Difficulty

Intermediate

Read Time

9 min

How to use feature flags in JavaScript and TypeScript

By Codcompass Team·2026-05-20·9 min read

Runtime Conditionals: Architecting Feature Flags for Scale in TypeScript

Current Situation Analysis

Feature flags are frequently introduced as a simple deployment convenience: wrap a new module in a conditional, merge to main, and toggle visibility later. The conceptual model is trivial. The operational reality is not. As codebases mature, flags accumulate faster than they are retired, transforming clean control flow into a tangled web of runtime conditionals. Teams quickly discover that the cost of feature flags is not in their evaluation, but in their lifecycle management, architectural placement, and billing alignment.

The industry pain point stems from treating flags as temporary scaffolding rather than a persistent configuration layer. Developers assume flags will naturally decay after a rollout, but without explicit governance, they persist indefinitely. A codebase with dozens of stale flags becomes harder to reason about, increases bundle size, and introduces hidden branching logic that breaks during refactors. Additionally, many engineering teams overlook the architectural implications of where and how flags are evaluated. Initializing SDKs per request, passing untyped context objects, or relying on remote evaluation for every conditional introduces latency, memory pressure, and unnecessary network overhead.

A critical misunderstanding exists around vendor pricing models. Modern JavaScript and TypeScript SDKs download the complete ruleset during application startup and evaluate flags via in-memory dictionary lookups. No network request occurs at the point of evaluation. Despite this, several platforms charge based on Monthly Active Users (MAU), a metric that correlates poorly with actual infrastructure consumption. The vendor’s servers are idle during runtime evaluation; the client or server process handles the logic locally. Market data shows that flat-rate team tiers (e.g., $99/month for unlimited seats, audit trails, and analytics) align far better with the technical reality of local evaluation than MAU-metered plans. Teams that recognize this distinction avoid paying for a proxy metric while gaining predictable operational costs.

The problem is overlooked because the initial implementation is deceptively simple. A single if statement masks the downstream requirements: context serialization, type safety, cache invalidation, audit logging, and expiration tracking. Without a deliberate architecture, flags become technical debt that compounds with every release cycle.

WOW Moment: Key Findings

The architectural and financial implications of flag evaluation strategies become clear when comparing deployment patterns, evaluation latency, and billing alignment. The table below isolates the core tradeoffs that determine whether a flag system scales or stagnates.

Approach	Evaluation Latency	Rules Visibility	Billing Alignment	Cleanup Overhead
Client-Side Local	~0ms (in-memory lookup)	Visible in bundle (acceptable for product features)	High (flat-rate matches local compute)	Medium (requires lifecycle governance)
Server-Side Remote	5-50ms per request	Fully private	Low (MAU pricing inflates costs)	High (requires proxy infrastructure)
Server-Side Local	~0ms (in-memory lookup)	Fully private	High (flat-rate matches local compute)	Medium (requires lifecycle governance)
MAU-Metered Vendor	Varies by SDK	Varies	Low (charges for idle evaluation)	High (cost scales with traffic, not complexity)

This finding matters because it decouples billing from technical reality. When evaluation happens locally, infrastructure cost is fixed per instance, not per user. Choosing a flat-rate platform eliminates the financial penalty of successful rollouts. Furthermore, recognizing that client-side evaluation is safe for product features (rollouts, experiments, UI toggles) while server-side evaluation is mandatory for access control and pricing prevents

security leaks and unnecessary latency. The data confirms that a well-architected flag system prioritizes local evaluation, explicit context typing, and lifecycle prefixes to minimize cleanup overhead.

Core Solution

Implementing feature flags at scale requires treating them as a configuration layer, not a deployment hack. The architecture must enforce singleton initialization, type-safe context shaping, local evaluation, and explicit expiration tracking. Below is a production-grade implementation pattern in TypeScript.

Step 1: SDK Initialization & Singleton Pattern

Feature flag SDKs download the ruleset once and cache it in memory. Re-initializing per request or component defeats the local evaluation model and introduces race conditions. The solution is a singleton manager that initializes at application startup and exports a stable client reference.

// flag-engine.ts
import { createFlagClient, type FlagClient, type FlagContext } from '@runtime/flags';

class FlagManager {
  private static instance: FlagClient | null = null;
  private static isInitializing = false;

  static async initialize(apiKey: string): Promise<FlagClient> {
    if (this.instance) return this.instance;
    if (this.isInitializing) {
      await new Promise(resolve => setTimeout(resolve, 100));
      return this.instance!;
    }

    this.isInitializing = true;
    const client = createFlagClient({ apiKey, environment: 'production' });
    await client.loadRuleset();
    this.instance = client;
    this.isInitializing = false;
    return client;
  }

  static getClient(): FlagClient {
    if (!this.instance) throw new Error('FlagManager not initialized. Call initialize() at app startup.');
    return this.instance;
  }
}

export { FlagManager };

Rationale: The singleton pattern guarantees a single ruleset download. The initialization guard prevents concurrent startup races in serverless environments. Exporting a static getClient() method enforces consistent access across modules.

Step 2: Type-Safe Context Shaping

Flags rely on context objects to evaluate targeting rules. Passing arbitrary key-value pairs leads to runtime mismatches and dashboard configuration errors. A strict TypeScript interface ensures context payloads match the vendor’s expected schema.

// flag-context.ts
export interface UserContext {
  key: string;
  email?: string;
  plan: 'free' | 'team' | 'enterprise';
  accountAgeDays: number;
  region: string;
  isInternal: boolean;
}

export function buildUserContext(user: { id: string; email: string; subscription: string; createdAt: Date; locale: string }): UserContext {
  return {
    key: user.id,
    email: user.email,
    plan: user.subscription as UserContext['plan'],
    accountAgeDays: Math.floor((Date.now() - user.createdAt.getTime()) / 86400000),
    region: user.locale.split('-')[1] || 'US',
    isInternal: user.email.endsWith('@company.internal'),
  };
}

Rationale: Explicit typing prevents dashboard rule mismatches. Precomputing derived values (like accountAgeDays) ensures consistent evaluation across requests. The builder function isolates transformation logic from evaluation logic.

