Home > JavaScript > Protecting JavaScript Properties with Object.defineProperty

Protecting JavaScript Properties with Object.defineProperty

In modern JavaScript development, prioritizing the security and integrity of your code is of utmost importance. A powerful approach to accomplish this is by employing the “Protecting JavaScript Object Properties with Object.defineProperty” technique to secure object properties.

This method provides fine-grained control over the configurability, writability, and enumerability of object properties, helping developers create more robust and secure applications.

In this tutorial, we will learn about protecting JavaScript object properties with Object.defineProperty() method. How you can protect properties from modification and deletion. Also how to create immutable objects.

Understanding the Need for Property Lockdown

Developers often encounter scenarios where certain properties of an object should remain constant or should not be easily modifiable. This need arises when designing APIs, working with configuration settings, or handling security-sensitive information.

Without proper control, unintended modifications or deletions can lead to unpredictable behavior and security vulnerabilities.

By leveraging Object.defineProperty(), developers can enforce restrictions on their object properties, preventing unauthorized changes and promoting a more stable codebase.

This level of control is particularly crucial in large codebases or collaborative projects where multiple developers are working on different parts of the system.

Why Use Object.defineProperty?


  • By setting the writable and configurable flags appropriately, you can encapsulate the internal state of an object. This prevents unintended modification or deletion of properties, promoting a more controlled and predictable behavior.

Data Integrity:

  • Locking down properties helps maintain data integrity. When certain properties should not be modified after their initial assignment, making them non-writable ensures that their values remain consistent throughout the lifecycle of the object.


  • In security-sensitive applications, preventing the modification or deletion of critical properties is crucial. Object.defineProperty() allows you to restrict certain operations, enhancing the security of your code against unintended or malicious actions.

Controlled API Design:

  • When designing APIs or object interfaces, using Object.defineProperty() allows you to define clear contracts for how users should interact with your objects. It helps create a controlled and stable interface, reducing the likelihood of unexpected side effects.

Benefits of Using Object.defineProperty

Prevent Unintended Modifications:

  • Making properties non-writable ensures that their values remain constant, reducing the risk of accidental modifications. This is particularly useful for properties representing configuration settings or constants.

Immutable Objects:

  • You can use Object.defineProperty() to create objects with immutable properties. This is beneficial when you want to ensure that once an object is created, its properties cannot be changed, providing a more functional and predictable programming style.

Enhance Code Robustness:

  • By making properties non-configurable, you prevent the accidental deletion of critical properties. This enhances the robustness of your code by protecting against unintentional actions that could lead to runtime errors or unexpected behavior.

Clear Object Contracts:

  • Using Object.defineProperty() allows you to clearly define the contracts for your objects. Developers interacting with your code will have a better understanding of which properties are meant to be read-only, ensuring more predictable and maintainable code.

Compatibility with Standards:

  • In some cases, adherence to certain coding standards or security guidelines may require the use of non-writable or non-configurable properties. Object.defineProperty() provides a standardized way to implement such requirements.

Implementation Object.defineProperty

To lock down JavaScript object properties using Object.defineProperty(), you can use the writable and configurable flags.

Let’s take an example to demonstrate how you can protect the JavaScript object properties to not changing.

Writable Attribute – Protect from Modifying Properties

To protect from modifying JavaScript properties, you have to use the writable flag in the Object.defineProperty() method.

Let’s take an example of a ‘user‘ object which has ‘username‘, ‘mobile_no‘, and ‘email‘ properties. Let’s say I don’t want users to change the ‘username‘ property of the ‘user’ object. To implement this technique to protect the JavaScript object properties, we will use Object.defineProperty() method. We will assign the writable flag to false in this method.

// Create an object
let user = {
	username: 'aman_mehra',
	mobile_no: '9876543210',
	email: '[email protected]'

// Define a read-only property
Object.defineProperty(user, 'username', {
	writable: false

// Attempting to modify the username will result in an error
user.username = 'new_username';  // Error: Cannot assign to read-only property 'username'

In this example, the username property is defined as read-only by setting writable to false. This ensures that once the user an object is initialized, the username property remains constant.

Configurable Attribute – Protect from Deleting Properties

To protect from deleting the JavaScript object properties, you have to assign the configurable flag in the Object.defineProperty() method.

