Gathering detailed insights and metrics for launchdarkly-js-client-sdk
Gathering detailed insights and metrics for launchdarkly-js-client-sdk
LaunchDarkly Client-side SDK for Browser JavaScript
Installations
npm install launchdarkly-js-client-sdkDeveloper
launchdarkly
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
113 Stars
1,436 Commits
66 Forks
46 Watching
5 Branches
194 Contributors
Updated on 07 Nov 2024
Bundle Size
52.65 kB
Minified
18.55 kB
Minified + Gzipped
Languages
JavaScript (71.63%)
HTML (16.49%)
Shell (7.1%)
TypeScript (4.26%)
CSS (0.53%)
Total Downloads
Cumulative downloads
Total Downloads
123,120,902
Last day
-3.2%
202,407
Compared to previous day
Last week
3.5%
1,071,583
Compared to previous week
Last month
19.1%
4,546,832
Compared to previous month
Last year
34.2%
47,671,650
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
2
Dev Dependencies
34
@babel/cli@babel/core@babel/eslint-parser@babel/plugin-transform-regenerator@babel/plugin-transform-runtime@babel/preset-env@babel/runtime@rollup/plugin-node-resolve@rollup/plugin-replacebabel-jestcross-enveslinteslint-config-prettiereslint-config-xoeslint-formatter-prettyeslint-plugin-babeleslint-plugin-prettierjestjest-environment-jsdomjest-junitjest-localstorage-mockjsdomprettierrimrafrolluprollup-plugin-babelrollup-plugin-commonjsrollup-plugin-filesizerollup-plugin-node-globalsrollup-plugin-tersersinontypescripttypedoc@types/estree
Versions
LaunchDarkly SDK for Browser JavaScript
LaunchDarkly overview
LaunchDarkly is a feature management platform that serves trillions of feature flags daily to help teams build better software, faster. Get started using LaunchDarkly today!
Getting started
Refer to the SDK documentation for instructions on getting started with using the SDK.
Note: If you are using JavaScript in a non-browser environment, please see our server-side Node.js SDK, client-side Node.js SDK, and Electron SDK.
Please note that the JavaScript SDK has two special requirements in terms of your LaunchDarkly environment. First, in terms of the credentials for your environment that appear on your Account Settings dashboard, the JavaScript SDK uses the "Client-side ID"-- not the "SDK key" or the "Mobile key". Second, for any feature flag that you will be using in JavaScript code, you must check the "Make this flag available to client-side SDKs" box on that flag's Settings page.
ReactJS
The SDK does not require any particular JavaScript framework. However, if you are using React, there is an add-on to simplify use of the SDK. See react-client-sdk.
Browser compatibility
The LaunchDarkly SDK can be used in all major browsers. However, web browsers vary widely in their support of specific features and standards. Three features that are used by the LaunchDarkly SDK that may not be available on every browser are Promise, EventSource, and document.querySelectorAll(). For more information on whether you may need to use a polyfill to ensure compatibility, and how to do so, see "JS SDK requirements and polyfills".
Logging
By default, the SDK sends log output to the browser console. There are four logging levels: debug, info, warn, and error; by default, debug and info messages are hidden. See LDOptions.logger and basicLogger for more details.
Learn more
Read our documentation for in-depth instructions on configuring and using LaunchDarkly. You can also head straight to the complete reference guide for this SDK. Additionally, the authoritative full description of all properties, types, and methods is the online TypeScript documentation. If you are not using TypeScript, then the types are only for your information and are not enforced, although the properties and methods are still the same as described in the documentation.
For examples of using the SDK in a simple JavaScript application, see hello-js and hello-bootstrap.
Testing
We run integration tests for all our SDKs using a centralized test harness. This approach gives us the ability to test for consistency across SDKs, as well as test networking behavior in a long-running application. These tests cover each method in the SDK, and verify that event sending, flag evaluation, stream reconnection, and other aspects of the SDK all behave correctly.
Contributing
We encourage pull requests and other contributions from the community. Check out our contributing guidelines for instructions on how to contribute to this SDK.
About LaunchDarkly
- LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
- Roll out a new feature to a subset of your users (like a group of users who opt-in to a beta tester group), gathering feedback and bug reports from real-world use cases.
- Gradually roll out a feature to an increasing percentage of users, and track the effect that the feature has on key metrics (for instance, how likely is a user to complete a purchase if they have feature A versus feature B?).
- Turn off a feature that you realize is causing performance problems in production, without needing to re-deploy, or even restart the application with a changed configuration file.
- Grant access to certain features based on user attributes, like payment plan (eg: users on the ‘gold’ plan get access to more features than users in the ‘silver’ plan). Disable parts of your application to facilitate maintenance, without taking everything offline.
- LaunchDarkly provides feature flag SDKs for a wide variety of languages and technologies. Check out our documentation for a complete list.
- Explore LaunchDarkly
- launchdarkly.com for more information
- docs.launchdarkly.com for our documentation and SDK reference guides
- apidocs.launchdarkly.com for our API documentation
- blog.launchdarkly.com for the latest product updates
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 12/17 approved changesets -- score normalized to 7
Reason
5 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 5
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-please.yml:24
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint-pr-title.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/js-client-sdk/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/js-client-sdk/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/js-client-sdk/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/js-client-sdk/release-please.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/js-client-sdk/release-please.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/js-client-sdk/release-please.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: scripts/release.sh:20
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:34
- Warn: npmCommand not pinned by hash: .github/workflows/release-please.yml:42
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 3 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 3.4.0 not signed: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/161520060
- Warn: release artifact 3.3.0 not signed: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/153694431
- Warn: release artifact 3.2.0 not signed: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/147300740
- Warn: release artifact 3.1.4 not signed: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/120201907
- Warn: release artifact 3.4.0 does not have provenance: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/161520060
- Warn: release artifact 3.3.0 does not have provenance: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/153694431
- Warn: release artifact 3.2.0 does not have provenance: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/147300740
- Warn: release artifact 3.1.4 does not have provenance: https://api.github.com/repos/launchdarkly/js-client-sdk/releases/120201907
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 25 are checked with a SAST tool
Score
5.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More