypoint here is without a "version" parameter in its URL. This is important because we can't change the HTML after every deployment. These are cached and used offline unconditionally by the browser for 5 minutes. After that the browser will perform an HTTP revalidation request to renew it for another 5 min if it hasn't changed. More details on that below.

All files referenced within the stylesheet (e.g. for SVG icons) are automatically versioned by ResourceLoader by incorporating the file hash. This way, the versions of the icon and the CSS code are always in sync with each other when applied to a page. There is no need for forward- or backward- compatibility between the CSS code and the files that it references. This is most obvious when the icons are embedded using, but even without embedding these are kept in sync through the automatically versioned URL references. These icons and such may be cached and reused offline indefinitely.

From HTML to startup
We start from the page HTML, which loads the Startup module. The startup module contains the module manifest of version hashes, which we use to construct URLs to load modules from (e.g. ).

The startup module is the only script linked from the HTML, and it is also the only script we load without a "version" parameter in its URL. This is important because we can't change the HTML after every deployment or on-wiki edit where one or more modules are cache invalidation for one or more modules.

To avoid browsers having to download the module manifest repeatedly, we use the browser's offline HTTP cache, with an occasional HTTP revalidation request.

Startup offline cache
During the first pageview in a browsing session, we download and cache the module manifest in the browser's HTTP cache for 5 minutes. During that time the browser re-uses it unconditionally, fully local and fully offline. The CDN also caches its copy from the backend for 5 minutes. These two sliding windows together ensure that all pageviews incorporate the latest changes after no more than 10 minutes.

At WMF, this is optimised such that the browser's 5-minute window intuitively starts from when the browser downloaded it. This is unlike standard HTTP Cache-Control, which by default offsets the browser to countdown from when the CDN originally got its copy, which would mean most users only get to use their offline copy for for 1-2 minutes (T105657).

Startup revalidation
If during a pageview the manifest is more than 5 minutes old, the browser will make a conditional HTTP request. While the original request simply downloaded the manifest, a conditional request will only respond with the manifest if it has changed. Browsers generally keep cached resources until long after they expire, specifically to make this possible. In the original download we send an  response header, which the browser passes back to us in the   request header. If the manifest hasn't changed, we get a cheap 0-byte HTTP 304 response from the CDN, which lets the browser upgrade its stale copy back to "fresh" for another 5 minutes and the cycle repeats.

Cache invalidation
Every module has a version hash. This version hash is how we decide whether to bust the cache, or to allow re-use (if the version and module content remained the same). For most modules, the version hash tracks the following:


 * Content of CSS files, JavaScript files, and other files in the module definition. This works by taking a checksum of these files.
 * Content of imported files. For example, a LESS file may import other files when compiled. These imported files are added to our internal list of files to hash for this module, since changes to the imports may change the output of the stylesheet.
 * Images referenced in stylesheets. ResourceLoader automatically adds a version query string to image references in stylesheets (to allow maximum caching). If the referenced image changes then even if none the CSS is explicitly change, we will regenerate the stylesheet to link to the new image version (see also: Remapping).
 * Content of interface messages from the localisation cache.
 * Module definition. The definition includes the order in which files are included, and other metadata that may influence the module output without the files themselves changing.

The reason we track these changes, as opposed building the module on-demand and hashing the output, is that clients need to download the modules from a URL, and that URL must be cachable, and thus versioned. As such, we'd have to rebuild all modules on the server when merely delivering the startup manifest (Wikipedia has over 1000 registered module bundles). As of August 2019, this remains infeasible to precompute at "build" or "deployment" time. Wikimedia Foundation hosts over 900 wiki configurations, 400 languages, 5 skins, and 1000 modules. Precomputing each of these variants would take hours. And that's before we factor in that wikis are in constant flux through on-wiki abilities to edit localisation messages, change site configuration, and editing of certain script pages.

Module batch request
When the client has no locally cached copy of a module+version, it will load it in a batch with other uncached modules from a  URL that carries a version parameter. This allows web browsers and the CDN to effectively consider them immutable. Browsers may cache and unconditionally re-use these responses on subsequent page views based on the far-future Expires header (or the "max-age" Cache-Control directive).

These batch URLs sort the module names in alphabetical order to increase changes of hitting a previous cache entry in the browser cache or the CDN, as well as to improve Gzip compression by letting the server naturally place related module bundles together in the response.

The "version" parameter on these URLs is a combined version hash, a "hash of hashes".

Groups
The module request "group" can be used to optimise cache fragmentation. By default any two modules are allowed to be loaded together in the same batch request. The client store prevents most cache fragmentation automatically, which is why in general you do not need to use this option.

If fine-tuning is needed, then one or more module bundles can be forced to be split in a dedicated request group. Use these sparingly as they naturally cause additional HTTP requests, and thus reduce compression effiency.

Any freeform string can be used as a group name. Modules with the same request group assigned may be loaded in the same request.

