Part 2: Encapsulation and Access Modifiers - Data Protection

Introduction

My first production bug came from exposing a balance property directly on an Account class. A developer accidentally set account.balance = -500. The validation logic in the debit() method was bypassed. Negative balances cascaded through the system causing financial discrepancies.

That's when I learned encapsulation. By making balance private and only allowing modifications through controlled methods, I prevented direct manipulation. This article teaches you how to protect data integrity using access modifiers, getters/setters, and information hiding.

The Problem: Direct Property Access

class BankAccount {
    balance: number;  // Public by default - anyone can modify!
    
    constructor(initialBalance: number) {
        this.balance = initialBalance;
    }
    
    withdraw(amount: number): void {
        if (amount > this.balance) {
            throw new Error('Insufficient funds');
        }
        this.balance -= amount;
    }
}

const account = new BankAccount(1000);

// Problem: Can bypass validation!
account.balance = -500;  // Direct modification - no validation!
console.log(account.balance);  // -500

// Or accidentally overwrite
account.balance = undefined;  // Oops!

Issues:

No validation when setting balance
Business rules bypassed
Data integrity broken
Hard to track who modified what

The Solution: Encapsulation

class BankAccount {
    private balance: number;  // Private - only accessible within class
    
    constructor(initialBalance: number) {
        if (initialBalance < 0) {
            throw new Error('Initial balance cannot be negative');
        }
        this.balance = initialBalance;
    }
    
    withdraw(amount: number): void {
        if (amount <= 0) {
            throw new Error('Withdrawal amount must be positive');
        }
        if (amount > this.balance) {
            throw new Error('Insufficient funds');
        }
        this.balance -= amount;
    }
    
    deposit(amount: number): void {
        if (amount <= 0) {
            throw new Error('Deposit amount must be positive');
        }
        this.balance += amount;
    }
    
    getBalance(): number {
        return this.balance;
    }
}

const account = new BankAccount(1000);

// Error: Property 'balance' is private
// account.balance = -500;

// Must use methods - validation enforced!
account.withdraw(200);  // Controlled access
console.log(account.getBalance());  // 800

Access Modifiers in TypeScript

Public (Default)

Accessible everywhere:

class Product {
    public name: string;  // Explicit public
    price: number;        // Implicitly public
    
    constructor(name: string, price: number) {
        this.name = name;
        this.price = price;
    }
}

const product = new Product('Laptop', 1200);
console.log(product.name);   // OK
console.log(product.price);  // OK

Private

Only accessible within the class:

class CreditCard {
    private cardNumber: string;
    private cvv: string;
    
    constructor(cardNumber: string, cvv: string) {
        this.cardNumber = cardNumber;
        this.cvv = cvv;
    }
    
    getMaskedNumber(): string {
        // Only show last 4 digits
        return `****-****-****-${this.cardNumber.slice(-4)}`;
    }
    
    private validateCVV(): boolean {
        return /^\d{3}$/.test(this.cvv);
    }
}

const card = new CreditCard('4532123456789012', '123');

console.log(card.getMaskedNumber());  // "****-****-****-9012"

// Error: Property 'cardNumber' is private
// console.log(card.cardNumber);

// Error: Property 'validateCVV' is private
// card.validateCVV();

Protected

Accessible within class and subclasses:

class Employee {
    protected salary: number;
    
    constructor(
        public name: string,
        salary: number
    ) {
        this.salary = salary;
    }
    
    protected calculateBonus(): number {
        return this.salary * 0.1;
    }
}

class Manager extends Employee {
    constructor(name: string, salary: number) {
        super(name, salary);
    }
    
    getTotalCompensation(): number {
        // Can access protected members from parent class
        return this.salary + this.calculateBonus();
    }
}

const manager = new Manager('Alice', 100000);
console.log(manager.getTotalCompensation());  // 110000

// Error: Property 'salary' is protected
// console.log(manager.salary);

Getters and Setters

TypeScript provides elegant getter/setter syntax:

Basic Getters and Setters

class User {
    private _email: string;
    private _age: number;
    
    constructor(email: string, age: number) {
        this._email = email;
        this._age = age;
    }
    
    // Getter - accessed like a property
    get email(): string {
        return this._email;
    }
    
    // Setter - validation happens here!
    set email(value: string) {
        if (!this.isValidEmail(value)) {
            throw new Error('Invalid email format');
        }
        this._email = value.toLowerCase().trim();
    }
    
    get age(): number {
        return this._age;
    }
    
    set age(value: number) {
        if (value < 0 || value > 150) {
            throw new Error('Invalid age');
        }
        this._age = value;
    }
    
    private isValidEmail(email: string): boolean {
        return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
    }
}

const user = new User('[email protected]', 25);

