Structural Type Safety via Private Field Branding

Snippet

Structural Type Safety via Private Field Branding

Branding uses the 'in' operator check on private fields to verify that an object was actually instantiated by a specific class. This is more secure than 'instanceof' because it resists prototype manipulation and works across different realms/contexts, ensuring that your logic only processes trusted, internal object structures.

snippet.js
javascript
class AuthenticatedUser {
  #brand;
  constructor(data) {
    this.#brand = true;
    Object.assign(this, data);
  }
 
  static isUser(obj) {
    return #brand in obj;
  }
}
 
const user = new AuthenticatedUser({ name: 'Markus' });
console.log(AuthenticatedUser.isUser(user)); // true
console.log(AuthenticatedUser.isUser({ name: 'Markus' })); // false

nodejs

Breakdown

#brand in obj

Returns true only if obj has the private field #brand, which cannot be added externally.

this.#brand = true;

Initializes the private brand during construction.

Previous snippet Next snippet

More Expert JavaScript exercises →

From your library

Structural Type Safety via Private Field Branding

Related