npm - flaglint - Versions diffs - 0.5.1 → 0.5.3 - Mend

flaglint 0.5.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,28 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## Unreleased
+### Fixed
+- Added truth-gate coverage and scanner support for destructured CommonJS
+  LaunchDarkly initializer aliases such as
+  `const { init: ldInit } = require("@launchdarkly/node-server-sdk")`. This
+  keeps the public alias/CJS provenance claim backed across scan, validate,
+  validation SARIF, dry-run, and guarded apply flows.
+## [0.5.2] - 2026-05-27
+### Fixed
+- Fixed LaunchDarkly client provenance for aliased named `init` imports from both
+  supported Node.js server SDK package names. Calls initialized via
+  `import { init as ldInit } from "@launchdarkly/node-server-sdk"` or legacy
+  `launchdarkly-node-server-sdk` are now consistently detected by `scan`,
+  enforced by `validate --no-direct-launchdarkly`, emitted in validation SARIF,
+  and handled by existing guarded migration dry-run/apply flows.
+- No migration safety boundary changed: `migrate --apply` still requires a proven
+  OpenFeature client binding and continues to skip dynamic keys, detail
+  evaluations, bulk calls, unknown fallbacks, and ambiguous cases.
 ## [0.5.1] - 2026-05-27
 ### Fixed

package/README.md CHANGED Viewed

@@ -1,49 +1,12 @@
-<p align="center">
-  <img src="docs/assets/logo.png" alt="FlagLint" width="400" />
-</p>
-<p align="center">
-  <strong>Standardize LaunchDarkly usage on OpenFeature.</strong>
-</p>
-<p align="center">
-  <a href="https://github.com/flaglint/flaglint/actions/workflows/ci.yml">
-    <img src="https://github.com/flaglint/flaglint/actions/workflows/ci.yml/badge.svg" alt="CI" />
-  </a>
-  <a href="https://www.npmjs.com/package/flaglint">
-    <img src="https://img.shields.io/npm/v/flaglint.svg" alt="npm version" />
-  </a>
-  <a href="https://www.npmjs.com/package/flaglint">
-    <img src="https://img.shields.io/npm/dm/flaglint.svg" alt="downloads" />
-  </a>
-  <a href="https://opensource.org/licenses/MIT">
-    <img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="MIT License" />
-  </a>
-</p>
 # FlagLint
-Standardize LaunchDarkly usage on OpenFeature.
-FlagLint inventories direct LaunchDarkly Node.js SDK calls, generates reviewable migration
-plans, and prevents new vendor-coupled flag access from entering your codebase.
-**LaunchDarkly remains your provider. OpenFeature becomes the evaluation API your application code calls.**
-Docs: [Getting Started](https://flaglint.dev/docs/getting-started) · [Commands](https://flaglint.dev/docs/commands/scan) · [Supported Scope](https://flaglint.dev/docs/supported-scope) · [CI Integration](https://flaglint.dev/docs/ci-github-actions) · [Enterprise Demo](https://flaglint.dev/docs/demo)
-[View enterprise demo source ->](./examples/enterprise-checkout-service)
----
+**Standardize LaunchDarkly usage on OpenFeature.**
-## Workflow
+FlagLint inventories direct LaunchDarkly Node.js SDK calls, generates reviewable migration plans,
+and prevents new vendor-coupled flag access from entering your codebase.
+LaunchDarkly remains your provider. OpenFeature becomes the evaluation API your application code calls.