It is conventional to use lowercase dashed name, typically derived from a substring of a the related modules names (e.g. "jquery-ui" or "ext.foo").

Beware of the below reserved names. The reserved groups have as special added behaviour that they disqualify for client store optimisations and also have additional behaviour:
 *  . Reserved for modules that vary by username (e.g. user scripts). These HTTP requests get an extra " " query parameter. This parameter is available in the ResourceLoaderContext object passed to content methods (e.g. getScript, getStyles). Due to the extra parameter, they don't share cache with other users or logged-out users. The cache will be public. The stylesheets in this module group are loaded after all other modules (last cascading order), through the DOM's " " marker.
 * . Reserved for modules that are not allowed to be loaded from the public  endpoint (e.g. for CSRF tokens). Modules in this group are automatically embedded by OutputPage in the HTML when loaded. They cannot be loaded on demand.
 *  . Reserved for stylesheets that are user-generated content, but are not user-specific (rather for the entire site). The stylesheets in this module group are loaded after all other modules (last cascading order), using the "ResourceLoaderDynamicStyles" marker as separation.
 *  . Reserved for stylesheets that are user-generated content, but are not user-specific (rather for the entire site). The stylesheets in this module group are loaded after all other modules (last cascading order), using the "ResourceLoaderDynamicStyles" marker as separation.

Disable on a single page
To make it easier to debug a specific page without the influence of site-wide or user-specific gadgets, scripts, or styles; it is possible to temporarily disable them by setting the " " query parameter on any page, e.g. https://www.mediawiki.org/w/index.php?title=Project:Sandbox&safemode=1.

Debug mode

 * This section is incomplete

To make development easier, there is a debug mode in ResourceLoader.

Differences:
 * Script resources: No longer minified, concatenated, or loaded from load.php. Instead, load.php will instruct the client to request each source file directly. This makes debugging scripts easier with your browser's developer tools. But, transformations such as the wrapping closure also don't apply; so scripts may execute in the global scope.
 * Style resources: No longer minified, concatenated, or loaded from load.php. Instead, load.php will instruct the client to request each stylesheet directly. Transformations such as URI embedding and RTL-flipping don't apply.

Toggle mode
The mode can be toggled in several ways. In order of precedence:


 * Query parameter  (string): Set to "true" to enable, to "false" to disable. When absent, falls back to next step. https://example.org/wiki/Main_Page?debug=true
 * Cookie  (string): Set   to enable, delete the cookie to disable (setting to "false" does not work). When absent, falls back to next step.  There is a user script available to simplify toggling this.  Add:   to Special:MyPage/common.js on the wiki where you're debugging.  A link to enable or disable debug mode will be added to the toolbox.  In some browsers, you may need to hard refresh before the change takes effect.
 * (boolean): The default mode is determined by this configuration setting. Unless overridden in LocalSettings, this will be set to . A production wiki should never set this to true as debug mode will then be served to everybody. Thus being inefficient and likely introducing bugs due to the nature of debug mode.

Conclusion


In conclusion we'd like to think of ResourceLoader as creating a development environment that is optimized for:


 * Happy developers Easy to work with modules without worrying about optimization, maintenance, building, or what not.
 * Happy servers The application itself scales well, and is optimized to run on-demand.
 * Happy users Faster pages!

JavaScriptMinifier


Although the re-generation of a module bundle should be relatively rare (since cache is very well controlled), when it does happen it has to perform well from a web server.

For that reason we don't use the famous JSMin.php library (based on Douglas Crockford's JSMin) because it is too slow to run on-demand while a page is loading. Although JSMin.php only takes about 1 second for (which is okay if you're on the command-line), when working on-demand in a web server response (with hundreds of large files needing to be minified) waiting that long is unacceptable, especially if potentially thousands of requests could come in at the same time, all finding out that the cache isn't up to date (to avoid a cache stampede). Instead ResourceLoader uses Paul Copperman's JavaScriptMinifier. This runs up to 4X faster than JSMin. In addition to the speed, time has told that JavaScriptMinifier interprets the JavaScript syntax more correctly and succeeds in situations where JSMin outputs invalid JavaScript. The output size of JavaScriptMinifier is slightly larger than JSMin (about 0.5%, based on a comparison by minifying jquery.js, where the difference was +0.8KB out of 160KB). This is considered acceptable given the bigger picture.

ResourceLoader doesn't aim to compress as small as possible no matter the cost. Instead, it aims for a balance, getting large gains in a wide range of areas while also featuring instant cache invalidation, fast on-demand bundle generation, and a transparent "build"-free environment for developer. The slight increase in payload then becomes an acceptable trade off, expected to be more than regained by the efforts it enables.

CSSMin
Features:
 * Minification
 * Remapping
 * Data URI Embedding

Cache-Control immutable
This HTTP capability in browsers gained momentum in 2016. We evalauted it and decided not to adopt it for ResourceLoader (T149837#8221190).