Share a secret across ES6 specific modules, so that other modules cannot access the secret?

Jordan Harband ljharb at
Sun Apr 23 23:02:38 UTC 2017

Nope. This is exactly why it seems that "protected" couldn't have any way
to work that has "hard" enforcement.

The only true privacy in JS is via closure (including WeakMaps), or via the
upcoming "private fields" proposal, assuming it stays as "hard private".
Anything shared is publicly accessible.

I'd be very interested to hear any idea that would allow modules A and B to
privately share something, without module C being able to; the only thing I
could think of would be some sort of private export that explicitly
included a list of module specifiers that were allowed to import it - which
would still not be secure whenever loader hooks exist.

On Sun, Apr 23, 2017 at 1:42 PM, /#!/JoePea <joe at> wrote:

> Is there a way to share some secret value across a few modules, and
> prevent other modules? f.e. prevent modules of an app dev who is importing
> modules of a library where the library wants to share private stuff across
> its modules. Is this possible to implement somehow?
> WeakMaps can be encapsulated inside a module to implement "private"
> properties for a class defined inside that module and then exported. But
> "protected" can't be implemented with a WeakMap shared with modules because
> then end-user app code can import the WeakMap and read all the stuff. Is
> there some way to share a WeakMap private with classes defined across
> modules?
> */#!/*JoePea
> _______________________________________________
> es-discuss mailing list
> es-discuss at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the es-discuss mailing list