Skillget

javascript

skill
Security Audit
Fail
Health Pass
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 23 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in .github/workflows/publish.yml
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool is a collection of software development kits (SDKs) and command-line interfaces designed to integrate Reflag's feature flag services into JavaScript, TypeScript, React, Vue, and Node.js applications.

Security Assessment
Overall risk: Low. As a typical SDK for a SaaS product, it inherently requires network requests to communicate with the Reflag API to fetch and evaluate feature flags. The audit found no hardcoded secrets, and the package does not request any overtly dangerous local permissions. The automated code scan did flag a recursive force deletion command (`rm -rf`) inside a GitHub Actions workflow file. While this sounds alarming, it is a standard administrative command used in CI/CD pipelines to clean up build artifacts before publishing, and does not pose a threat to end-users who install the packages.

Quality Assessment
The project appears healthy and well-maintained. It utilizes the permissive MIT license, which is fully approved for commercial and personal use. The repository is active, with its most recent code push occurring just 11 days ago. Community trust is moderate for a specialized SDK, sitting at 23 GitHub stars. Furthermore, the documentation is thorough, clearly outlining versioning, publishing, and development workflows.

Verdict
Safe to use.
SUMMARY

JS/TS SDKs for Reflag

README.md

Reflag

Feature flags for SaaS that run on TypeScript. Learn more and get started

React SDK

Client side React SDK

Read the docs

React Native SDK (beta)

React Native SDK for mobile apps

Read the docs

Vue SDK (beta)

Client side Vue SDK

Read the docs

Browser SDK

Browser SDK for use in non-React web applications

Read the docs

Node.js SDK

Node.js SDK for use on the server side.
Use this for Cloudflare Workers as well.

Read the docs

Management SDK (beta)

Typed SDK for Reflag's REST API.

Read the docs

Reflag CLI

CLI to interact with Reflag and generate types

Read the docs

OpenFeature Browser Provider

Use Reflag with OpenFeature in the browser through the Reflag OpenFeature Browser Provider

Read the docs

OpenFeature Node.js Provider

Use the Reflag with OpenFeature on the server in Node.js through the Reflag OpenFeature Node.js Provider

Read the docs

Development

Versioning

  1. Create a new branch locally
  2. Run yarn changeset
  3. Select the packages that changed and the correct bump type
  4. Commit the generated file in .changeset/
  5. Push and open a PR

Publishing

Repository setup:

  1. Configure npm Trusted Publisher entries for the packages in this repo against the reflagcom/javascript GitHub repository and the publish.yml workflow
  2. Keep the workflow on GitHub-hosted runners with id-token: write, plus contents: write and pull-requests: write for the release PR flow

When a PR with one or more changesets is merged to main, the release workflow will open or update a Version Packages PR.

Merging that PR will:

  1. Apply the version bumps
  2. Publish the updated packages to npm
  3. Rebuild and push the generated SDK docs

Reviews (0)

No results found