To an extent, yes. You can use hoisting of function declarations and circular dependencies to create a "gateway". During circular dependencies, you have a time where function declarations are available but evaluation has not occured. During that time you can setup your private state. Then, immediately on evaluation, remove your gateway.
``` // file: ./secrets // import all friendly modules (note: all dependencies of these modules could access GATEWAY) import './a' GATEWAY = void 0; // storage for shared secrets let SECRET; // gateway function GATEWAY() { if (!SECRET) SECRET = {}; return SECRET; } export {GATEWAY}; ``` ``` // file: ./a import {GATEWAY} from './secrets'; if (typeof GATEWAY !== 'function') { throw Error('import secrets *first*.'); } const SECRET = GATEWAY(); ``` With Realms (https://github.com/tc39/proposal-realms) you may be able to use the completion value of Module Evaluation to also achieve a way to share private state in a more sane way. VM implementations allow this in some ways as well : https://github.com/v8/v8/blob/a71c338d9e24e55b47125108a0fce754076751d0/include/v8.h#L1109 On Sun, Apr 23, 2017 at 6:02 PM, Jordan Harband <ljh...@gmail.com> wrote: > Nope. This is exactly why it seems that "protected" couldn't have any way > to work that has "hard" enforcement. > > The only true privacy in JS is via closure (including WeakMaps), or via > the upcoming "private fields" proposal, assuming it stays as "hard > private". Anything shared is publicly accessible. > > I'd be very interested to hear any idea that would allow modules A and B > to privately share something, without module C being able to; the only > thing I could think of would be some sort of private export that explicitly > included a list of module specifiers that were allowed to import it - which > would still not be secure whenever loader hooks exist. > > On Sun, Apr 23, 2017 at 1:42 PM, /#!/JoePea <j...@trusktr.io> wrote: > >> Is there a way to share some secret value across a few modules, and >> prevent other modules? f.e. prevent modules of an app dev who is importing >> modules of a library where the library wants to share private stuff across >> its modules. Is this possible to implement somehow? >> >> WeakMaps can be encapsulated inside a module to implement "private" >> properties for a class defined inside that module and then exported. But >> "protected" can't be implemented with a WeakMap shared with modules because >> then end-user app code can import the WeakMap and read all the stuff. Is >> there some way to share a WeakMap private with classes defined across >> modules? >> >> */#!/*JoePea >> >> _______________________________________________ >> es-discuss mailing list >> es-discuss@mozilla.org >> https://mail.mozilla.org/listinfo/es-discuss >> >> > > _______________________________________________ > es-discuss mailing list > es-discuss@mozilla.org > https://mail.mozilla.org/listinfo/es-discuss > >
_______________________________________________ es-discuss mailing list es-discuss@mozilla.org https://mail.mozilla.org/listinfo/es-discuss