- Node.js v20 or higher
This package is available in the Node Package Repository and can be easily installed with npm or yarn.
$ npm i @nodesecure/flags
# or
$ yarn add @nodesecure/flagsimport { getFlags, getManifest, eagerFetchFlagFile } from "@nodesecure/flags";
// Return a Set of flags title
const flags = getFlags();
// Return the manifest file
const manifest = getManifest();
const HTML = await eagerFetchFlagFile("hasBannedFile.html");Returns a Set containing all available flag titles.
import { getFlags } from "@nodesecure/flags";
const flags = getFlags();
console.log(flags);
// Set(18) {
// 'hasExternalCapacity',
// 'hasWarnings',
// 'hasNativeCode',
// 'hasCustomResolver',
// 'hasNoLicense',
// 'hasMultipleLicenses',
// 'hasMinifiedCode',
// 'isDeprecated',
// 'hasManyPublishers',
// 'hasScript',
// 'hasIndirectDependencies',
// 'isGit',
// 'hasVulnerabilities',
// 'hasMissingOrUnusedDependency',
// 'isDead',
// 'hasBannedFile',
// 'isOutdated',
// 'hasDuplicate'
// }Returns the complete manifest object containing all flag descriptors.
import { getManifest } from "@nodesecure/flags";
const manifest = getManifest();
console.log(manifest.nativeCode);
// {
// emoji: "π²",
// title: "hasNativeCode",
// tooltipDescription: "The package uses and runs C++ or Rust N-API code"
// }Returns the emoji associated with a flag title. Returns "π΄" if the flag is not found.
import { getEmojiFromTitle } from "@nodesecure/flags";
console.log(getEmojiFromTitle("hasNativeCode")); // "π²"
console.log(getEmojiFromTitle("unknownFlag")); // "π΄"Returns an iterator of [title, emoji] pairs for all flags.
import { getManifestEmoji } from "@nodesecure/flags";
const emojiMap = Object.fromEntries(getManifestEmoji());
console.log(emojiMap);
// {
// 'hasExternalCapacity': 'π',
// 'hasWarnings': 'π§',
// 'hasNativeCode': 'π²',
// // ... all other flags
// }Asynchronously reads and returns the HTML content of a flag file.
import { eagerFetchFlagFile } from "@nodesecure/flags";
const htmlContent = await eagerFetchFlagFile("hasNativeCode");
console.log(htmlContent); // Returns the HTML documentation for the flagReturns a Node.js Readable stream for a flag file, allowing for memory-efficient processing of large files.
import { lazyFetchFlagFile } from "@nodesecure/flags";
const stream = lazyFetchFlagFile("hasNativeCode");
stream.on('data', (chunk) => {
console.log(chunk.toString());
});interface FlagDescriptor {
/** An emoji to visually identify the anomaly */
emoji: string;
/** Title (or name) of the flag */
title: string;
/** Short description/warning of the anomaly */
tooltipDescription: string;
}type Flag = keyof typeof FLAGS | (string & {});| Flag | Emoji | Description |
|---|---|---|
hasExternalCapacity |
π | The package uses at least one Node.js core dependency capable to establish communication outside of localhost |
hasWarnings |
π§ | The AST analysis has detected warnings (suspect import, unsafe regex ..) |
hasNativeCode |
π² | The package uses and runs C++ or Rust N-API code |
hasCustomResolver |
π | The package has dependencies who do not resolve on a registry (git, file, ssh etc..) |
hasNoLicense |
π | The package does not have a license |
hasMultipleLicenses |
π | The package has licenses in multiple locations (files or manifest) |
hasMinifiedCode |
π¬ | The package has minified and/or uglified files |
isDeprecated |
βοΈ | The package has been deprecated on NPM |
hasManyPublishers |
π₯ | The package has several publishers |
hasScript |
π¦ | The package has post and/or pre (un)install npm script |
hasIndirectDependencies |
π² | The package has indirect dependencies |
isGit |
βοΈ | The package (project) is a git repository |
hasVulnerabilities |
π¨ | The package has one or many vulnerabilities |
hasMissingOrUnusedDependency |
π | A dependency is missing in package.json or a dependency is installed but never used |
isDead |
π | The dependency has not received update from at least one year |
hasBannedFile |
βοΈ | The project has at least one sensitive file |
isOutdated |
βοΈ | The current package version is not equal to the package latest version |
hasDuplicate |
π | The package is also used somewhere else in the dependency tree but with a different version |
lazyFetchFlagFile()andeagerFetchFlagFile()will throw aTypeErrorif no flag name is providedlazyFetchFlagFile()andeagerFetchFlagFile()will throw anErrorif the provided flag doesn't exist- Flag names can be provided with or without the
.htmlextension
Thanks goes to these wonderful people (emoji key):
 Gentilhomme π» π π π‘οΈ π |
 Vincent Dhennin π» π π π |
 Nicolas Hallaert π |
 Maksim Balabash π |
 Kouadio Fabrice Nguessan π§ |
 Maxime |
 AjΔy π |
MIT