Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
class-privacy
Advanced tools
Simple way to define private members on ES6 classes, keep their code clean.
Lean dry no-dep srp :cup: package to create instances from classes with defined private members. Keep your classes clean und use this instead to define private properties. Uses proxies to hide information.
Install this package via NPM like
$ npm install class-privacy
The packages exports only one function, that acts similar to an abstract factory.
You can pass in a decide
function to define rules (e.g. whitelist)
for members. The created factory can be used to create (proxies to) instances that
contain only the public members.
import createFactory from 'class-privacy'
export class Person {
constructor ({ name, age }) {
this.name = name
this.age = age
}
greet () {
return `Hello, my name is "${this.name}". I am ${this.age} years old.`
}
}
// make all functions public, all other members are private
// it is your responsibility to prevent leakage of information
// for example if value is passed to external functions that aid
// for a decision.
// Think twice, before you pass value to third party libraries.
const decide = (key, value) => typeof value === 'function'
// create the factory for private persons
const createPrivatePerson = createFactory(Person, { decide })
const anon = createPrivatePerson({ name: 'John Doe', age: 42 })
anon.name // undefined
anon.age // undefined
anon.greet() // `Hello, my name is "John Doe". I am 42 years old.`
As shown in the example above, the factory can be created with certain
configurations, defined as options
:
decide
A function that is invoked on every access request (proxy get
trap)
and receives key
, value
and ClassDefinition
to decide, whether
this value should be allowed to be public or kept being private.
Signature:
decide: (key, value, ClassDefinition) => Boolean
Non-boolean return values are evaluated as truthy/falsy.
If not passed, all members are included by default to preserve the original state.
revealIsProxy
If this option is set to true
the isProxy
property will be added to the
proxy in order to allow a classification of the Object as proxy.
import createFactory from 'class-privacy'
export class Person {
constructor ({ name, age }) {
this.name = name
this.age = age
}
greet () {
return `Hello, my name is "${this.name}". I am ${this.age} years old.`
}
}
const createPrivatePerson = createFactory(Person, { revealIsProxy: true })
const anon = createPrivatePerson({ name: 'John Doe', age: 42 })
anon.isProxy // true
referenceClass
If this option is set to true
the class
property will be added to the
proxy in order to allow a classification of the instance as proxy to the given
class definition.
import createFactory from 'class-privacy'
export class Person {
constructor ({ name, age }) {
this.name = name
this.age = age
}
greet () {
return `Hello, my name is "${this.name}". I am ${this.age} years old.`
}
}
const createPrivatePerson = createFactory(Person, { referenceClass: true })
const anon = createPrivatePerson({ name: 'John Doe', age: 42 })
anon.class === Person // true
We use standard
as opinionated but zero-config linter.
You can run lint in two modes:
$ npm run lint
$ npm run lint:fix
We use mocha and chai with a mostly (but not strict) behavioural style for testing. You can run the tests in three different contexts:
$ npm run test
$ npm run test:watch
$ npm run test:coverage
Documentation is using jsDoc and is available as html or markdown version.
To build the documentation in development, you need to run
$ npm run docs
The package can be build into the dist
folder using babel
and the respective script:
$ npm run build
MIT, see license file
FAQs
Simple way to define private members on ES6 classes, keep their code clean.
The npm package class-privacy receives a total of 1 weekly downloads. As such, class-privacy popularity was classified as not popular.
We found that class-privacy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.