Let’s take the same above example and I don’t want anyone can delete the ‘username‘ property from the ‘user‘ object.

// Create an object
let user = {
	username: 'aman_mehra',
	mobile_no: '9876543210',
	email: '[email protected]'

// Define a configurable property
Object.defineProperty(user, 'username', {
	configurable: false		// Make the property non-configurable

// Attempt to delete the property
delete user.username;  // Error: Cannot delete property 'username'

In the above example, the username property is defined as a controlled property by setting configurable it to false. It will not let users delete a specific property.

Enumerable Attribute – Show or Not to Show up in the Loop

There is an enumerable flag that you can use to make JavaScript object properties enumerable and not able to access in the loop. This means whether it shows up in a for loop and Object.keys() or not.

See the following code example of protecting JavaScript object properties with a enumerable flag in the Object.defineProperty() method. If you set the enumerable flag to true, it will show up in the loop, if you set it to false, it will not show up in the loop.

// Create an object
let user = {
	username: 'aman_mehra',
	mobile_no: '9876543210',
	email: '[email protected]'

// Define a enumerable property
Object.defineProperty(user, 'username', {
	enumerable: false

// Iterate over the properties
for (let key in user) {
  console.log(key);  // // Error: Cannot log property 'username'

Immutable Objects with Object.defineProperty

Another powerful role of Object.defineProperty() is the creation of immutable objects. Immutability ensures that object properties cannot be altered after their initial assignment.

Defining the writable, configurable, and enumerable flags all together make the JavaScript property Immutable. Following is the code example of using these flags.

// Create an object
let user = {
	username: 'aman_mehra',
	mobile_no: '9876543210',
	email: '[email protected]'

// Define a read-only property
Object.defineProperty(user, 'username', {
	writable: false,
	configurable: false,
	enumerable: true

In this example, the ‘username‘ property is set as non-writable and non-configurable, creating an immutable object. This pattern ensures that the configuration object remains constant throughout the application’s execution.

You can adjust these flags based on your specific requirements. Keep in mind that locking down properties in this way may help in creating more controlled and secure code, preventing unintentional modifications and deletions.

There are more flags that you can use with the Object.defineProperty() method. For more details, you check here.


So in this tutorial, you have learned why you should use Object.defineProperty() method and what are benefits of it. You also learned by protecting JavaScript object properties from modification or deletion using this Object.defineProperty() method.

Using Object.defineProperty to lock down JavaScript object properties offers advantages in terms of encapsulation, data integrity, security, and API design. It helps create more reliable, predictable, and secure code, which is essential for building robust applications.


Why use Object.defineProperty?

Object.defineProperty() ensures security by controlling modifications to JavaScript object properties.

What are the benefits of Object.defineProperty?

Enhance code robustness, prevent unauthorized changes, and create more predictable applications.

How to implement Object.defineProperty practically?

To implement Object.defineProperty(), you have to pass the object and security flags. Explore examples to understand the practical implementation of Object.defineProperty for property lockdown.

Can Object.defineProperty create immutable objects?

Yes, Object.defineProperty is used to create immutable objects, ensuring data consistency.

What is defining a property in JavaScript?

Defining a property in JavaScript refers to using Object.defineProperty to set attributes like writability, configurability, and enumerability for an object property.

Can Object.defineProperty be used for creating read-only properties?

Yes, by setting the writable attribute to false, Object.defineProperty can create read-only properties that cannot be modified.

Photo of author

About Aman Mehra

Hey there! I'm Aman Mehra, a full-stack developer with over six years of hands-on experience in the industry. I've dedicated myself to mastering the ins and outs of PHP, WordPress, ReactJS, NodeJS, and AWS, so you can trust me to handle your web development needs with expertise and finesse. In 2021, I decided to share my knowledge and insights with the world by starting this blog. It's been an incredible journey so far, and I've had the opportunity to learn and grow alongside my readers. Whether you're a seasoned developer or just dipping your toes into the world of web development, I'm here to provide valuable content and solutions to help you succeed. So, stick around, explore the blog, and feel free to reach out if you have any questions or suggestions. Together, let's navigate the exciting world of web development!

Leave a Comment