Skip to content
FlagLint

How FlagLint Works

FlagLint performs local static analysis. It parses JavaScript and TypeScript source files, tracks LaunchDarkly client provenance from supported Node.js server SDK imports, and records evaluation call sites.

Analysis Pipeline

Section titled “Analysis Pipeline”
flowchart LR
    A["Source files"] --> B["AST parse"]
    B --> C["LD client\nprovenance"]
    C --> D["Evaluation\ninventory"]
    D --> E["Migration\ninventory"]
    E --> F["Report /\ndiff / SARIF"]

FlagLint does not execute application code and does not call LaunchDarkly APIs.

Provenance Rules

Section titled “Provenance Rules”

Supported LaunchDarkly clients come from @launchdarkly/node-server-sdk or legacy launchdarkly-node-server-sdk imports and require initialization through supported SDK patterns.

Unrelated identifiers named client, flag, feature, gate, init, or ldInit are not treated as LaunchDarkly clients unless import provenance is proven.

Output Types

Section titled “Output Types”
  • Inventory reports from scan.
  • Reviewable migration diffs from migrate --dry-run.
  • Guarded source edits from migrate --apply.
  • Policy reports and SARIF from validate.

Feedback

Section titled “Feedback”