-| Step | Command | Purpose |
-|------|---------|---------|
-| 1 | `flaglint scan` | AST inventory of every direct LD Node server SDK call |
-| 2 | `flaglint migrate --dry-run` | Reviewable before/after diffs; provider setup guidance appears when needed |
-| 3 | `flaglint migrate --apply` | Apply only guarded, provably automatable transformations |
-| 4 | `flaglint validate --no-direct-launchdarkly` | CI gate: exit 1 if direct LD calls remain |
+**[Documentation](https://flaglint.dev/docs/quickstart)** · **[Quickstart](https://flaglint.dev/docs/quickstart)** · **[Enterprise Demo](https://flaglint.dev/docs/enterprise-demo)** · **[npm](https://npmjs.com/package/flaglint)** · **[Issues](https://github.com/flaglint/flaglint/issues)**
 ---
@@ -53,444 +16,94 @@ Docs: [Getting Started](https://flaglint.dev/docs/getting-started) · [Commands]
 npx flaglint scan ./src
 ```
-Example output:
-```text
-✓ 15 flag usages found across 6 unique flags (48ms)
-ℹ  1 dynamic flag key(s) require manual review
-```
-Markdown report excerpt:
-```markdown
-## Flag Inventory
-| Flag Key | Usages | Files | Call Types |
-|----------|--------|-------|------------|
-| checkout-v2 | 3 | 2 | boolVariation |
-| color-theme | 1 | 1 | stringVariation |
-| timeout-ms  | 1 | 1 | numberVariation |
-```
-### JSON output (`--format json`)
-Pipe-friendly. Every usage includes file, line, call type, and staleness signals:
-```json
-{
-  "flagKey": "checkout-v2",
-  "isDynamic": false,
-  "file": "src/services/checkout.ts",
-  "line": 14,
-  "callType": "boolVariation",
-  "stalenessSignals": []
-}
-```
----
-## Installation
-```bash
-npm install -g flaglint
-# or use without installing
-npx flaglint
-```
-Requires Node.js 20 or newer. CI validates FlagLint on Node.js 20 and 22.
----
-## Commands
-### `flaglint scan [dir]`
-AST-based inventory of direct LaunchDarkly Node.js server SDK calls.
-```bash
-flaglint scan ./src
-flaglint scan --format json --output report.json
-flaglint scan --format html --output report.html
-flaglint scan --format sarif --output flaglint.sarif
 ```
+✔ Scanning 5 files...
+✔ Found 20 direct LaunchDarkly Node SDK calls across 11 unique flags
+⚡ 6 dynamic flag keys — manual review required
+↳ 2 detail method calls — manual review required
-| Option | Default | Description |
-|--------|---------|-------------|
-| `--format` | `markdown` | Output format: `json`, `markdown`, `html`, `sarif` |
-| `--output` | stdout | Write report to file |
-| `--config` | auto-detect | Path to a config file |
-| `--exclude-tests` | — | Exclude test files from scan results |
-Exit code `0` when no staleness signals detected, `1` when staleness signals are present —
-enabling CI visibility into flag usage patterns.
----
-### `flaglint migrate [dir]`
-Analyzes migration readiness and generates an OpenFeature migration plan.
-```bash
-flaglint migrate ./src                     # write MIGRATION.md
-flaglint migrate --dry-run                 # reviewable diffs to stdout
-flaglint migrate --apply                   # guarded: apply only provably automatable transformations in-place
-flaglint migrate --apply --allow-dirty     # apply even on a dirty working tree
-flaglint migrate --output plan.md          # write to custom file
-flaglint migrate --exclude-tests           # skip test and spec files
+→ Run flaglint migrate --dry-run for a reviewable migration diff
 ```
-| Option | Default | Description |
-|--------|---------|-------------|
-| `--output` | `MIGRATION.md` | Write migration plan to file |
-| `--dry-run` | — | Print reviewable diffs to stdout; includes provider setup guidance when a diff needs it |
-| `--apply` | — | Apply automatable transformations in-place (requires clean git tree) |
-| `--allow-dirty` | — | Override dirty-tree guard for `--apply` |
-| `--config` | auto-detect | Path to a config file |
-| `--exclude-tests` | — | Skip `*.test.*`, `*.spec.*`, `__tests__/`, `tests/` |
-**`--apply` safety contracts:**
-- Refuses on a dirty git working tree unless `--allow-dirty`
-- Skips any file that does not contain a proven OpenFeature client binding:
-  either a local `OpenFeature.getClient()` binding or a configured imported
-  shared client allowlisted with `openFeatureClientBindings`
-- Imported client matching uses glob-safe `modulePatterns`; aliased imports
-  preserve the local identifier; TypeScript ESM `.js` runtime import specifiers
-  are recognized; ambiguous or unconfigured imports skip safely
-- Provider/bootstrap setup is never inserted automatically
-- Never touches detail methods, dynamic keys, unknown fallbacks, or bulk calls
-- Preserves `await` and original call arguments exactly
-- Idempotent: re-running with the same analysis has no effect
----
-### `flaglint validate [dir]`
-Validates that your codebase complies with feature flag policy rules.