// Use like properties - getters/setters called automatically
console.log(user.email);  // Calls getter: "[email protected]"

user.email = ' [email protected] ';  // Calls setter: validates and normalizes
console.log(user.email);  // "[email protected]"

// Validation enforced
try {
    user.email = 'invalid-email';  // Throws error!
} catch (e) {
    console.log(e.message);  // "Invalid email format"
}

try {
    user.age = -5;  // Throws error!
} catch (e) {
    console.log(e.message);  // "Invalid age"
}

Computed Properties

class Rectangle {
    constructor(
        private _width: number,
        private _height: number
    ) {}
    
    get width(): number {
        return this._width;
    }
    
    set width(value: number) {
        if (value <= 0) throw new Error('Width must be positive');
        this._width = value;
    }
    
    get height(): number {
        return this._height;
    }
    
    set height(value: number) {
        if (value <= 0) throw new Error('Height must be positive');
        this._height = value;
    }
    
    // Computed property - calculated on access
    get area(): number {
        return this._width * this._height;
    }
    
    get perimeter(): number {
        return 2 * (this._width + this._height);
    }
}

const rect = new Rectangle(10, 5);
console.log(rect.area);       // 50
console.log(rect.perimeter);  // 30

rect.width = 20;
console.log(rect.area);       // 100 - recalculated automatically

Real Example: User Profile Management

I built a user profile system with validation and business rules:

class UserProfile {
    private _username: string;
    private _displayName: string;
    private _bio: string;
    private _isPrivate: boolean;
    private _followerCount: number = 0;
    private _createdAt: Date;
    
    constructor(username: string, displayName: string) {
        this._username = this.validateUsername(username);
        this._displayName = displayName;
        this._bio = '';
        this._isPrivate = false;
        this._createdAt = new Date();
    }
    
    // Username: read-only after creation
    get username(): string {
        return this._username;
    }
    
    // Display name: can be updated with validation
    get displayName(): string {
        return this._displayName;
    }
    
    set displayName(value: string) {
        const trimmed = value.trim();
        if (trimmed.length < 1) {
            throw new Error('Display name cannot be empty');
        }
        if (trimmed.length > 50) {
            throw new Error('Display name too long');
        }
        this._displayName = trimmed;
    }
    
    // Bio with length limit
    get bio(): string {
        return this._bio;
    }
    
    set bio(value: string) {
        if (value.length > 500) {
            throw new Error('Bio too long (max 500 characters)');
        }
        this._bio = value;
    }
    
    // Privacy setting
    get isPrivate(): boolean {
        return this._isPrivate;
    }
    
    set isPrivate(value: boolean) {
        this._isPrivate = value;
    }
    
    // Follower count: read-only externally
    get followerCount(): number {
        return this._followerCount;
    }
    
    // Created date: read-only
    get createdAt(): Date {
        return this._createdAt;
    }
    
    // Public methods for controlled modifications
    addFollower(): void {
        this._followerCount++;
    }
    
    removeFollower(): void {
        if (this._followerCount > 0) {
            this._followerCount--;
        }
    }
    
    private validateUsername(username: string): string {
        const cleaned = username.toLowerCase().trim();
        if (!/^[a-z0-9_]{3,20}$/.test(cleaned)) {
            throw new Error('Invalid username format');
        }
        return cleaned;
    }
    
    toJSON() {
        return {
            username: this._username,
            displayName: this._displayName,
            bio: this._bio,
            isPrivate: this._isPrivate,
            followerCount: this._followerCount,
            createdAt: this._createdAt
        };
    }
}

// Usage
const profile = new UserProfile('john_doe', 'John Doe');

// Read properties
console.log(profile.username);       // "john_doe"
console.log(profile.followerCount);  // 0

// Update allowed properties
profile.displayName = 'Johnny D';
profile.bio = 'Software engineer passionate about TypeScript';
profile.isPrivate = true;

// Controlled follower updates
profile.addFollower();
profile.addFollower();
console.log(profile.followerCount);  // 2

// Cannot set follower count directly
// profile.followerCount = 1000;  // Error: no setter

// Cannot change username
// profile.username = 'new_username';  // Error: no setter

// Validation enforced
try {
    profile.displayName = '';  // Error: Display name cannot be empty
} catch (e) {
    console.log(e.message);
}

