Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Adding private methods to an object in JavaScript has always been an awkward thing to do, as JavaScript doesn't exactly support it. Instead, we either place enclosed functions in the constructor, which consumes more memory per object, or, we enclose both the object definition and our private methods inside of a closure.
The latter is a good way to accomplish private methods in JavaScript as it creates truly private methods and doesn't add to the memory consumption. The problem with it is, is that your private methods are separate from the object and your coding style is different compared to public definitions on the prototype.
ProtectJS is a library that extends objects you define, to allow you to add all your private methods to the prototype chain. It does this by adding protection checks to all of your methods, any marked with a prepending underscore (_) is treated as a private method.
As well as methods, JavaScript doesn't exactly support any type of private property. This becomes a problem when dangerous modifications to these properties occur.
Think of complex algorithms - If these could be modified by external sources, their output would be completely invalidated, potentially causing huge implications.
In many languages, it is custom to prepend private variables with an underscore (_), so we use this in JavaScript to show that an object should be considered as a private. Obviously this has absolutely no affect to whether it is actually private or not, it's more of a visual reference for a developer.
Let's create a basic object using this approach...
// Create the object
function MyObject() {}
// This is our public method
MyObject.prototype.public = function () {
console.log('PUBLIC method has been called');
};
// This is our private method, using (_)
MyObject.prototype._private = function () {
console.log('PRIVATE method has been called');
};
// Create an instance of the object
var mo = new MyObject();
// Call its methods
mo.public(); // Pass
mo._private(); // Pass
As I stated previously, there is no protection here, so I could easily call the _private() method and get a message saying "PRIVATE method has been called".
Now let's protect the object with ProtectJS!..
Add ProtectJS into your source, making sure it loads before the code you want to protect.
<head>
<title>PrivateJS</title>
<script type="text/javascript" src="ProtectJS/protect.min.js"></script>
<script type="text/javascript" src="app.js"></script>
</head>
Now that ProtectJS is available, we need to use it on the object
// Create the object
function MyObject() {}
// This is our public method
MyObject.prototype.public = function () {
console.log('PUBLIC method has been called');
};
// This is our private method, using (_)
MyObject.prototype._private = function () {
console.log('PRIVATE method has been called');
};
protect(MyObject); // Protect the object prototype
// Create an instance of the object
var mo = new MyObject();
// Call its methods
mo.public(); // Pass
mo._private(); // Fail
ProtectJS assumes that all methods starting with underscores in the prototype are private, and will add protection checks to prevent them from being called outside of the object.
Once protected, the only way to call a private method is by calling it through another method inside the same object.
Enables private methods to be added onto the prototype, keeping object memory to a minimum.
Protects your other properties from being modified by external sources.
Keeps code creation clean and easy to read.
Allows you to define objects in a natural way.
Doesn't change your coding style.
Protects properties you don't want to be used.
FAQs
Tool for protecting private properties
The npm package protect.js receives a total of 0 weekly downloads. As such, protect.js popularity was classified as not popular.
We found that protect.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.