LaunchDarkly Client-side SDK for React.js
Installations
npm install launchdarkly-react-client-sdkScore
88.9
Supply Chain
78.4
Quality
87.2
Maintenance
100
Vulnerability
99.6
License
Releases
launchdarkly-react-client-sdk: v3.6.0
Published on 04 Nov 2024
launchdarkly-react-client-sdk: v3.5.0
Published on 18 Oct 2024
launchdarkly-react-client-sdk: v3.4.0
Published on 05 Aug 2024
3.3.2
Published on 28 May 2024
3.3.1
Published on 28 May 2024
3.3.0
Published on 23 May 2024
Developer
launchdarkly
Developer Guide
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
20.18.0
NPM Version
10.8.2
Statistics
86 Stars
538 Commits
70 Forks
39 Watching
12 Branches
190 Contributors
Updated on 04 Nov 2024
Bundle Size
67.98 kB
Minified
23.81 kB
Minified + Gzipped
Languages
TypeScript (94.37%)
Shell (4.54%)
JavaScript (1.08%)
Total Downloads
Cumulative downloads
Total Downloads
68,257,277
Last day
-5.5%
118,268
Compared to previous day
Last week
3.7%
637,559
Compared to previous week
Last month
15%
2,621,916
Compared to previous month
Last year
27.9%
27,472,150
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
36
LaunchDarkly Client-side SDK for React
LaunchDarkly overview
LaunchDarkly is a feature management platform that serves trillions of feature flags daily to help teams build better software, faster. Get started using LaunchDarkly today!
Supported React versions
This version of the LaunchDarkly SDK is compatible with versions 16.3.0 and later of React because it uses React's Context API. However, if you are using the SDK's Hooks API or asyncWithLDProvider, then you must use React version 16.8.0 or later.
Additionally, refer to the JavaScript SDK README to learn more about browser compatibility.
Getting started
Refer to the SDK documentation for instructions on getting started with using the SDK.
Please note that the React SDK has two special requirements in terms of your LaunchDarkly environment. First, in terms of the credentials for your environment that appear on your Account Settings dashboard, the React SDK uses the "Client-side ID"-- not the "SDK key" or the "Mobile key". Second, for any feature flag that you will be using in React code, you must check the "Make this flag available to client-side SDKs" box on that flag's Settings page.
Learn more
Read our documentation for in-depth instructions on configuring and using LaunchDarkly. You can also head straight to the complete reference guide for this SDK or our code-generated API documentation.
This SDK builds upon the JavaScript SDK, supporting all of the same functionality, but using React's Context API to provide additional conveniences. While using this SDK you may need to directly interact with the underlying JavaScript SDK. For more information on how to use the JavaScript SDK and its characteristics, see the SDK's README.
Testing
We run integration tests for all our SDKs using a centralized test harness. This approach gives us the ability to test for consistency across SDKs, as well as test networking behavior in a long-running application. These tests cover each method in the SDK, and verify that event sending, flag evaluation, stream reconnection, and other aspects of the SDK all behave correctly.
Contributing
We encourage pull requests and other contributions from the community. Check out our contributing guidelines for instructions on how to contribute to this SDK.
About LaunchDarkly
- LaunchDarkly is a continuous delivery platform that provides feature flags as a service and allows developers to iterate quickly and safely. We allow you to easily flag your features and manage them from the LaunchDarkly dashboard. With LaunchDarkly, you can:
- Roll out a new feature to a subset of your users (like a group of users who opt-in to a beta tester group), gathering feedback and bug reports from real-world use cases.
- Gradually roll out a feature to an increasing percentage of users, and track the effect that the feature has on key metrics (for instance, how likely is a user to complete a purchase if they have feature A versus feature B?).
- Turn off a feature that you realize is causing performance problems in production, without needing to re-deploy, or even restart the application with a changed configuration file.
- Grant access to certain features based on user attributes, like payment plan (eg: users on the ‘gold’ plan get access to more features than users in the ‘silver’ plan).
- Disable parts of your application to facilitate maintenance, without taking everything offline.
- LaunchDarkly provides feature flag SDKs for a wide variety of languages and technologies. Read our documentation for a complete list.
- Explore LaunchDarkly
- launchdarkly.com for more information
- docs.launchdarkly.com for our documentation and SDK reference guides
- apidocs.launchdarkly.com for our API documentation
- blog.launchdarkly.com for the latest product updates
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: SECURITY.md:1
Reason
Found 10/11 approved changesets -- score normalized to 9
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
8 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 8
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/release-please.yml:24
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Warn: no topLevel permission defined: .github/workflows/release-please.yml:1
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/react-client-sdk/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/react-client-sdk/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/react-client-sdk/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/react-client-sdk/release-please.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release-please.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/react-client-sdk/release-please.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/release-please.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/launchdarkly/react-client-sdk/release-please.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: link-dev.sh:4
- Warn: npmCommand not pinned by hash: link-dev.sh:11
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:32
- Warn: npmCommand not pinned by hash: .github/workflows/release-please.yml:42
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 0 out of 4 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 3.3.2 not signed: https://api.github.com/repos/launchdarkly/react-client-sdk/releases/157869642
- Warn: release artifact 3.3.1 not signed: https://api.github.com/repos/launchdarkly/react-client-sdk/releases/157840457
- Warn: release artifact 3.3.2 does not have provenance: https://api.github.com/repos/launchdarkly/react-client-sdk/releases/157869642
- Warn: release artifact 3.3.1 does not have provenance: https://api.github.com/repos/launchdarkly/react-client-sdk/releases/157840457
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 29 are checked with a SAST tool
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-whgm-jr23-g3j9
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-rv95-896h-c2vc
- Warn: Project is vulnerable to: GHSA-qw6h-vgh9-j6wx
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-c7qv-q95q-8v27
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-cm22-4g7w-348p
- Warn: Project is vulnerable to: GHSA-wr3j-pwj9-hqq6
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-4xcv-9jjx-gfj3
- Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v
Score
4.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to launchdarkly-react-client-sdk
@mikecousins/launchdarkly-react-client-sdk
[](https://circleci.com/gh/launchdarkly/react-client-sdk/tree/main)
launchdarkly-js-client-sdk
LaunchDarkly SDK for JavaScript
launchdarkly-js-sdk-common
LaunchDarkly SDK for JavaScript - common code
launchdarkly-node-server-sdk
LaunchDarkly Server-Side SDK for Node.js