Information Hiding

Exposing Only What's Needed

class PasswordManager {
    private password: string;
    private salt: string;
    private hashAlgorithm: string = 'bcrypt';
    
    constructor(password: string) {
        this.salt = this.generateSalt();
        this.password = this.hash(password);
    }
    
    // Public interface - what users can do
    verify(inputPassword: string): boolean {
        return this.hash(inputPassword) === this.password;
    }
    
    changePassword(oldPassword: string, newPassword: string): void {
        if (!this.verify(oldPassword)) {
            throw new Error('Current password incorrect');
        }
        this.password = this.hash(newPassword);
    }
    
    // Private implementation details - hidden from users
    private generateSalt(): string {
        return crypto.randomBytes(16).toString('hex');
    }
    
    private hash(password: string): string {
        return crypto
            .pbkdf2Sync(password, this.salt, 10000, 64, 'sha512')
            .toString('hex');
    }
}

const pm = new PasswordManager('secret123');

// Users only see public interface
console.log(pm.verify('secret123'));  // true
console.log(pm.verify('wrong'));      // false

pm.changePassword('secret123', 'newSecret456');

// Implementation details hidden
// console.log(pm.password);  // Error: private
// console.log(pm.salt);      // Error: private
// pm.hash('test');           // Error: private

Internal State Management

class TaskQueue {
    private queue: Task[] = [];
    private processing: boolean = false;
    private maxConcurrent: number = 3;
    private activeCount: number = 0;
    
    // Public interface
    add(task: Task): void {
        this.queue.push(task);
        this.processNext();
    }
    
    get pending(): number {
        return this.queue.length;
    }
    
    get active(): number {
        return this.activeCount;
    }
    
    // Private implementation
    private async processNext(): Promise<void> {
        if (this.activeCount >= this.maxConcurrent || this.queue.length === 0) {
            return;
        }
        
        const task = this.queue.shift()!;
        this.activeCount++;
        
        try {
            await task.execute();
        } finally {
            this.activeCount--;
            this.processNext();
        }
    }
}

Real Example: Shopping Cart

interface CartItem {
    productId: string;
    name: string;
    price: number;
    quantity: number;
}

class ShoppingCart {
    private items: Map<string, CartItem> = new Map();
    private _discountPercent: number = 0;
    
    // Add item with validation
    addItem(productId: string, name: string, price: number, quantity: number = 1): void {
        if (price < 0) {
            throw new Error('Price cannot be negative');
        }
        if (quantity <= 0) {
            throw new Error('Quantity must be positive');
        }
        
        if (this.items.has(productId)) {
            // Update quantity if item exists
            const existing = this.items.get(productId)!;
            existing.quantity += quantity;
        } else {
            this.items.set(productId, { productId, name, price, quantity });
        }
    }
    
    removeItem(productId: string): boolean {
        return this.items.delete(productId);
    }
    
    updateQuantity(productId: string, quantity: number): void {
        if (quantity <= 0) {
            this.removeItem(productId);
            return;
        }
        
        const item = this.items.get(productId);
        if (item) {
            item.quantity = quantity;
        }
    }
    
    // Discount with validation
    get discountPercent(): number {
        return this._discountPercent;
    }
    
    set discountPercent(value: number) {
        if (value < 0 || value > 100) {
            throw new Error('Discount must be between 0 and 100');
        }
        this._discountPercent = value;
    }
    
    // Computed properties
    get itemCount(): number {
        return Array.from(this.items.values())
            .reduce((sum, item) => sum + item.quantity, 0);
    }
    
    get subtotal(): number {
        return Array.from(this.items.values())
            .reduce((sum, item) => sum + (item.price * item.quantity), 0);
    }
    
    get discountAmount(): number {
        return this.subtotal * (this._discountPercent / 100);
    }
    
    get total(): number {
        return this.subtotal - this.discountAmount;
    }
    
    // Read-only access to items
    getItems(): ReadonlyArray<Readonly<CartItem>> {
        return Array.from(this.items.values());
    }
    
    clear(): void {
        this.items.clear();
    }
    
    // Summary for checkout
    getSummary() {
        return {
            itemCount: this.itemCount,
            subtotal: this.subtotal,
            discount: this.discountAmount,
            total: this.total,
            items: this.getItems()
        };
    }
}

// Usage
const cart = new ShoppingCart();

cart.addItem('PROD-001', 'Laptop', 1200, 1);
cart.addItem('PROD-002', 'Mouse', 25, 2);
cart.addItem('PROD-003', 'Keyboard', 80, 1);

console.log(cart.itemCount);    // 4
console.log(cart.subtotal);     // 1330

cart.discountPercent = 10;
console.log(cart.discountAmount); // 133
console.log(cart.total);         // 1197

