What Is Variable Scope in JavaScript?

You have probably seen questions pop up in dev forums like: “why does this variable show as undefined”, “why do all my setTimeouts log the same value”, or “why does a value leak into the global object”? These are all scope questions.

Hi all,
I’m new to coding, and I keep running into confusing behavior with variables in JavaScript. Sometimes I can access a variable outside where I declared it, sometimes not. I have also seen weird issues with loops and async code capturing the wrong values. 

What is variable scope in JavaScript? How do var, let, and const behave differently with function scope, block scope, and module scope?

In JavaScript, scope determines where a variable is visible and how long it lives. Understanding scope helps you write predictable code, avoid name collisions, and reason about async behavior. Let’s break it down:

• Global scope: Accessible everywhere in your program.
• Function scope: Variables declared inside a function are only available in that function.
• Block scope: Variables declared with let or const inside a block { ... } are only visible in that block.
• Module scope: In ES modules, each file has its own scope. Exports and imports control visibility.

// Block scope vs function scope
if (true) {
  var a = 1;      // function-scoped
  let b = 2;      // block-scoped
  const c = 3;    // block-scoped
}
console.log(a); // 1
console.log(b); // ReferenceError
console.log(c); // ReferenceError

// Mutability
let counter = 0;
counter += 1;     // ok

const apiBase = '/api';
apiBase = '/v2';  // TypeError - cannot reassign const

// Note: const prevents reassignment, not mutation of objects
const config = { retries: 3 };
config.retries = 5; // okCode language: JavaScript (javascript)

Declarations are hoisted, but initialization differs:

console.log(x); // undefined - var is hoisted with default undefined
var x = 10;

console.log(y); // ReferenceError - y is in temporal dead zone
let y = 10;Code language: JavaScript (javascript)

Prefer let and const to catch usage before declaration and avoid subtle bugs.

Closures let inner functions access variables from outer scopes. The classic gotcha happens with loops.

// Problem: var is function-scoped, so all callbacks see the final i
for (var i = 0; i < 3; i++) {
  setTimeout(() => console.log('var i:', i), 0); // prints 3,3,3
}

// Fix 1: use let for block scoping
for (let j = 0; j < 3; j++) {
  setTimeout(() => console.log('let j:', j), 0); // prints 0,1,2
}

// Fix 2: capture via IIFE
for (var k = 0; k < 3; k++) {
  ((n) => setTimeout(() => console.log('IIFE k:', n), 0))(k);
}Code language: JavaScript (javascript)

// config.js
export const API_BASE = '/api';

// users.js
import { API_BASE } from './config.js';
fetch(`${API_BASE}/users`);Code language: JavaScript (javascript)

Modules isolate variables by default, so use exports to share and imports to consume. Unlike scripts, top-level this is undefined in modules and strict mode is implied.

• Avoid globals. Pass values as parameters or import from modules.
• Prefer using const and upgrade to let only when reassignment is necessary.
• Initialize variables close to where they are used to minimize scope.
• In async code, prefer let in loops or capture values explicitly.

When building front-end or Node services that deliver images and videos, keep configuration and secrets scoped safely. For example, host and optimize visuals while keeping API credentials private and configuration well-contained. See an overview of asset delivery considerations in understanding image hosting for websites.

// Node: keep credentials in module scope with environment variables
// cloud.js
import { v2 as cloud } from 'cloudinary';
cloud.config({
  cloud_name: process.env.CLOUDINARY_CLOUD_NAME,
  api_key: process.env.CLOUDINARY_API_KEY,
  api_secret: process.env.CLOUDINARY_API_SECRET
});
export default cloud;

// uploader.js
import cloud from './cloud.js';
export async function uploadImage(path) {
  return cloud.uploader.upload(path, { folder: 'scoped-demo' });
}Code language: JavaScript (javascript)

In the browser, never expose secrets. Use unsigned upload presets and keep them in a local constant that is not globally leaked:

const UPLOAD_PRESET = 'unsigned_preset'; // safe to expose
async function upload(file) {
  const url = 'https://api.cloudinary.com/v1_1/demo/image/upload';
  const fd = new FormData();
  fd.append('file', file);
  fd.append('upload_preset', UPLOAD_PRESET);
  await fetch(url, { method: 'POST', body: fd });
}Code language: JavaScript (javascript)

When generating transformation URLs, build them inside well-scoped helpers and avoid polluting global scope. If you are optimizing delivery, these helpers often encapsulate logic like format switching and size rules for an optimized website.

• Scope controls visibility and lifetime of variables: global, function, block, module.
• Use const by default, let when needed, avoid var.
• Hoisting makes var visible as undefined but let and const have a temporal dead zone.
• Closures capture variables from outer scopes. Use let in loops to avoid async pitfalls.
• In real apps, keep secrets in server scope, avoid global leaks, and encapsulate helpers for media URLs and uploads.

• PNG to WebP Converter
• JPG to PNG
• WEBM to MP4
• Background Remover

Ready to streamline your media workflow while keeping your JavaScript code clean and well scoped? Sign up for a free Cloudinary account and start optimizing today.