-Designed for CI enforcement after migration is complete.
+Preview the migration before changing anything:
 ```bash
-flaglint validate                           # report usages, always exits 0
-flaglint validate --no-direct-launchdarkly  # exit 1 on any direct LD eval call
-flaglint validate --no-direct-launchdarkly \
-  --bootstrap-exclude src/provider/setup.ts # allow specific bootstrap file
-flaglint validate --no-direct-launchdarkly \
-  --bootstrap-exclude "src/provider/**"     # allow all provider-directory files
-```
-| Option | Default | Description |
-|--------|---------|-------------|
-| `--no-direct-launchdarkly` | — | Exit 1 if any direct LD Node server evaluation calls found |
-| `--bootstrap-exclude <glob>` | — | Repeatable glob; matching files excluded from violations |
-| `--config` | auto-detect | Path to a config file |
-Exit codes: `0` = passed, `1` = violations found, `130` = SIGINT.
-**Example pass output:**
-```
-✓ validate --no-direct-launchdarkly: no direct LaunchDarkly evaluation calls found.
-  Scanned 42 file(s).
-```
-**Example fail output:**
-```
-✗ validate --no-direct-launchdarkly: 2 direct LaunchDarkly evaluation call(s) found.
-  src/services/checkout.ts:42:8 — boolVariation("checkout-v2")
-  src/services/pricing.ts:17:4 — boolVariation(dynamic key — manual review required)
-These files must migrate to OpenFeature before this rule passes.
-Run `flaglint migrate --dry-run` to review the migration plan.
+npx flaglint migrate ./src --dry-run
 ```
 ---
-## Focused scope for safe automation
-Automatic migration currently supports LaunchDarkly Node.js server-side evaluation calls in
-TypeScript and JavaScript. That narrow scope is intentional: FlagLint only rewrites call sites
-where the value type, static flag key, fallback, evaluation context, and OpenFeature client
-binding are explicit enough to preserve.
-Dynamic keys, detail evaluations, bulk flag-state calls, browser SDKs, React usage, and ambiguous
-patterns are reported for manual review. They are inventoried so teams can plan the migration,
-but they are not automatically transformed.
-## Supported API matrix
-**Scope: LaunchDarkly Node.js server-side SDK evaluation calls from
-`@launchdarkly/node-server-sdk` and legacy `launchdarkly-node-server-sdk` imports.**
-| LaunchDarkly call | Automatable | OpenFeature equivalent |
-|---|---|---|
-| `ldClient.boolVariation(key, ctx, false)` | ✓ | `openFeatureClient.getBooleanValue(key, false, ctx)` |
-| `ldClient.stringVariation(key, ctx, "")` | ✓ | `openFeatureClient.getStringValue(key, "", ctx)` |
-| `ldClient.numberVariation(key, ctx, 0)` | ✓ | `openFeatureClient.getNumberValue(key, 0, ctx)` |
-| `ldClient.jsonVariation(key, ctx, {})` | ✓ | `openFeatureClient.getObjectValue(key, {}, ctx)` |
-| `ldClient.*VariationDetail(...)` | ✗ manual | Detail result shapes differ — requires manual review |
-| Dynamic flag key | ✗ manual | Key must be a static string literal |
-| `ldClient.allFlags()` / `allFlagsState()` | ✗ manual | Bulk calls — no single-flag codemod |
-| Unknown fallback type | ✗ manual | Fallback type must be determinable statically |
-`flaglint scan` and `flaglint migrate --dry-run` report detected LaunchDarkly Node.js server-side SDK patterns, including manual-review cases.
