
Security News
Risky Biz Podcast: Making Reachability Analysis Work in Real-World Codebases
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
The feature flags toolkit for Next.js and SvelteKit.
From the creators of Next.js, the Flags SDK is a free open-source library that gives you the tools you need to use feature flags in Next.js and SvelteKit applications.
See flags-sdk.dev for full docs and examples.
Upgrading from version 3? See the Upgrade to v4 guide.
Install the package using your package manager:
npm install flags
Create an environment variable called FLAGS_SECRET
.
The FLAGS_SECRET
value must have a specific length (32 random bytes encoded in base64) to work as an encryption key. Create one using node:
node -e "console.log(crypto.randomBytes(32).toString('base64url'))"
This secret is required to use the SDK. It is used to read overrides and to encrypt flag values in case they are sent to the client and should stay secret.
Create a file called flags.ts in your project and declare your first feature flag there:
// app/flags.tsx
import { flag } from 'flags/next';
export const exampleFlag = flag<boolean>({
key: 'example-flag',
decide() {
return true;
},
});
Call your feature flag in a React Server Component:
// app/page.tsx
import { exampleFlag } from './flags';
export default async function Page() {
const example = await exampleFlag();
return <div>{example ? 'Flag is on' : 'Flag is off'}</div>;
}
Feature Flags can also be called in Edge Middleware and API Routes.
The Flags SDK has adapters for popular feature flag providers including LaunchDarkly, Optimizely, and Statsig.
There is a lot more to the Flags SDK than shown in the example above.
See the full documentation and examples on flags-sdk.dev.
FAQs
Flags SDK by Vercel - The feature flags toolkit for Next.js and SvelteKit
The npm package flags receives a total of 285,562 weekly downloads. As such, flags popularity was classified as popular.
We found that flags demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 9 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.