Share a secret across ES6 specific modules, so that other modules cannot access the secret?

Isiah Meadows isiahmeadows at gmail.com
Mon Apr 16 21:33:53 UTC 2018 

Related relevant proposal/strawman/whatever:

- https://github.com/isiahmeadows/private-data-proposal
- https://github.com/tc39/proposal-class-fields/issues/94
- https://github.com/zenparsing/js-classes-1.1/issues/44

And in particular in the first linked issue, I did propose an `export
{ ... } to "./foo.js"` here:

https://github.com/tc39/proposal-class-fields/issues/94#issuecomment-381626341

-----

Isiah Meadows
me at isiahmeadows.com

Looking for web consulting? Or a new website?
Send me an email and we can get started.
www.isiahmeadows.com


On Mon, Apr 16, 2018 at 12:24 PM, /#!/JoePea <joe at trusktr.io> wrote:
> I think it'd be nice if there was something also easier, based only on file
> names or directory structure.
>
> ```js
> // log-foo.js
> import Foo from './Foo'
> console.log(Foo)
> ```
>
> ```js
> // Foo.js
> class Foo {}
> export Foo for './log-foo'
>
> // or with expressions, all files in this folder
> export Foo for './*'
> ```
>
> I know, someone can stick a file in there then, but at least it gives a
> "don't mess with this unless you know what you're doing" message like many
> other things in JavaScript (f.e. redefining a configurable property even if
> writable is false).
>
> We'll, I suppose even with public keys, a use can just replace your module
> in the file system with their own, so the same "be careful" principal still
> applies there.
>
> Of course, network-modules won't have the filesystem-module problem, so
> probably both filename approach and box approach would be secure with
> network modules (just needs infrastructure for passing that info around).
>
> On Sun, Apr 15, 2018, 11:58 AM Mike Samuel <mikesamuel at gmail.com> wrote:
>>
>> The box function defined in github.com/mikesamuel/tc39-module-keys enables
>> things like this.
>>
>>
>> On Sun, Apr 23, 2017 at 4:42 PM, /#!/JoePea <joe at trusktr.io> wrote:
>>>
>>> Is there a way to share some secret value across a few modules, and
>>> prevent other modules? f.e. prevent modules of an app dev who is importing
>>> modules of a library where the library wants to share private stuff across
>>> its modules. Is this possible to implement somehow?
>>>
>>> WeakMaps can be encapsulated inside a module to implement "private"
>>> properties for a class defined inside that module and then exported. But
>>> "protected" can't be implemented with a WeakMap shared with modules because
>>> then end-user app code can import the WeakMap and read all the stuff. Is
>>> there some way to share a WeakMap private with classes defined across
>>> modules?
>>>
>>> /#!/JoePea
>>>
>>> _______________________________________________
>>> es-discuss mailing list
>>> es-discuss at mozilla.org
>>> https://mail.mozilla.org/listinfo/es-discuss
>>>
>>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>

More information about the es-discuss mailing list