-`flaglint migrate --apply` rewrites only the ✓ rows above.
----
-## Provider setup (one-time manual step)
-`flaglint migrate --dry-run` includes this guidance inline. **Complete provider setup in
-one dedicated file before running `--apply`.**
-```bash
-npm install @openfeature/server-sdk \
-            @launchdarkly/node-server-sdk \
-            @launchdarkly/openfeature-node-server
-```
-Bootstrap file (do not apply automatically — bootstrap is intentionally manual):
-```typescript
-import { LaunchDarklyProvider } from "@launchdarkly/openfeature-node-server";
-import { OpenFeature } from "@openfeature/server-sdk";
-const ldProvider = new LaunchDarklyProvider(process.env.LD_SDK_KEY!);
-await OpenFeature.setProviderAndWait(ldProvider);
-// Evaluation context needs a targeting key.
-// Use OpenFeature `targetingKey` or keep an existing LaunchDarkly `key`:
-// { targetingKey: user.id } or { key: user.id }
-export const openFeatureClient = OpenFeature.getClient();
-```
+## Workflow
-**Do not remove any LaunchDarkly packages.** LaunchDarkly remains your feature flag provider;
-`@openfeature/server-sdk` becomes the evaluation interface your application code calls.
+| Step | Command | What happens |
+|------|---------|-------------|
+| 1 | `flaglint scan ./src` | AST inventory of every direct LD Node server SDK call |
+| 2 | `flaglint migrate --dry-run` | Reviewable before/after diffs; inline provider setup guidance |
+| 3 | `flaglint migrate --apply` | Rewrites only guarded, provably automatable call-sites |
+| 4 | `flaglint validate --no-direct-launchdarkly` | CI gate: exit 1 if direct LD evaluation calls remain |
 ---
-## Using an existing shared OpenFeature client
+## Before → After (real output from enterprise demo)
-If your platform team already exports an OpenFeature client from a shared internal module
-(e.g. `platform/feature-flags.ts`), FlagLint can use that import as the proven binding for
-`--apply` — no local `OpenFeature.getClient()` call is required in every file.
+```diff
+--- a/checkout.ts
++++ b/checkout.ts
+-  return ldClient.boolVariation("checkout-v2", ctx, false);
++  return openFeatureClient.getBooleanValue("checkout-v2", false, ctx);
-Declare the allowed import in `.flaglintrc`:
+-  return ldClient.stringVariation("payment-provider", ctx, "stripe");
++  return openFeatureClient.getStringValue("payment-provider", "stripe", ctx);
-```json
-{
-  "openFeatureClientBindings": [
-    {
-      "importName": "openFeatureClient",
-      "modulePatterns": ["**/platform/feature-flags"]
-    }
-  ]
-}
-```
-`modulePatterns` are **glob patterns** matched against the module import specifier
-(leading `./` and `../` traversal is stripped before matching). A pattern of
-`"**/platform/feature-flags"` matches `"../platform/feature-flags"` and
-`"../../shared/platform/feature-flags"`, but **not** `"../platform/feature-flags-legacy"` or
-`"../other/platform/feature-flags-backup"`.
-For TypeScript ESM projects, configured module patterns without `.js` also recognize
-the corresponding `.js` runtime import specifier.
-**Before:**
-```typescript
-// services/checkout.ts
-import { openFeatureClient } from "../platform/feature-flags";
-import LaunchDarkly from "launchdarkly-node-server-sdk";
-const enabled = ldClient.boolVariation("checkout-v2", { key: user.id }, false);
-```
-**After (`flaglint migrate --apply`):**
-```typescript
-// services/checkout.ts
-import { openFeatureClient } from "../platform/feature-flags";
-import LaunchDarkly from "launchdarkly-node-server-sdk";
-const enabled = openFeatureClient.getBooleanValue("checkout-v2", false, { key: user.id });
-```
-If the import is aliased (e.g. `import { openFeatureClient as flags } from "..."`), FlagLint
-previews and applies the transformation using the **local alias name** (`flags.getBooleanValue(...)`).
