JavaScript SDK for Optimizely Feature Experimentation and Optimizely Full Stack (legacy)
Installations
npm install @optimizely/optimizely-sdkReleases
Developer
Developer Guide
Module System
CommonJS, ESM, UMD
Min. Node Version
>=14.0.0
Typescript Support
No
Node Version
16.20.2
NPM Version
8.19.4
Statistics
80 Stars
665 Commits
82 Forks
92 Watching
73 Branches
282 Contributors
Updated on 27 Nov 2024
Languages
TypeScript (52.02%)
JavaScript (47.98%)
Total Downloads
Cumulative downloads
Total Downloads
44,546,504
Last day
-10.9%
45,672
Compared to previous day
Last week
-1.4%
240,694
Compared to previous week
Last month
6.8%
1,064,866
Compared to previous month
Last year
6.9%
11,769,991
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
5
Dev Dependencies
47
Optimizely JavaScript SDK
This repository houses the JavaScript SDK for use with Optimizely Feature Experimentation and Optimizely Full Stack (legacy).
Optimizely Feature Experimentation is an A/B testing and feature management tool for product development teams that enables you to experiment at every step. Using Optimizely Feature Experimentation allows for every feature on your roadmap to be an opportunity to discover hidden insights. Learn more at Optimizely.com, or see the developer documentation.
Optimizely Rollouts is free feature flags for development teams. You can easily roll out and roll back features in any application without code deploys, mitigating risk for every feature on your roadmap.
Get Started
For Browser applications, refer to the JavaScript SDK's developer documentation for detailed instructions on getting started with using the SDK within client-side applications.
For Node.js applications, refer to the JavaScript (Node) variant of the developer documentation.
For Edge Functions, we provide starter kits that utilize the Optimizely JavaScript SDK for the following platforms:
Note: We recommend using the Lite version of the sdk for edge platforms. These starter kits also use the Lite variant of the JavaScript SDK which excludes the datafile manager and event processor packages.
Prerequisites
Ensure the SDK supports all of the platforms you're targeting. In particular, the SDK targets modern ES5-compliant JavaScript environment. We officially support:
- Node.js >= 16.0.0. By extension, environments like AWS Lambda, Google Cloud Functions, and Auth0 Webtasks are supported as well. Older Node.js releases likely work too (try
npm testto validate for yourself), but are not formally supported. - Modern Web Browsers, such as Microsoft Edge 84+, Firefox 91+, Safari 13+, and Chrome 102+, Opera 76+
In addition, other environments are likely compatible but are not formally supported including:
- Progressive Web Apps, WebViews, and hybrid mobile apps like those built with React Native and Apache Cordova.
- Cloudflare Workers and Fly, both of which are powered by recent releases of V8.
- Anywhere else you can think of that might embed a JavaScript engine. The sky is the limit; experiment everywhere! 🚀
Requirements
-
JavaScript (Browser): Modern web browser that is ES5-compliant.
-
JavaScript (Node): Node 16.0.0+
Install the SDK
Once you've validated that the SDK supports the platforms you're targeting, fetch the package from NPM:
Using npm:
1npm install --save @optimizely/optimizely-sdk
Using yarn:
1yarn add @optimizely/optimizely-sdk
Using pnpm:
1pnpm add @optimizely/optimizely-sdk
Using deno (no installation required):
1import optimizely from "npm:@optimizely/optimizely-sdk"
Use the JavaScript SDK (Browser)
See the Optimizely Feature Experimentation developer documentation for JavaScript (Browser) to learn how to set up your first JavaScript project and use the SDK for client-side applications.
Initialization (Browser)
The package has different entry points for different environments. The browser entry point is an ES module, which can be used with an appropriate bundler like Webpack or Rollup. Additionally, for ease of use during initial evaluations you can include a standalone umd bundle of the SDK in your web page by fetching it from unpkg:
1<script src="https://unpkg.com/@optimizely/optimizely-sdk/dist/optimizely.browser.umd.min.js"></script> 2 3<!-- You can also use the unminified version if necessary --> 4<script src="https://unpkg.com/@optimizely/optimizely-sdk/dist/optimizely.browser.umd.js"></script>
When evaluated, that bundle assigns the SDK's exports to window.optimizelySdk. If you wish to use the asset locally (for example, if unpkg is down), you can find it in your local copy of the package at dist/optimizely.browser.umd.min.js. We do not recommend using this method in production settings as it introduces a third-party performance dependency.
As window.optimizelySdk should be a global variable at this point, you can continue to use it like so:
1const optimizelyClient = window.optimizelySdk.createInstance({ 2 sdkKey: '<YOUR_SDK_KEY>', 3 // datafile: window.optimizelyDatafile, 4 // etc. 5}); 6 7optimizelyClient.onReady().then(({ success, reason }) => { 8 if (success) { 9 // Create the Optimizely user context, make decisions, and more here! 10 } 11});
Regarding EventDispatchers: In Node.js and browser environments, the default EventDispatcher is powered by the http/s modules and by XMLHttpRequest, respectively. In all other environments, you must supply your own EventDispatcher.
Use the JavaScript SDK (Node)
See the Optimizely Feature Experimentation developer documentation for JavaScript (Node) to learn how to set up your first JavaScript project and use the SDK for server-side applications.
