{"id":14821,"library":"private","title":"Private State Utility","description":"The `private` package (version 0.1.8) provides a utility for associating truly private state with any JavaScript object, predating native private class fields. It achieves this primarily through two mechanisms: `makeAccessor`, which uses closures to create a secret object accessible only via a dedicated accessor function, and `makeUniqueKey`, which generates non-enumerable, unguessable property names. A crucial update in v0.1.2 addressed memory leak issues by ensuring secret objects are directly (but securely) stored on owning objects, allowing them to be garbage collected when the owner becomes unreachable. This package, last updated significantly years ago, is largely superseded by modern JavaScript features like private class fields (`#field`) but historically offered a robust solution for encapsulation in ES5 environments.","status":"abandoned","version":"0.1.8","language":"javascript","source_language":"en","source_url":"git://github.com/benjamn/private","tags":["javascript","private","access control","access modifiers","encapsulation","secret","state","privilege","scope"],"install":[{"cmd":"npm install private","lang":"bash","label":"npm"},{"cmd":"yarn add private","lang":"bash","label":"yarn"},{"cmd":"pnpm add private","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is CommonJS-only and does not support ES modules. The `makeAccessor` function returns a new function for a specific private context.","wrong":"import { makeAccessor } from 'private';","symbol":"makeAccessor","correct":"const getSecret = require('private').makeAccessor();"},{"note":"This function returns a string property name. Its safety guarantees rely on ES5's `Object.defineProperty`.","wrong":"import { makeUniqueKey } from 'private';","symbol":"makeUniqueKey","correct":"const secretKey = require('private').makeUniqueKey();"},{"note":"The entire module is exposed as a CommonJS object. Named exports are accessed as properties of this object.","wrong":"import Private from 'private';","symbol":"private module","correct":"const Private = require('private');"}],"quickstart":{"code":"const getSecret = require(\"private\").makeAccessor();\n\nconst user = {\n  id: 'user-123',\n  name: 'Alice',\n  email: 'alice@example.com'\n};\n\n// Associate private data with the 'user' object\ngetSecret(user).passwordHash = \"$2a$10$abcdefghijklmnopqrstuv.w.x.y.z\";\ngetSecret(user).apiTokens = ['token-a', 'token-b'];\n\n// Public properties are visible\nconsole.log('Public user keys:', Object.keys(user)); // [ 'id', 'name', 'email' ]\nconsole.log('Public user properties:', Object.getOwnPropertyNames(user)); // [ 'id', 'name', 'email' ]\n\n// Private data is only accessible via the accessor function\nconst userData = getSecret(user);\nconsole.log('User private data:', userData); // { passwordHash: '$2a$10$abcdefghijklmnopqrstuv.w.x.y.z', apiTokens: [ 'token-a', 'token-b' ] }\nconsole.log('User password hash:', userData.passwordHash);\n","lang":"javascript","description":"Demonstrates how to associate truly private state with a JavaScript object using `makeAccessor`, preventing direct enumeration or access."},"warnings":[{"fix":"Upgrade to version 0.1.2 or newer to ensure secret objects are garbage collected when their owning objects become unreachable.","message":"Prior to v0.1.2, this package suffered from memory leaks due to holding permanent module-local references to secret objects. This was fixed by storing secrets directly on owning objects (but securely).","severity":"breaking","affected_versions":"<0.1.2"},{"fix":"Ensure the target environment fully supports ES5's `Object.defineProperty`. For broader compatibility, the `makeAccessor()` approach is generally safer as it relies on closure privacy.","message":"The `makeUniqueKey()` method's safety guarantees for non-discoverability and non-enumerability rely on `Object.defineProperty`. Using this in environments without a full ES5 implementation (e.g., very old browsers) may compromise privacy.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Consider refactoring code to use native private class fields for classes. For arbitrary object state, `WeakMap` can also be a modern alternative for private data association.","message":"For new JavaScript projects, native Private Class Fields (e.g., `#privateField`) introduced in ES2022 provide a standardized and often preferred way to encapsulate private state within classes, offering stronger guarantees and better tooling support.","severity":"deprecated","affected_versions":">=0.1.0"},{"fix":"Use CommonJS `require()` syntax to import and utilize this package within Node.js environments or transpiled browser bundles.","message":"This package is CommonJS-only and does not provide an ES module build. Attempting to use `import` syntax will result in errors.","severity":"breaking","affected_versions":">=0.1.0"},{"fix":"Evaluate alternatives like native private class fields or `WeakMap` for long-term project stability and security. Use with caution in production.","message":"This package appears to be abandoned, with no significant updates or active maintenance since its early versions. It may not be compatible with very recent JavaScript runtime changes or provide security updates.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure your JavaScript environment supports ES5. If not, consider using the `makeAccessor()` approach for privacy, which relies on closure scope and is more broadly compatible.","cause":"Attempting to use `makeUniqueKey()` in an environment that does not fully support ECMAScript 5's `Object.defineProperty`.","error":"TypeError: Object.defineProperty is not a function"},{"fix":"Always access private state through the accessor function returned by `makeAccessor()`, like `getSecret(obj).totallySafeProperty`.","cause":"Trying to access a private property created with `makeAccessor()` using standard object access (e.g., `obj.totallySafeProperty`) instead of the specific accessor function.","error":"Cannot read properties of undefined (reading 'totallySafeProperty')"},{"fix":"Change your import statement to use CommonJS `require()`: `const { makeAccessor } = require('private');` or `const getSecret = require('private').makeAccessor();`.","cause":"Incorrectly trying to import the CommonJS `private` module using ES module `import` syntax.","error":"SyntaxError: Named export 'makeAccessor' not found. The requested module 'private' does not provide an export named 'makeAccessor'"}],"ecosystem":"npm"}