-When two configured bindings both match a file, FlagLint considers the result ambiguous and
-**skips that file** rather than guessing. Skipped files are reported in `--dry-run` output.
-Provider initialization remains the platform team's responsibility. FlagLint never inserts or
-modifies bootstrap/provider setup code.
----
-## Example transformation
-**Before — direct LaunchDarkly Node.js server SDK:**
-```typescript
-const enabled = await ldClient.boolVariation("checkout-v2", { key: user.id }, false);
-const theme   = await ldClient.stringVariation("color-theme", { key: user.id }, "light");
-const timeout = await ldClient.numberVariation("timeout-ms",  { key: user.id }, 5000);
-```
-**After — OpenFeature via LaunchDarkly provider:**
-```typescript
-const enabled = await openFeatureClient.getBooleanValue("checkout-v2", false, { key: user.id });
-const theme   = await openFeatureClient.getStringValue("color-theme", "light", { key: user.id });
-const timeout = await openFeatureClient.getNumberValue("timeout-ms",  5000,    { key: user.id });
+--- a/pricing.ts
++++ b/pricing.ts
+-  return ldClient.numberVariation("discount-percentage", ctx, 0);
++  return openFeatureClient.getNumberValue("discount-percentage", 0, ctx);
 ```
 Flag key, fallback value, `await`, and evaluation context are preserved exactly.
-LaunchDarkly continues to serve the flags — only the call-site API changes.
-When authoring new OpenFeature-native bootstrap or application code, you may use
-OpenFeature `targetingKey`; FlagLint does not silently rewrite existing
-LaunchDarkly `key` contexts.
----
-## Configuration
-Create `.flaglintrc`, `.flaglintrc.json`, or `flaglint.config.json` in your project root:
-```json
-{
-  "include": ["**/*.{ts,tsx,js,jsx}"],
-  "exclude": ["**/node_modules/**", "**/dist/**"],
-  "provider": "launchdarkly",
-  "minFileCount": 0,
-  "reportTitle": "My Project Flag Report"
-}
-```
-| Field | Type | Default | Description |
-|-------|------|---------|-------------|
-| `include` | `string[]` | `["**/*.{ts,tsx,js,jsx}"]` | Glob patterns to scan |
-| `exclude` | `string[]` | `["**/node_modules/**", ...]` | Glob patterns to ignore |
-| `provider` | `string` | `"launchdarkly"` | Feature flag provider |
-| `minFileCount` | `number` | `0` | Opt-in staleness heuristic. When set above 0, a flag is a staleness candidate if it appears in ≤ N files |
-| `wrappers` | `string[]` | `[]` | Function names wrapping LD SDK calls. Example: `["flagPredicate", "useFlag"]` |
-| `openFeatureClientBindings` | `{ importName: string; modulePatterns: string[] }[]` | `[]` | Allowlist shared imported OpenFeature client bindings for `--apply` eligibility. See [Using an existing shared OpenFeature client](#using-an-existing-shared-openfeature-client). |
-| `reportTitle` | `string` | — | Custom title for generated reports |
-| `outputDir` | `string` | `"."` | Default output directory |
-FlagLint searches for config in this order: `--config` path → `.flaglintrc` → `.flaglintrc.json` → `flaglint.config.json`.
 ---
-## CI Integration
+## Supported scope
-### Enforce OpenFeature migration: block PRs with direct LD calls
+LaunchDarkly Node.js server-side SDK calls from `launchdarkly-node-server-sdk` and
+`@launchdarkly/node-server-sdk`. Both ESM import and CJS `require()` forms.