// Update quantity
cart.updateQuantity('PROD-002', 1);  // Reduce mouse quantity
console.log(cart.total);  // 1172

// Get summary for checkout
const summary = cart.getSummary();
console.log(summary);
/*
{
  itemCount: 3,
  subtotal: 1305,
  discount: 130.5,
  total: 1174.5,
  items: [...]
}
*/

Private Fields (#) - ES2022 Feature

TypeScript also supports JavaScript's private fields using #:

class BankAccount {
    #balance: number;  // Hard private - enforced at runtime
    
    constructor(initialBalance: number) {
        this.#balance = initialBalance;
    }
    
    deposit(amount: number): void {
        this.#balance += amount;
    }
    
    getBalance(): number {
        return this.#balance;
    }
}

const account = new BankAccount(1000);
console.log(account.getBalance());  // 1000

// Error at runtime AND compile time
// console.log(account.#balance);

Difference from private:

TypeScript private: Compile-time only (becomes public in JavaScript)
JavaScript #: Runtime enforcement (truly private)

I prefer private for most cases, # when runtime privacy is critical.

Best Practices

1. Make Everything Private by Default

// Start private, expose only what's needed
class DataProcessor {
    private data: any[];
    private config: ProcessorConfig;
    
    constructor(data: any[], config: ProcessorConfig) {
        this.data = data;
        this.config = config;
    }
    
    // Only expose necessary public methods
    process(): ProcessedData {
        return this.transform(this.validate(this.data));
    }
    
    private validate(data: any[]): any[] {
        // Implementation detail
        return data.filter(item => item !== null);
    }
    
    private transform(data: any[]): ProcessedData {
        // Implementation detail
        return new ProcessedData(data);
    }
}

2. Use Getters for Computed Values

class Order {
    constructor(
        private items: OrderItem[],
        private taxRate: number
    ) {}
    
    // Computed - no storage needed
    get subtotal(): number {
        return this.items.reduce((sum, item) => sum + item.total, 0);
    }
    
    get tax(): number {
        return this.subtotal * this.taxRate;
    }
    
    get total(): number {
        return this.subtotal + this.tax;
    }
}

3. Validate in Setters

class Product {
    private _price: number;
    
    get price(): number {
        return this._price;
    }
    
    set price(value: number) {
        if (value < 0) {
            throw new Error('Price cannot be negative');
        }
        if (value > 1000000) {
            throw new Error('Price exceeds maximum allowed');
        }
        this._price = Math.round(value * 100) / 100;  // Round to 2 decimals
    }
}

4. Immutable Objects

class Money {
    constructor(
        private readonly amount: number,
        private readonly currency: string
    ) {}
    
    // No setters - immutable
    getAmount(): number {
        return this.amount;
    }
    
    getCurrency(): string {
        return this.currency;
    }
    
    // Return new instance for changes
    add(other: Money): Money {
        if (this.currency !== other.currency) {
            throw new Error('Currency mismatch');
        }
        return new Money(this.amount + other.amount, this.currency);
    }
}

What's Next

You now understand:

Public, private, and protected access modifiers
Getters and setters for controlled access
Information hiding and encapsulation
Protecting data integrity through validation
Computed properties

In Part 3: Inheritance and Polymorphism, you'll learn how to create class hierarchies, extend behavior, override methods, and leverage polymorphism for flexible, maintainable code.

Based on building secure TypeScript applications with proper encapsulation, from banking systems to e-commerce platforms.

PreviousPart 1: Classes and Objects - Building Blocks NextPart 3: Inheritance and Polymorphism - Code Reuse and Flexibility

Last updated 15 hours ago

hashtagIntroduction

hashtagThe Problem: Direct Property Access

hashtagThe Solution: Encapsulation

hashtagAccess Modifiers in TypeScript

hashtagPublic (Default)

hashtagPrivate

hashtagProtected

hashtagGetters and Setters

hashtagBasic Getters and Setters

hashtagComputed Properties

hashtagReal Example: User Profile Management

hashtagInformation Hiding

hashtagExposing Only What's Needed

hashtagInternal State Management

hashtagReal Example: Shopping Cart

hashtagPrivate Fields (#) - ES2022 Feature

hashtagBest Practices

hashtag1. Make Everything Private by Default

hashtag2. Use Getters for Computed Values

hashtag3. Validate in Setters

hashtag4. Immutable Objects

hashtagWhat's Next