DEV Community

Cover image for Why you should avoid package-private scope in Java
Igor Konoplyanko
Igor Konoplyanko

Posted on


Why you should avoid package-private scope in Java

Recently I was discussing in my project about package-private visibility modifier.

"Wait, what is package-private in Java?" It's also sometimes called default or no modifier.
This is when class or method doesn't have any modifier. For example:

class SomeObject {
  void doSomething() {
Enter fullscreen mode Exit fullscreen mode

There are more details in Java tutorial.

It should be not used unless very-very specific reason. You either choose between public, private or protected.

There are reasons I've heard so far from different people:

  • But I need it to test method in my object!
  • But It's better to restrict access to the Object as much as possible! It's being accessed only by same-package classes.
  • I have library with lots of users and want to hide implementation details from them!

But I need it to test method in my object!

Don't do package-private just to test that very important method. It's one of the frequent fallacies which I observe. People tend to get somehow access to that private logic, just relax it a little bit and then do dirty testing!
There is a better way. First you need to understand that something probably wrong with your design, if there is a some hidden functionality which is hard to get to test. It means that it's a perfect candidate for refactoring! Just extract that logic into inner class with well-defined API methods and test them.

But It's better to restrict access to the Object as much as possible! It's being accessed only by same-package classes.

Official Oracle documentation says:
Use the most restrictive access level that makes sense for a particular member.
Use private unless you have a good reason not to.

I am totally agree with this statement, just if we will drop package-private out of this list. Life will be much easier for your project if everything will be public/private. One of the most frequent refactorings in large codebases is Move File/Class. With lots of package-private access it will become immediately annoying to do so. Why not to make them public then?
At the end both public and package-private expose API of your class. No matter that in latter case it's limited by package, it's still an API which you have to care about.

When it still makes sense

  • Tests. It's relatively new trend to not to write access modifiers for test code. Anyways modifiers bring some noise to the code and access visibility doesn't matter so much in tests as it does in production code. Less typing is better!
  • You are supporting library with lots of users. Unless your library should be compatible with java8 or less! Otherwise I encourage to use JPMS (Project Jigsaw) in your libs, which will give you much better control over your exposed API's and internal implementation compared to package-private

So as you can see in 2019 (soon 2020!) there are not so much reasons to go with package-private visibility.

Top comments (8)

snuk87 profile image

I don’t share your view. In my opinion package private should be used frequently and should always be used if you don't have to make a class public.

The more restricted your access level the less chances to create unnecessary dependencies that will end up in a big ball of mud. In a lot of architectural styles like clean architecture, layered architecture, hexagonal architecture and domain driven design (DDD) it is important to have clean boundaries between your modules. In case of DDD you have different contexts and you only want to provide access to a domain through a well defined interface. The simplest way to achieve this is with package private scope.

It's also important to organize your packages in a proper way. I have seen a lot of people tend to create too many packages and sub packages but a java package should contain all classes of a specific domain/context. E.g. the web interface, business logic / service layer, DAO layer of one domain should be in one package and only provide functions to other packages through interfaces.

cauchypeano profile image
Igor Konoplyanko

My position here is that to avoid unnecessary dependencies we need to use better mechanism as we have with Package scopes. It's too poor and will not help us to achieve hexagonal architecture/DDD but will annoy us during refactoring.

That's also reason why java got jigsaw - to overcome those issues in much nicer way.

So far all reasons I've heard in favor for package-private - is to achieve DDD/Hexagonal architecture based on package scopes.

snuk87 profile image

Can you give me an example of anything that becomes annoying when you use package private?
I never faced any problems ... quite the contrary, it showed me when my domain design wasn't good.

In your blog post you said that you agree with oracles recommendation on using the most restrictive access level but in the next sentence you say Life will be much easier for your project if everything will be public/private. So you say it's better to use public instead of package private. Those two sentences are a contradiction.

The main reason why JAVA got jigsaw was to modularize the JDK. That you can use it for your projects is just a nice side effect. I totally agree that jigsaw is a much cleaner solution than using package scopes but in reality jigsaw is mostly used for green field projects and old projects are rarely refactored to use jigsaw. So I think it will take a few more years that the majority of JAVA applications will shift to jigsaw.

