SDK Tech Lead Irakli Gozalishvili blogged today about the intention behind the SDK’s namespace implementation:
Sometimes program is written to work with third party, potentially malicious, code which may use variety of attack vectors in order to escalate privileges and do something harmful. This is exact scenario we have in add-on SDK, where we wrap sudo powered browser internals into higher level APIs with reduced capabilities, such that by looking at add-on’s module graph we’re able to say what it’s capable of doing.
You can read the whole post over on Irakli’s blog. If you are interested in developing your own modules, this new implementation provides a simple way for you to wrap code that uses chrome authority into modules that can be both easy to use, and more secure.
At the end of Irakli’s post he discusses some limitations of the current namespaces implementation:
…properties are instance specific, or in other words namespaced properties of ancestors (objects in the prototype chain) are not inherited and have to be explicitly accessed, which may feel bit awkward.
I noticed this morning that Irakli has also open a pull request to address this specific limitation.