-```yaml
-- name: Validate — no direct LaunchDarkly evaluations
-  run: |
-    npx flaglint validate --no-direct-launchdarkly \
-      --bootstrap-exclude "src/provider/setup.ts"
-  # exits 1 if any direct LD evaluation calls remain outside the bootstrap file
-```
-### Full migration CI pipeline with SARIF annotations
-```yaml
-name: FlagLint
-on: [pull_request]
-jobs:
-  flaglint:
-    runs-on: ubuntu-latest
-    permissions:
-      security-events: write
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: 20
-      - name: Inventory LaunchDarkly SDK usage
-        run: npx flaglint scan ./src --format html --output flaglint-inventory.html
-        continue-on-error: true
-      - name: Plan OpenFeature migration
-        run: npx flaglint migrate ./src --dry-run --output flaglint-migration.md
-        continue-on-error: true
-      - name: Validate direct LaunchDarkly policy
-        run: |
-          npx flaglint validate ./src \
-            --no-direct-launchdarkly \
-            --bootstrap-exclude "src/provider/setup.ts" \
-            --format sarif \
-            --output flaglint-validation.sarif
-        continue-on-error: true
-      - name: Upload to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: flaglint-validation.sarif
-```
+`--apply` rewrites `boolVariation`, `stringVariation`, `numberVariation`, `jsonVariation`
+where the flag key, fallback, and OpenFeature client binding are statically explicit.
+Detail methods, dynamic keys, bulk calls, and unknown fallback types are reported for manual review.
+Browser SDKs, React SDKs, and non-LaunchDarkly providers are outside current scope.
-`scan` is for inventory and reporting. `migrate --dry-run` is for migration
-planning. `validate --no-direct-launchdarkly --format sarif` is for CI policy
-annotations and enforcement. Code Scanning alerts show the exact file and line of
-each direct LD call under the SARIF rule id `flaglint.direct-launchdarkly` —
-reviewers see them in the PR without running anything locally.
+Full coverage table: [Supported Scope](https://flaglint.dev/docs/reference/supported-scope)
 ---
-## Precision
+## Provider setup (one-time, manual)
-Validated against 120 deterministic benchmark cases within the supported LaunchDarkly Node.js server-side SDK scope. 100% precision and recall are limited to those 120 tested cases and to the Node.js server-side SDK call patterns explicitly listed in the Supported API matrix above.
+Before `--apply`, complete bootstrap setup once. Full instructions:
+[OpenFeature Provider Setup](https://flaglint.dev/docs/integrations/openfeature-provider)
-Detection is AST-based, not regex: client binding patterns, import aliases, and CJS require
-forms are resolved before matching.
+Key points:
+- `new LaunchDarklyProvider(process.env.LD_SDK_KEY!)` — SDK key constructor
+- Evaluation context accepts either `targetingKey` (OpenFeature-native) or an existing LaunchDarkly `key`
+- **Do not remove LaunchDarkly packages** — the OpenFeature provider depends on them at runtime
 ---
-## Enterprise demo
-See a realistic end-to-end migration walkthrough — multiple Node.js services,
-mixed automatable and manual-review patterns, SARIF output, and CI enforcement:
-**[View enterprise demo](./examples/enterprise-checkout-service/README.md)**
-The demo shows scan inventory, exact dry-run preview, guarded apply,
-migration-in-progress advisory findings, and a completed-state validation hard
-gate.
----
-## Security and trust
-FlagLint runs entirely on your machine. No source code, flag keys, or file paths
-are transmitted to any external service. The tool makes no outbound network
-connections during a flag scan or migration. No LaunchDarkly SDK key or any
-credentials are required.
-`flaglint migrate --apply` refuses to write files on a dirty git working tree
-(unless `--allow-dirty` is passed), requires a proven OpenFeature client binding
-before touching a file, and verifies each source range against the original call
-expression before rewriting.
-The project release workflow is configured to publish through GitHub Actions
-using npm Trusted Publishing/OIDC. The publish job uses Node 24 because npm
-Trusted Publishing has stricter runtime requirements; FlagLint runtime support
-remains Node.js >=20. npm-side Trusted Publisher configuration must be completed
-before the first OIDC-based publication unless it has already been configured
-and verified.
