Overview
Most teams do not know how many direct LaunchDarkly SDK calls are in their codebase, which ones are safe to migrate, or which ones will silently break if migrated naively. FlagLint answers all three questions before you touch a line of code.
npx flaglint audit ./src✓ Audit complete: 13 flags — 3 high risk, 10 medium riskNo API key. No source upload. LaunchDarkly stays your provider — OpenFeature becomes the evaluation API your application calls.
Choose Your Path
Section titled “Choose Your Path”
Understanding your flag debt →
Run a single command to see every LaunchDarkly flag call in your codebase, classified by risk level. No API key needed.
Trying FlagLint for the first time →
Run a local audit, inspect detailed inventory with scan if needed, and preview a safe migration.
Migrating an existing Node.js service →
Configure your OpenFeature client binding, preview the migration plan, then apply only proven rewrites.
Enforcing platform standards in CI →
Use validation SARIF to annotate direct LaunchDarkly policy violations in pull requests.
What FlagLint Does
Section titled “What FlagLint Does”- Performs local AST-based source analysis.
- Detects supported LaunchDarkly Node.js server-side evaluation calls from
@launchdarkly/node-server-sdkand legacylaunchdarkly-node-server-sdk. - Generates inventory reports and reviewable migration plans.
- Applies only call-site rewrites with proven static inputs and a proven OpenFeature client binding.
- Emits validation SARIF with rule id
flaglint.direct-launchdarkly.
What FlagLint Does Not Do
Section titled “What FlagLint Does Not Do”- It does not replace LaunchDarkly. LaunchDarkly remains the provider.
- It does not generate provider/bootstrap files automatically.
- It does not query LaunchDarkly for flag age, owner, evaluation history, environment configuration, or production usage.
- It does not detect browser SDKs, React SDKs, non-Node SDKs, or non-LaunchDarkly providers.