Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
unleash-client
Advanced tools
The unleash-client npm package is a feature toggle system that allows you to control the release of features in your application. It helps you manage feature flags, enabling or disabling features without deploying new code.
Initialize Unleash Client
This code initializes the Unleash client with the necessary configuration, including the URL of the Unleash server, the application name, and the instance ID.
const { UnleashClient } = require('unleash-client');
const unleash = new UnleashClient({
url: 'http://unleash.herokuapp.com/api/',
appName: 'my-app',
instanceId: 'my-instance-id',
});
unleash.start();
Check if a feature is enabled
This code checks if a specific feature toggle (in this case, 'someFeature') is enabled and logs the result.
const isEnabled = unleash.isEnabled('someFeature');
console.log(`Feature is enabled: ${isEnabled}`);
Register custom strategies
This code demonstrates how to register a custom strategy with the Unleash client. Custom strategies allow you to define your own logic for enabling or disabling features.
unleash.on('ready', () => {
unleash.registerStrategy(new CustomStrategy());
});
class CustomStrategy {
constructor() {
this.name = 'custom';
}
isEnabled(parameters, context) {
// Custom logic to determine if the feature is enabled
return true;
}
}
LaunchDarkly is a feature management platform that provides feature flags as a service. It offers more advanced targeting and segmentation capabilities compared to Unleash, but it is a paid service.
Flagr is an open-source feature flagging and A/B testing service. It provides a web UI for managing flags and supports various targeting rules. It is similar to Unleash in terms of being open-source but offers a different set of features and a different user interface.
fflip is a lightweight feature flagging library for Node.js. It is simpler and more lightweight compared to Unleash, making it suitable for smaller projects or those with simpler feature flagging needs.
This is the node client for Unleash. Read more about the Unleash project
You should as early as possible in your node (web) app initialize the unleash-client. The unleash-client will set-up a in-memory repository, and poll updates from the unleash-server at regular intervals.
const { initialize } = require('unleash-client');
const instance = initialize({
url: 'http://unleash.herokuapp.com/api/',
appName: 'my-app-name',
instanceId: 'my-unique-instance-id',
});
// optional events
instance.on('error', console.error);
instance.on('warn', console.warn);
instance.on('ready', console.log);
// metrics hooks
instance.on('registered', (clientData) => console.log('registered', clientData));
instance.on('sent', (payload) => console.log('metrics bucket/payload sent', payload));
instance.on('count', (name, enabled) => console.log(`isEnabled(${name}) returned ${enabled}`));
After you have initialized the unleash-client you can easily check if a feature toggle is enabled or not.
const { isEnabled } = require('unleash-client');
isEnabled('app.ToggleX');
To shut down the client (turn off the polling) you can simply call the destroy-method. This is typically not required.
const { destroy } = require('unleash-client');
destroy();
The client comes with implementations for the built-in activation strategies provided by unleash.
Read more about the strategies in activation-strategy.md.
In order to use some of the common activation strategies you must provide a unleash-context.
This client SDK allows you to send in the unleash context as part of the isEnabled
call:
const context = {
userId: '123',
sessionId: 'some-session-id',
remoteAddress: '127.0.0.1',
};
unleash.isEnabled("someToggle", unleashContext);
The initialize method takes the following arguments:
const { Strategy, initialize } = require('unleash-client');
class ActiveForUserWithEmailStrategy extends Strategy {
constructor() {
super('ActiveForUserWithEmail');
}
isEnabled (parameters, context) {
return parameters.emails.indexOf(context.email) !== -1;
}
}
initialize({
url: 'http://unleash.herokuapp.com',
strategies: [new ActiveForUserWithEmailStrategy()]
});
Its also possible to ship the unleash instance around yourself, instead of using on the default require.cache
to have share one instance.
const { Unleash } = require('unleash-client');
const instance = new Unleash({
appName: 'my-app-name',
url: 'http://unleash.herokuapp.com'
});
instance.on('ready', console.log.bind(console, 'ready'));
// required error handling when using instance directly
instance.on('error', console.error);
2.2.0
FAQs
Unleash Client for Node
The npm package unleash-client receives a total of 225,008 weekly downloads. As such, unleash-client popularity was classified as popular.
We found that unleash-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.