-Core behavior is covered by automated tests executed in CI on supported Node
-versions.
+## Requirements
-For vulnerability reports, see [SECURITY.md](./SECURITY.md).
-For a full trust and provenance statement, see [docs/trust.md](./docs/trust.md).
+Node.js 20 or newer. No LaunchDarkly SDK key or credentials required for scan or migrate.
 ---
-## Contributing
+## Local analysis
-See [CONTRIBUTING.md](./CONTRIBUTING.md).
+FlagLint runs entirely on your machine. No source code, flag keys, or file paths are
+transmitted to any external service. No outbound network connections during scan or migration.
 ---
-## License
+## Links
-MIT — see [LICENSE](./LICENSE).
+[Security](./SECURITY.md) · [Contributing](./CONTRIBUTING.md) · [Changelog](./CHANGELOG.md) · [License](./LICENSE) · [Full docs](https://flaglint.dev/docs/quickstart)

package/dist/bin/flaglint.js CHANGED Viewed

@@ -178,6 +178,7 @@ function walk(root, visit) {
 }
 function collectLDClients(ast) {
   const ldNamespaces = /* @__PURE__ */ new Set();
+  const ldInitFunctions = /* @__PURE__ */ new Set();
   for (const stmt of ast.body) {
     if (stmt.type === "ImportDeclaration") {
       const importDecl = stmt;
@@ -186,6 +187,12 @@ function collectLDClients(ast) {
           if (spec.type === "ImportNamespaceSpecifier" || spec.type === "ImportDefaultSpecifier") {
             ldNamespaces.add(spec.local.name);
           }
+          if (spec.type === "ImportSpecifier") {
+            const importedName = spec.imported.type === "Identifier" ? spec.imported.name : spec.imported.value;
+            if (importedName === "init") {
+              ldInitFunctions.add(spec.local.name);
+            }
+          }
         }
       }
       continue;
@@ -193,17 +200,29 @@ function collectLDClients(ast) {
     if (stmt.type === "VariableDeclaration") {
       const varDecl = stmt;
       for (const decl of varDecl.declarations) {
-        if (decl.id.type !== "Identifier" || !decl.init) continue;
+        if (!decl.init) continue;
         const init = decl.init;
-        if (init.type === "CallExpression" && init.callee.type === "Identifier" && init.callee.name === "require" && init.arguments.length >= 1 && init.arguments[0].type === "Literal" && LD_NODE_SERVER_PACKAGES.has(
+        const isLDRequire = init.type === "CallExpression" && init.callee.type === "Identifier" && init.callee.name === "require" && init.arguments.length >= 1 && init.arguments[0].type === "Literal" && LD_NODE_SERVER_PACKAGES.has(
           init.arguments[0].value
-        )) {
+        );
+        if (!isLDRequire) continue;
+        if (decl.id.type === "Identifier") {
           ldNamespaces.add(decl.id.name);
+          continue;
+        }
+        if (decl.id.type === "ObjectPattern") {
+          for (const prop of decl.id.properties) {
+            if (prop.type !== "Property") continue;
+            const keyName = prop.key.type === "Identifier" ? prop.key.name : prop.key.type === "Literal" && typeof prop.key.value === "string" ? prop.key.value : void 0;
+            if (keyName === "init" && prop.value.type === "Identifier") {
+              ldInitFunctions.add(prop.value.name);
+            }
+          }
         }
       }
     }
   }
-  if (ldNamespaces.size === 0) return /* @__PURE__ */ new Set();
+  if (ldNamespaces.size === 0 && ldInitFunctions.size === 0) return /* @__PURE__ */ new Set();
   const ldClients = /* @__PURE__ */ new Set();
   walk(ast, (node) => {
     if (node.type !== "VariableDeclaration") return;
@@ -211,6 +230,10 @@ function collectLDClients(ast) {
