Description
Currently, in the JavaScript ecosystem, any file from a package can be required even if it is considered as private API by the package author, for example:
require('jest-haste-map/build/HasteFS'); // Works!
There is no way to hide private API besides compiling a project into a single flat bundle and only exposing the public API. Very few people choose to do this, and it may not be ideal in terms of load times – it may make sense for some packages to have two or three top level modules instead of one.
With Yarn PnP controlling the resolution algorithm it is now possible to prevent access to certain files and folders from other locations. There are two ways to pick a private folder:
- Either we standardize on a single folder name like
privateor similar, or - we allow package authors to make files private by listing private folders (or public ones if we'd prefer to use a whitelist) of a package in
package.json.
This would have the effect that only a limited subset of a package is available to the outside, while the package code can still be distributed in a manageable way.
Let me know what you think about this – feel free to create an RFC based on this idea or even better – send a Pull Request with a proposed implementation :)