Skillget

javascript

skill
Guvenlik Denetimi
Basarisiz
Health Gecti
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 22 GitHub stars
Code Basarisiz
  • rm -rf — Recursive force deletion command in .github/workflows/publish.yml
  • network request — Outbound network request in packages/browser-sdk/example/feedback/Feedback.jsx
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose

This tool provides a comprehensive suite of client-side and server-side TypeScript SDKs for integrating Reflag, a feature flagging service for SaaS applications.

Security Assessment

The overall risk is rated as Low. The tool does not request dangerous system permissions and no hardcoded secrets were found. Outbound network requests are present, which is entirely expected for an SDK designed to fetch feature flag states from a remote server. One check flagged a recursive force deletion command (`rm -rf`), but this is safely contained within an automated GitHub Actions publishing workflow (`publish.yml`) rather than being executed in the application's runtime source code.

Quality Assessment

This is a well-maintained and structured open-source project. It utilizes the highly permissive MIT license, making it suitable for commercial and private use. Development appears highly active, with the most recent code push occurring just two days ago. The repository has garnered 22 GitHub stars, indicating a modest but growing level of community trust. Additionally, the project relies on modern and secure release practices, such as automated versioning and npm Trusted Publishers.

Verdict

Safe to use. The project is actively maintained, securely structured, and poses no abnormal security threats for a client-facing SDK.
SUMMARY

JS/TS SDKs for Reflag

README.md

Reflag

Feature flags for SaaS that run on TypeScript. Learn more and get started

React SDK

Client side React SDK

Read the docs

React Native SDK (beta)

React Native SDK for mobile apps

Read the docs

Vue SDK (beta)

Client side Vue SDK

Read the docs

Browser SDK

Browser SDK for use in non-React web applications

Read the docs

Node.js SDK

Node.js SDK for use on the server side.
Use this for Cloudflare Workers as well.

Read the docs

Management SDK (beta)

Typed SDK for Reflag's REST API.

Read the docs

Reflag CLI

CLI to interact with Reflag and generate types

Read the docs

OpenFeature Browser Provider

Use Reflag with OpenFeature in the browser through the Reflag OpenFeature Browser Provider

Read the docs

OpenFeature Node.js Provider

Use the Reflag with OpenFeature on the server in Node.js through the Reflag OpenFeature Node.js Provider

Read the docs

Development

Versioning

  1. Create a new branch locally
  2. Run yarn changeset
  3. Select the packages that changed and the correct bump type
  4. Commit the generated file in .changeset/
  5. Push and open a PR

Publishing

Repository setup:

  1. Configure npm Trusted Publisher entries for the packages in this repo against the reflagcom/javascript GitHub repository and the publish.yml workflow
  2. Keep the workflow on GitHub-hosted runners with id-token: write, plus contents: write and pull-requests: write for the release PR flow

When a PR with one or more changesets is merged to main, the release workflow will open or update a Version Packages PR.

Merging that PR will:

  1. Apply the version bumps
  2. Publish the updated packages to npm
  3. Rebuild and push the generated SDK docs

Yorumlar (0)

Sonuc bulunamadi