To an extent, yes. You can use hoisting of function declarations and
circular dependencies to create a "gateway". During circular dependencies,
you have a time where function declarations are available but evaluation
has not occured. During that time you can setup your private state. Then,
immediately on evaluation, remove your gateway.
```
// file: ./secrets
// import all friendly modules (note: all dependencies of these modules
could access GATEWAY)
import './a'
GATEWAY = void 0;
// storage for shared secrets
let SECRET;
// gateway
function GATEWAY() {
if (!SECRET) SECRET = {};
return SECRET;
}
export {GATEWAY};
```
```
// file: ./a
import {GATEWAY} from './secrets';
if (typeof GATEWAY !== 'function') {
throw Error('import secrets *first*.');
}
const SECRET = GATEWAY();
```
With Realms (https://github.com/tc39/proposal-realms) you may be able to
use the completion value of Module Evaluation to also achieve a way to
share private state in a more sane way. VM implementations allow this in
some ways as well :
https://github.com/v8/v8/blob/a71c338d9e24e55b47125108a0fce754076751d0/include/v8.h#L1109
On Sun, Apr 23, 2017 at 6:02 PM, Jordan Harband <ljh...@gmail.com> wrote:
> Nope. This is exactly why it seems that "protected" couldn't have any way
> to work that has "hard" enforcement.
>
> The only true privacy in JS is via closure (including WeakMaps), or via
> the upcoming "private fields" proposal, assuming it stays as "hard
> private". Anything shared is publicly accessible.
>
> I'd be very interested to hear any idea that would allow modules A and B
> to privately share something, without module C being able to; the only
> thing I could think of would be some sort of private export that explicitly
> included a list of module specifiers that were allowed to import it - which
> would still not be secure whenever loader hooks exist.
>
> On Sun, Apr 23, 2017 at 1:42 PM, /#!/JoePea <j...@trusktr.io> wrote:
>
>> Is there a way to share some secret value across a few modules, and
>> prevent other modules? f.e. prevent modules of an app dev who is importing
>> modules of a library where the library wants to share private stuff across
>> its modules. Is this possible to implement somehow?
>>
>> WeakMaps can be encapsulated inside a module to implement "private"
>> properties for a class defined inside that module and then exported. But
>> "protected" can't be implemented with a WeakMap shared with modules because
>> then end-user app code can import the WeakMap and read all the stuff. Is
>> there some way to share a WeakMap private with classes defined across
>> modules?
>>
>> */#!/*JoePea
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss@mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss@mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
_______________________________________________
es-discuss mailing list
es-discuss@mozilla.org
https://mail.mozilla.org/listinfo/es-discuss
