Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
@fp51/opaque-type
Advanced tools
Functional opaque type api for Typescript and Javascript
Inspired from https://codemix.com/opaque-types-in-javascript/
npm add @fp51/opaque-type
The following naive code will compile properly, except that if you mix
createRoom
parameters you will introduce a nasty bug at runtime.
type RoomID = string;
type UserID = string;
function createRoom(roomId: RoomID, userId: UserID) {
// something
}
const roomId: RoomID = ...;
const userId: UserID = ...;
createRoom(userId, roomId);
Opaque at rescue !
This following code won't compile, because Opaque
add more specificty to
RoomId
and UserId
, so typescript wont think they are compatible because they
are built uppon a string
;
import { Opaque } from "@fp51/opaque-type";
type RoomID = Opaque<"RoomId">;
type UserID = Opaque<"UserId">;
function createRoom(roomId: RoomID, userId: UserID) {
// something
}
const roomId: RoomID = ...;
const userId: UserID = ...;
createRoom(userId, roomId); // TypeError
Here the error message you will get in your editor or when you will try to build your application
Argument of type 'Opaque<"UserId">' is not assignable to parameter of type 'Opaque<"RoomId">'.
...
Let say you built a nice piece of code:
// message.ts
type Message = {
userId: string,
text: string,
};
export function clearMessageText(message: Message) : Message {
return message.text = '';
}
export function getMessage():Message {
return ...
}
You user can endup writting the following code:
import { clearMessageText, getMessage } from './message';
const message = { userId: 'userId', text: 'mytext' };
clearMessageText(message);
or
import { getMessage } from '..'
const message2 = getMessage();
message2.userId = 'whatever';
Those two pieces of code are problematic, because in these the inner structure of your types are exposed and manipulated.
If you make any change to the Message
structure it will be a breaking change
for your code user. Meaning that he could find himself to edit dozen or hundreds
of line of code.
How can we avoid this protecting our user from creating a code strongly tied to your library internals ?
// message.ts
import { createOpaqueAPI } from '../index';
type $Message = {
userId: string,
text: string,
};
const { toOpaque, fromOpaque } = createOpaqueAPI<
'Message',
$Message,
>('Message');
type Message = ReturnType<typeof toOpaque>;
export function getMessage(): Message {
return toOpaque({ userId: 'userId', text: 'text' });
}
export function clearMessageText(message: Message): Message {
const $message = fromOpaque(message)
return toOpaque({
...$message,
text: '',
});
}
Your user won't be able to write code in same fashion, he will have to ignore the internals of your code.
import { getMessage, clearMessageText } from '../index';
const message = getMessage();
const messageCleared = clearMessageText(message);
This is especially usefull when creating a reusable a library:
FAQs
Functional opaque type api for Typescript and Javascript
We found that @fp51/opaque-type demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
Security News
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
Security News
Bun 1.2 enhances its JavaScript runtime with 90% Node.js compatibility, built-in S3 and Postgres support, HTML Imports, and faster, cloud-first performance.