Initialization (Node)
The package has different entry points for different environments. The node entry point is CommonJS module.
1const optimizelySdk = require('@optimizely/optimizely-sdk'); 2 3const optimizelyClient = optimizelySdk.createInstance({ 4 sdkKey: '<YOUR_SDK_KEY>', 5 // datafile: window.optimizelyDatafile, 6 // etc. 7}); 8 9optimizelyClient.onReady().then(({ success, reason }) => { 10 if (success) { 11 // Create the Optimizely user context, make decisions, and more here! 12 } 13});
Regarding EventDispatchers: In Node.js environment, the default EventDispatcher is powered by the http/s module.
SDK Development
Unit Tests
There is a mix of testing paradigms used within the JavaScript SDK which include Mocha, Chai, Karma, and Jest, indicated by their respective *.tests.js and *.spec.ts filenames.
When contributing code to the SDK, aim to keep the percentage of code test coverage at the current level () or above.
To run unit tests on the primary JavaScript SDK package source code, you can take the following steps:
- On your command line or terminal, navigate to the
~/javascript-sdk/packages/optimizely-sdkdirectory. - Ensure that you have run
npm installto install all project dependencies. - Run
npm testto run all test files. - (For cross-browser testing) Run
npm run test-xbrowserto run tests in many browsers via BrowserStack. - Resolve any tests that fail before continuing with your contribution.
This information is relevant only if you plan on contributing to the SDK itself.
1# Prerequisite: Install dependencies. 2npm install 3 4# Run unit tests. 5npm test 6 7# Run unit tests in many browsers, currently via BrowserStack. 8# For this to work, the following environment variables must be set: 9# - BROWSER_STACK_USERNAME 10# - BROWSER_STACK_PASSWORD 11npm run test-xbrowser
/.github/workflows/javascript.yml contains the definitions for BROWSER_STACK_USERNAME and BROWSER_STACK_ACCESS_KEY used in the GitHub Actions CI pipeline. When developing locally, you must provide your own credentials in order to run npm run test-xbrowser. You can register for an account for free on the BrowserStack official website here.
Contributing
For more information regarding contributing to the Optimizely JavaScript SDK, please read Contributing.
Special Notes
Migrating from 4.x.x
This version represents a major version change and, as such, introduces some breaking changes. Please refer to the Changelog for more details.
Feature Management access
To access the Feature Management configuration in the Optimizely dashboard, please contact your Optimizely customer success manager.
Credits
@optimizely/optimizely-sdk is developed and maintained by Optimizely and many contributors. If you're interested in learning more about what Optimizely Feature Experimentation can do for your company you can visit the official Optimizely Feature Experimentation product page here to learn more.
First-party code (under packages/optimizely-sdk/lib/, packages/datafile-manager/lib, packages/datafile-manager/src, packages/datafile-manager/__test__, packages/event-processor/src, packages/event-processor/__tests__, packages/logging/src, packages/logging/__tests__, packages/utils/src, packages/utils/__tests__) is copyright Optimizely, Inc. and contributors, licensed under Apache 2.0.
Other Optimizely SDKs
No vulnerabilities found.
Reason
all changesets reviewed
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
5 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 4
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/integration_test.yml:1
- Warn: no topLevel permission defined: .github/workflows/javascript.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint_markdown.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/source_clear_crone.yml:1
- Warn: no topLevel permission defined: .github/workflows/ticket_reference_check.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integration_test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/integration_test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:70: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/javascript.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/javascript.yml:98: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/javascript.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/javascript.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint_markdown.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/lint_markdown.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/lint_markdown.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/lint_markdown.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/source_clear_crone.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/source_clear_crone.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ticket_reference_check.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/optimizely/javascript-sdk/ticket_reference_check.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/javascript.yml:26
- Warn: npmCommand not pinned by hash: .github/workflows/javascript.yml:59
- Warn: npmCommand not pinned by hash: .github/workflows/javascript.yml:78
- Warn: npmCommand not pinned by hash: .github/workflows/release.yml:28
- Warn: downloadThenRun not pinned by hash: .github/workflows/source_clear_crone.yml:19
- Info: 0 out of 11 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 4 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 npmCommand dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch '4.9.3'
- Warn: branch protection not enabled for branch '4.6.2'
- Warn: branch protection not enabled for branch '4.6.x'
- Info: 'allow deletion' disabled on branch 'master'
- Info: 'force pushes' disabled on branch 'master'
- Info: 'branch protection settings apply to administrators' is required to merge on branch 'master'
- Warn: required approving review count is 1 on branch 'master'
- Warn: codeowners review is not required on branch 'master'
- Warn: 'up-to-date branches' is disabled on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Info: PRs are required in order to make changes on branch 'master'
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-96g7-g7g9-jxw8
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986 / GHSA-64vr-g452-qvp3
- Warn: Project is vulnerable to: GHSA-9cwx-2883-4wfx
Score
4.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @optimizely/optimizely-sdk
@optimizely/react-sdk
React SDK for Optimizely Feature Experimentation, Optimizely Full Stack (legacy), and Optimizely Rollouts
@optimizely/js-sdk-utils
Optimizely Full Stack Utils
@optimizely/js-sdk-logging
Optimizely Full Stack Core Logging
optimizely-server-sdk
Node SDK for Optimizely X Full Stack