That's why package private is so important. You need a clean architecture when you have a project with 1M+ lines of code and working with 20 other developers. Also it's much easier to slice your application into micro services when you have a clean architecture.

baenencalin profile image
Calin Baenen

Java needs an equivalent to internal from C#.
Another reason "package-private" is bad is because you can't use those pckg-prvt things from a "super-package". But why not? Wouldn't it make sense to treat a super as part of that family?

darkknightpl profile image
Marcin Jarząbek • Edited

I don't think I'd agree with title statement - of course it's important to choose apropriate scope to specific case we're dealing with, but package scope is definetely being used too rarely.
Devs, left with choice either public or private tend to choose public to make things easier. But making class or method public it means it is part of your contract - functionality your package expose to other parts of code. If another part is using this class/method it's much harder to change/refactor it and code becomes tightly coupled.

An alternative is to make only one class in package public - and this class, facade, becomes your contract. All other classes can be package private. Then you test your package behaviour via facade class and refactoring is much easier.
Following this pattern makes also reading code easier - if you need only some functionality from package you only need to read facade class - and it's immediately visible - because it's public. Only if you need to change sth inside you need to go deeper and read another classes.

Architecture pattern that adapts this package-private style easily is hexagonal architecture, or ports-adapters architecture. You expose functionality of domain via public port, and rest of it is hidden with package-private scope. Following BDD you test domain via ports - like a black box.

Good talk about hex architecture and package scope :)

cauchypeano profile image
Igor Konoplyanko

thank you for your reply!
Regarding your comment: I am generally agree with you, especially that I am also fan of hexagonal architecture. But in my opinion packages+package scope is very constrained and rigid mechanism to do so.

For example if you have more than 20 classes - you can't split them into subpackages so easily. Subpackages do not see package-private classes above them! For me the better way will be going with modularized application, especially with project jigsaw on top of it. In this way we will be really in control what part of our module we can expose and what part we want to hide as internal implementation details.

darkknightpl profile image
Marcin Jarząbek • Edited

Thanks for replying for my comment :)

My concern is that many other developers don't have much experience with jigsaw, or maybe won't use it because project isn't especially big. Therefore I think package scope shouldn't end up on the scrap heap yet ;) If used properly can be very helpful in maintaining project architecture clean and modules loosely coupled.

developmind profile image
Dirk Detering

Well , in my opinion this article is too short-sighted.

It doesn't even state it's conclusion clearly.
This conclusion is not "avoid package private", as the title suggests, but "jigsaw modules are a better way to solve the visibility problem".

Would it be written with this conclusion in mind, I would mostly agree. In theory at least.

In practice, the picture is far more complicated. "Avoid package private" sounds first like an advice of an experienced architect who has come to this conclusion due to being faced with heavy pains over years in many ways when working with PP.

But in my experience this advice is only valid for a new small project starting with jigsaw from ground up.

This advice is not applicable and simply dangerous for large legacy codebases which are still maintained (refactored, enhanced) with many dependencies, based on a legacy toolchain to build it and still based on JEE application servers.

Here "jigsaw the world" is simply not an option. Point.
Packages are the only way to modularise beyond jars (which are mostly fat), and the lack of using package-private where possible, useful and needed in the past already led to heavy pains due to leaking implementation details into APIs.
The way to solve that is by refactoring into usage of PP, not away from it.

Large legacy codebases of enterprise systems are in 2020 still on JDK8 (being LTS) and are still on the way to migrate to JDK11(being the current LTS).
But this migration - a painful one btw - still doesn't produce a jigsawed system, but a system using all possible legacy flags and single-module-all-the-shit solutions, just to get the migration done in shortest time (in our company now round about ten month, still not done).

So my advice is: Use package-private where you haven't been aware of this possibility before (some young developers indeed weren't). It's an undervalued tool in your box!
Perhaps add a dev-comment ("pp by purpose"), as due to Java's default behaviour a reader cannot be sure if the modifier wasn't simply forgotten, so some new maintainer may try to add 'public' to "correct" that. That's the only quirk I see with PP.

Timeless DEV post...

Git Concepts I Wish I Knew Years Ago

The most used technology by developers is not Javascript.

It's not Python or HTML.

It hardly even gets mentioned in interviews or listed as a pre-requisite for jobs.

I'm talking about Git and version control of course.

One does not simply learn git