概述

FeatureLint

> Feature flag hygiene analyzer that catches stale flags, SDK misuse, safety risks, and architecture problems before they reach production.

Emoji: flag

Homepage: https://featurelint.pages.dev

Product: featurelint

Accent: #e84393

What It Does

FeatureLint statically analyzes your codebase for feature flag hygiene issues across six categories:

Stale Flags (SF) — Detects hardcoded booleans, TODO-annotated flags, commented-out conditionals, and flags with past date references
Flag Complexity (FC) — Finds nested flag conditions, excessive branching, flag entanglement, and missing caching in loops
Flag Safety (FS) — Warns when flags gate authentication, payments, encryption, data deletion, or audit logging paths
SDK Misuse (SM) — Catches missing default values, loop evaluations, multiple SDK initializations, and missing error handling
Flag Lifecycle (FL) — Identifies flags without cleanup dates, abandoned experiments, 100% rollouts, and missing owner annotations
Flag Architecture (FA) — Detects wrong-layer evaluation, service coupling, missing registries, and leaked server-side state

90 total patterns with POSIX ERE regex matching, severity levels, and actionable recommendations.

Installation

As a Git Hook (Lefthook)

# lefthook.yml
pre-commit:
  commands:
    featurelint:
      glob: "*.{js,jsx,ts,tsx,py,rb,java,go,rs}"
      run: bash path/to/featurelint/scripts/dispatcher.sh staged --severity error

Direct CLI Usage

# Scan a directory
bash scripts/dispatcher.sh scan ./src

# Scan with JSON output
bash scripts/dispatcher.sh scan --format json --output report.json ./src

# Analyze staged files
bash scripts/dispatcher.sh staged

# Single file analysis
bash scripts/dispatcher.sh file ./src/flags.ts

# Health check
bash scripts/dispatcher.sh health

Tier System

Tier	Patterns	Categories	Price
------	----------	------------------------------------------	-------------
Free	30	Stale Flags + Flag Complexity	$0
Pro	60	+ Flag Safety + SDK Misuse	$9/month
Team	90	+ Flag Lifecycle + Flag Architecture	$29/month

Activate a tier by setting your license key:

export FEATURELINT_LICENSE_KEY="FEATURELINT-XXXX-XXXX-XXXX-XXXX"

Commands

Command	Description
-------------	-----------------------------------------------------
`scan`	Analyze a directory for feature flag issues
`file`	Analyze a single file
`staged`	Analyze git staged files (for pre-commit hooks)
`baseline`	Create a baseline snapshot of current findings
`compare`	Compare current findings against the baseline
`health`	Run self-diagnostic health check
`version`	Print version information
`help`	Show usage and available options

Options

Flag	Description	Default
-------------------------	------------------------------------------------	------------
`-f, --format`	Output format: text, json, csv, markdown	`text`
`-o, --output`	Write report to file	(stdout)
`-s, --severity`	Minimum severity: error, warning, info, all	`all`
`-c, --category`	Filter by category code	`all`
`-t, --tier`	License tier: free, pro, team	`free`
`-j, --jobs`	Parallel scan workers	`4`
`-i, --include`	Include files matching pattern	(all)
`-e, --exclude`	Exclude files matching pattern	(none)
`-C, --context`	Context lines around findings	`2`
`--scan-hidden`	Include hidden files and directories	`false`
`--warn-exit`	Exit code 1 on warnings	`false`
`-v, --verbose`	Increase verbosity (-vv for trace)	`0`
`-q, --quiet`	Suppress non-essential output	`false`

Environment Variables

Variable	Description
-------------------------	-------------------------------------
`FEATURELINT_LICENSE_KEY`	License key for tier activation
`FEATURELINT_TIER`	Override tier directly
`FEATURELINT_FORMAT`	Default output format
`FEATURELINT_SEVERITY`	Default severity filter
`FEATURELINT_JOBS`	Default parallel job count

Output Formats

Text (default)

Human-readable terminal output with color-coded severity, file grouping, code context, and actionable fix recommendations.

JSON

Structured output for CI/CD integration. Includes metadata, summary counters, and a findings array with file, line, severity, check ID, description, and recommendation.

CSV

Spreadsheet-compatible output for tracking and reporting. One row per finding with all fields.

Markdown

Report template with summary tables, category breakdown, severity distribution, and a findings table. Uses the report.md.tmpl template when available.

Supported Languages

JavaScript, TypeScript, Python, Ruby, Java, Kotlin, Scala, Go, Rust, C#, F#, PHP, Swift, Dart, Vue, Svelte, Elixir, Clojure, Lua, R, YAML, JSON, TOML, XML, Terraform/HCL, and Shell.

Architecture

featurelint/
  scripts/
    dispatcher.sh    # CLI entry point and argument parsing
    analyzer.sh      # Core analysis engine and output formatters
    patterns.sh      # 90 patterns across 6 categories
    license.sh       # License validation and tier gating
  config/
    lefthook.yml     # Git hook configuration
  templates/
    report.md.tmpl   # Markdown report template
  SKILL.md           # This file

Examples

CI/CD Integration (GitHub Actions)

- name: FeatureLint
  run: |
    bash featurelint/scripts/dispatcher.sh scan \
      --format json \
      --output featurelint-report.json \
      --severity warning \
      ./src

Baseline Workflow

# Create initial baseline
bash scripts/dispatcher.sh baseline ./src

# After making changes, compare
bash scripts/dispatcher.sh compare ./src

Pre-commit with Error-Only Blocking

bash scripts/dispatcher.sh staged --severity error

Requirements

Bash 4.0 or later
Standard POSIX utilities: grep, sed, awk, find, sort, uniq, wc, cut
Optional: curl (for online license validation), git (for staged analysis)

License

Commercial software. Free tier available with 30 patterns.

See https://featurelint.pages.dev for pricing and terms.

版本历史

共 1 个版本

v1.0.1 当前

2026-05-07 14:53 安全安全

安全检测

腾讯云安全 (Keen)

安全，无风险

查看报告

腾讯云安全 (Sanbu)