Security News
npm Introduces minimumReleaseAge and Bulk OIDC Configuration
npm rolls out a package release cooldown and scalable trusted publishing updates as ecosystem adoption of install safeguards grows.
By Sarah Gooding - Feb 26, 2026
Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details →
statsig-node-lite
Advanced tools
Statsig Node-lite Server SDK
A slimmed version of the Statsig Node.js SDK. If you need an SDK for another language or single user client environment, check out our other SDKs.
Statsig helps you move faster with Feature Gates (Feature Flags) and Dynamic Configs. It also allows you to run A/B tests to validate your new features and understand their impact on your KPIs. If you're new to Statsig, create an account at statsig.com.
Getting Started
Check out our SDK docs to get started.
Unsupported Features
- IP based conditions
Testing
Each server SDK is tested at multiple levels - from unit to integration and e2e tests. Our internal e2e test harness runs daily against each server SDK, while unit and integration tests can be seen in the respective github repos of each SDK. For node, the RulesetsEvalConsistency.test.js runs a validation test on local rule/condition evaluation for node against the results in the statsig backend.
FAQs
A slimmed version of the Statsig Node.js SDK.
The npm package statsig-node-lite receives a total of 148,915 weekly downloads. As such, statsig-node-lite popularity was classified as popular.
We found that statsig-node-lite demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Package last updated on 22 Aug 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Risky Biz Podcast: Open Source Risk Is Compounding as AI Agents Write 90% of New Code
AI agents are writing more code than ever, and that's creating new supply chain risks. Feross joins the Risky Business Podcast to break down what that means for open source security.
By Sarah Gooding - Feb 24, 2026
Research
/Security News
Four Malicious NuGet Packages Target ASP.NET Developers With JIT Hooking and Credential Exfiltration
Socket uncovered four malicious NuGet packages targeting ASP.NET apps, using a typosquatted dropper and localhost proxy to steal Identity data and backdoor apps.
By Kush Pandya - Feb 23, 2026