Skip to content

fix(types): restrict provide() key to string | InjectionKey to avoid unexpected key collisions #12999

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(types): restrict provide() key to string | InjectionKey to avoid unexpected key collisions #12999

wants to merge 1 commit into from
+8 −5

Conversation

et84121
Copy link

@et84121 et84121 commented Mar 5, 2025
edited by edison1105
Loading

fix #9439

Overview

This PR updates the type signature of the provide() function to accept only two kinds of keys:

  1. InjectionKey<T> (which is a symbol), and
  2. string

Previously, provide() accepted keys of type number or even object. In JavaScript, any non-string, non-symbol key will be implicitly converted to a string. For example:

  • A number key like 123 becomes the string "123".
  • An object key becomes the string "[object Object]".

These conversions can cause key collisions. Multiple different objects (or numbers, booleans, etc.) might all end up converting to the same string key, overwriting each other’s values. That is obviously unwanted behavior in an API designed for unique injection keys.

Reasoning

  1. Type Consistency: Restricting keys to string | symbol is consistent with core JavaScript behavior for object property names – objects use string or symbol keys.
  2. Prevent Unintended Collisions: Implicit string conversion of numbers, booleans, or objects can lead to subtle bugs. For instance, two different objects would both become "[object Object]".
  3. Align with Usage: In typical Vue usage, injection keys are often symbol-based to ensure uniqueness, or occasionally string-based for clarity. Accepting arbitrary key types can mask potential errors.

What Changed

  • In apiInject.ts, the type of provide() is changed from: 
    export function provide<T, K = InjectionKey<T> | string | number>(key: K, ...)
    to: 
    export function provide<T, K extends InjectionKey<T> | string = InjectionKey<T> | string>(
  key: K,
  ...
)
    This enforces that key must be either a symbol-based InjectionKey<T> or a string, eliminating number (and others) from the accepted set of types.

Benefits

  • Stronger Type Safety: Prevents accidental usage of boolean, object, or number as keys that silently collide after string conversion.
  • Clearer Intent: Makes it explicit that injection keys should be unique symbols or well-defined strings.
  • Future-proof: Matches the standard practice in JavaScript/TypeScript of using string | symbol for object keys, avoiding inconsistent usage.

Overall, this change ensures safer and more predictable behavior when injecting or providing dependencies in Vue, reducing the risk of subtle collisions and bugs.

External Document

@skirtles-code
Copy link
Contributor

@edison1105
Copy link
Member

/ecosystem-ci run

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Mar 6, 2025

Open in Stackblitz

@vue/compiler-core

npm i https://pkg.pr.new/@vue/compiler-core@12999

@vue/compiler-dom

npm i https://pkg.pr.new/@vue/compiler-dom@12999

@vue/compiler-sfc

npm i https://pkg.pr.new/@vue/compiler-sfc@12999

@vue/compiler-ssr

npm i https://pkg.pr.new/@vue/compiler-ssr@12999

@vue/reactivity

npm i https://pkg.pr.new/@vue/reactivity@12999

@vue/runtime-core

npm i https://pkg.pr.new/@vue/runtime-core@12999

@vue/runtime-dom

npm i https://pkg.pr.new/@vue/runtime-dom@12999

@vue/server-renderer

npm i https://pkg.pr.new/@vue/server-renderer@12999

@vue/shared

npm i https://pkg.pr.new/@vue/shared@12999

vue

npm i https://pkg.pr.new/vue@12999

@vue/compat

npm i https://pkg.pr.new/@vue/compat@12999

commit: 361d108

@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 6, 2025

Size Report

Bundles

File Size Gzip Brotli
runtime-dom.global.prod.js 100 kB 38.1 kB 34.3 kB
vue.global.prod.js 158 kB 58 kB 51.6 kB

Usages

Name Size Gzip Brotli
createApp (CAPI only) 46.5 kB 18.2 kB 16.7 kB
createApp 54.6 kB 21.3 kB 19.4 kB
createSSRApp 58.8 kB 23 kB 21 kB
defineCustomElement 59.4 kB 22.9 kB 20.8 kB
overall 68.6 kB 26.4 kB 24.1 kB

@vue-bot
Copy link
Contributor

vue-bot commented Mar 6, 2025

📝 Ran ecosystem CI: Open

suite result latest scheduled
language-tools failure success
nuxt success success
pinia failure success
primevue failure success
quasar success success
radix-vue success success
router success success
test-utils success success
vant success success
vite-plugin-vue success success
vitepress success success
vue-i18n success success
vue-macros success success
vuetify success success
vueuse failure success
vue-simple-compiler success success

@edison1105
Copy link
Member

/ecosystem-ci run

@vue-bot
Copy link
Contributor

vue-bot commented Mar 7, 2025

📝 Ran ecosystem CI: Open

suite result latest scheduled
language-tools success success
vitepress success success
nuxt success success
primevue success success
pinia success success
vue-i18n success success
quasar success success
radix-vue success success
test-utils success success
vite-plugin-vue success success
vue-macros success success
vuetify success success
router success success
vueuse failure success
vue-simple-compiler success success
vant success success

@edison1105 edison1105 added the ready to merge The PR is ready to be merged. label Mar 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ready to merge The PR is ready to be merged. scope: types version: minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Types inject does not support number argument
4 participants
@et84121 @skirtles-code @edison1105 @vue-bot