Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
fastify-feature-flags
Advanced tools
Fastify feature flags plugin. By default it has built-in provider for config
module. However it could be extended by various plugins that implement simple interface.
This plugin is currently in beta, so some bugs can appear. Feel free to create an issue and I'll try to fix them asap.
>= fastify-1.0.0
, including v2.x.x
versions.npm i fastify-feature-flags --save
>=1.0.0
.>=8.9.0
.Add it to your project like regular fastify plugin. Use register
method and pass options to it.
const fastify = require('fastify');
const app = fastify();
const ffPlugin = require('fastify-feature-flags');
const ConfigProvider = require('fastify-feature-flags/dist/providers/config');
app.register(ffPlugin, {providers: [new ConfigProvider()]});
Plugin adds an object with built-in providers and generic provider interface that you can extend. For checking features availability it adds two methods: fastify.featureFlags.isEnabled
which returns true
or false
and fastify.featureFlags.checkEnabled
which throws an error if feature is disabled. The list of built-in providers is available below.
Generic provider is an abstract class that you may extend to add new providers. It should have isEnabled
method that consumes feature name and context (optionally) and returns true
or false
.
Reads feature flags from specified config section. Depends on config
module. You should install it manually. It's constuctor consumes options object that contains prefix
for config section where features are defined.
Example:
default.js
(in config directory):
module.exports = {
features: {
a: true,
b: false,
}
}
Configuring provider:
const provider = new ConfigProvider({
prefix: 'features',
})
Valid config values for feature to be enabled are: true
, "true"
or "1"
. Last two may be useful if you're using config module with env overrides.
Reads feature flags from env variables. It's constuctor consumes options object that may contain prefix
for filtering env variables containing features.
Example:
default.js
(in config directory):
FEATURE_A = true
FEATURE_B = false
Configuring provider:
const provider = new EnvProvider({
prefix: 'FEATURE_',
})
Valid config values for feature to be enabled are: "true"
or "1"
.
This provider relies on feature flags service Unleash. You should install the module manually.
Example:
Configuring provider:
const provider = new UnleashProvider({
appName: 'my-fastify-app';
url: 'https://unleash.example.com';
})
For more options please refer to unleash docs
After configuring providers and registering the plugin in your fastify app you can use isEnabled
or checkEnabled
methods.
You may also specify multiple providers, then the feature will be enabled only when it will be enabled in all providers.
Example:
const fastify = require('fastify')();
const ffPlugin = require('fastify-feature-flags');
const EnvProvider = require('fastify-feature-flags/dist/providers/env');
fastify.register(ffPlugin, {
providers: [new EnvProvider({prefix: 'FEATURE_'})]
});
fastify.get('/a', async (request, reply) => {
await fastify.featureFlags.checkEnabled('A');
reply.type('application/json').code(200);
return { a: 'enabled' };
});
fastify.get('/b', async (request, reply) => {
const isEnabled = await fastify.featureFlags.isEnabled('B');
reply.type('application/json').code(200);
return { b: isEnabled };
});
(async () => {
await fastify.ready();
await fastify.listen(3000);
})();
See docs.
See changelog.
Licensed under MIT.
FAQs
Fastify feature flags plugin
The npm package fastify-feature-flags receives a total of 13 weekly downloads. As such, fastify-feature-flags popularity was classified as not popular.
We found that fastify-feature-flags demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.