     for (const decl of varDecl.declarations) {
       if (decl.id.type !== "Identifier" || !decl.init || decl.init.type !== "CallExpression") continue;
       const initCall = decl.init;
+      if (initCall.callee.type === "Identifier" && ldInitFunctions.has(initCall.callee.name)) {
+        ldClients.add(decl.id.name);
+        continue;
+      }
       if (initCall.callee.type !== "MemberExpression" || initCall.callee.computed) continue;
       const initCallee = initCall.callee;
       if (initCallee.object.type === "Identifier" && initCallee.property.type === "Identifier" && ldNamespaces.has(initCallee.object.name) && initCallee.property.name === "init") {
@@ -740,7 +763,7 @@ function formatHTML(result, options) {
     <div class="card"><div class="card-num orange">${manualCount}</div><div class="card-label">Manual Review (${manualPct}%)</div></div>
     <div class="card"><div class="card-num blue">${detailBulkCount}</div><div class="card-label">Detail/Bulk Calls</div></div>` : "";
   const title = options.title ? esc(options.title) : "FlagLint Scan Report";
-  const version = true ? "0.5.1" : "0.1.0";
+  const version = true ? "0.5.3" : "0.1.0";
   return `<!DOCTYPE html>
 <html lang="en">
 <head>
@@ -1193,7 +1216,7 @@ function formatMigrationReport(analysis) {
     unsupportedUnknownCount
   } = analysis;
   const date = (/* @__PURE__ */ new Date()).toLocaleDateString();
-  const version = true ? "0.5.1" : "0.1.0";
+  const version = true ? "0.5.3" : "0.1.0";
   const lines = [];
   lines.push("# OpenFeature Migration Inventory");
   lines.push(`Generated by FlagLint v${version} on ${date}`);
@@ -1957,7 +1980,7 @@ Examples:
 // src/cli.ts
 function createCLI() {
   const program2 = new Command();
-  program2.name("flaglint").description("LaunchDarkly Node.js server SDK -> OpenFeature migration.").version("0.5.1", "-v, --version", "output the current version").addHelpText(
+  program2.name("flaglint").description("LaunchDarkly Node.js server SDK -> OpenFeature migration.").version("0.5.3", "-v, --version", "output the current version").addHelpText(
     "after",
     `
 Examples:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "flaglint",
-  "version": "0.5.1",
+  "version": "0.5.3",
   "description": "LaunchDarkly Node.js server SDK -> OpenFeature migration.",
   "type": "module",
   "bin": {
@@ -35,15 +35,18 @@
   },
   "scripts": {
     "sync:www": "tsx scripts/sync-www.ts",
-    "build": "npm run sync:www && tsup",
+    "build:cli": "npm run sync:www && tsup",
+    "build:docs": "ASTRO_TELEMETRY_DISABLED=1 astro build",
+    "build": "npm run build:cli && npm run build:docs",
+    "dev:docs": "ASTRO_TELEMETRY_DISABLED=1 astro dev",
     "dev": "tsup --watch",
     "typecheck": "tsc --noEmit",
     "typecheck:agent": "tsc --project tsconfig.agent.json",
-    "pretest": "npm run build",
+    "pretest": "npm run build:cli",
     "test": "vitest",
-    "pretest:run": "npm run build",
+    "pretest:run": "npm run build:cli",
     "test:run": "vitest run",
-    "pretest:coverage": "npm run build",
+    "pretest:coverage": "npm run build:cli",
     "test:coverage": "vitest run --coverage",
     "new-branch": "tsx scripts/new-branch.ts",
     "release:patch": "tsx scripts/release.ts patch",
@@ -62,9 +65,11 @@
     "zod": "^3.23.8"
   },
   "devDependencies": {
+    "@astrojs/starlight": "^0.39.2",
     "@types/micromatch": "^4.0.10",
     "@types/node": "^22.0.0",
     "@vitest/coverage-v8": "^4.1.6",
+    "astro": "^6.3.8",
     "clipboardy": "^4.0.0",
     "tsup": "^8.2.4",
     "tsx": "^4.19.0",