Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
fastapi-featureflags
Advanced tools
- Version
- 0.4.9
- Maintainers
- 1
FastAPI Feature Flags
Very simple implementation of feature flags for FastAPI.
- Minimum configuration required
- No unnecessary dependencies
- Does its job
Installing
To install the package from pip, first run:
pip install fastapi-featureflags
Usage
A simple example of feature flags:
from fastapi_featureflags import FeatureFlags, feature_flag, feature_enabled
FeatureFlags(conf_from_url="https://pastebin.com/raw/4Ai3j2DC")
print("Enabled Features:", FeatureFlags.get_features())
@feature_flag("web_1")
def web_1_enabled():
print("Feature Should be enabled: web_1")
web_1_enabled()
if feature_enabled("web_2"):
print("Feature Should be disabled: web_2")
You can get FF (feature flags) from a File, URL, Dictionary or ENV Variables:
FeatureFlags.load_conf_from_url("https://pastebin.com/raw/4Ai3j2DC")
FeatureFlags.load_conf_from_json("tests/features.json")
FeatureFlags.load_conf_from_dict({"web_1": True, "web_2": False})
FeatureFlags.reload_feature_flags()
There is also a handler that recognizes if the "@feature_flag" wrapper is used and the flag is not registered in the config. This way you can also use FF at runtime. Defaults to False, so it's safer if you forget the feature flag in the code.
Function get_features returns a list of all registered FF
You can enable or disable functions on the fly with enable_feature or enable_feature
When needed you can reload all feature flags with reload_feature_flags,
this is useful when you want to read and change features from URL.
All unregistered or on-the-fly created FF, that are not in the configuration will be omitted.
For non-production testing, a router is available,
so you can see the paths in swagger-ui docs.
Use include_in_schema=False when defining the router for public deployments
from fastapi_featureflags import router as ff_router
app.include_router(ff_router, prefix="/ff", tags=["FeatureFlags"])
Contributing and Code of Conduct
Contributing to fastapi-featureflags
As an open source project, fastapi-featureflags welcomes contributions of many forms.
Please read and follow our Contributing to fastapi-featureflags
Code of Conduct
As a contributor, you can help us keep the fastapi-featureflags project open and inclusive.
Please read and follow our Code of Conduct
FAQs
Feature Flags for FastAPI
We found that fastapi-featureflags demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025