Step 3: Local Evaluation & Fallback Strategy

Evaluation should never block on network calls. The SDK evaluates against the cached ruleset. A fallback strategy handles initialization failures or missing keys without crashing the application.

// feature-gate.ts
import { FlagManager } from './flag-engine';
import type { UserContext } from './flag-context';

export class FeatureGate {
  private readonly client = FlagManager.getClient();

  evaluate(flagKey: string, context: UserContext, fallback: boolean = false): boolean {
    try {
      return this.client.evaluate(flagKey, context) ?? fallback;
    } catch (error) {
      console.warn(`Flag evaluation failed for ${flagKey}:`, error);
      return fallback;
    }
  }

  isReleaseActive(flagKey: string, context: UserContext): boolean {
    return this.evaluate(flagKey, context, false);
  }

  isKillSwitchEngaged(flagKey: string, context: UserContext): boolean {
    return !this.evaluate(flagKey, context, true);
  }
}

Rationale: The evaluate method wraps the SDK call with error handling and fallback injection. isReleaseActive defaults to false (fail closed), preventing untested features from leaking. isKillSwitchEngaged inverts the logic and defaults to true (fail open), ensuring critical services remain available if the flag system degrades.

Step 4: Architecture Decisions & Rationale

Local Evaluation Over Remote: Modern SDKs cache rulesets in memory. Remote evaluation adds latency and creates a single point of failure. Local evaluation is deterministic, faster, and aligns with flat-rate pricing.
Singleton Initialization: Prevents redundant network calls and memory duplication. Serverless functions benefit from cold-start optimization by sharing the client across invocations when possible.
Type-Safe Context: Eliminates dashboard misconfigurations. TypeScript compiles down to JavaScript, but the type layer catches mismatches during development, reducing production targeting errors.
Explicit Fallbacks: Flags are infrastructure. They can fail. Defaulting to safe states (fail closed for releases, fail open for kill switches) maintains system stability during SDK outages.
Lifecycle Prefixes: Naming flags by intent (release-, experiment-, kill-, ops-) makes expiration visible. Teams can filter dashboards by prefix to identify stale flags without manual audits.

Pitfall Guide

Feature flags introduce subtle failure modes that compound over time. The following pitfalls are drawn from production deployments and highlight architectural, operational, and financial mistakes.

1. Per-Request or Per-Component Initialization

Explanation: Developers initialize the SDK inside route handlers or React components, assuming it’s lightweight. This triggers repeated ruleset downloads, exhausts connection pools, and violates the local evaluation model. Fix: Initialize once at application bootstrap. Export a singleton client. Use dependency injection or module-level imports to share the instance across the codebase.

2. Unbounded Context Payloads

Explanation: Passing entire user objects, session data, or request headers to the flag SDK bloats evaluation memory and exposes sensitive data to vendor dashboards. Fix: Shape context explicitly. Include only attributes required for targeting rules. Strip PII, tokens, and internal metadata. Validate context shape with TypeScript interfaces.

3. Ignoring Flag Expiration

Explanation: Flags created for rollouts or experiments are never removed. They accumulate, increasing cognitive load and bundle size. Stale flags also mask deprecated code paths. Fix: Enforce lifecycle prefixes. Create a removal ticket at flag creation. Schedule quarterly audits to archive flags unchanged for 90+ days. Automate cleanup with CI checks that flag expired keys.

4. Client-Side Authorization Gates

Explanation: Using client-side flags to control pricing tiers, admin access, or paid features. The ruleset is visible in the bundle, allowing users to bypass restrictions via dev tools. Fix: Evaluate authorization flags server-side. Keep client-side flags strictly for UI toggles, experiments, and product features. Validate permissions on the backend regardless of client state.

5. MAU-Based Vendor Selection

Explanation: Choosing a platform that charges per monthly active user. Since evaluation happens locally, MAU billing penalizes successful traffic growth without reflecting actual vendor costs. Fix: Prioritize flat-rate pricing tiers. Verify that the SDK evaluates locally. Confirm that audit logs, analytics, and targeting rules are included in the base price. Avoid vendors that meter evaluation events.

6. Hardcoded Fallback Values

Explanation: Assuming flags always resolve correctly. When the SDK fails to load or a key is missing, unhandled undefined values cause runtime crashes or inconsistent UI states. Fix: Always provide explicit fallbacks. Use fail-closed defaults for new features and fail-open defaults for critical services. Wrap evaluation calls in try-catch blocks with logging.

7. Missing Audit Trail Integration

Explanation: Teams modify flags directly in production dashboards without tracking changes. Accidental toggles, unauthorized access, and rollback confusion become common. Fix: Enable audit logging in the vendor dashboard. Integrate flag change events into your observability stack (e.g., Datadog, Sentry). Require approval workflows for production environment changes.

Production Bundle

Action Checklist

Initialize SDK once at application startup using a singleton pattern
Define strict TypeScript interfaces for flag context payloads
Implement explicit fallback strategies (fail closed for releases, fail open for kill switches)
Prefix flags by lifecycle intent (release-, experiment-, kill-, ops-)
Create removal tickets at flag creation with a defined expiration window
Evaluate authorization and pricing flags server-side only
Enable audit logging and route flag change events to your observability pipeline
Verify vendor pricing aligns with local evaluation (prefer flat-rate over MAU)

Decision Matrix

Scenario	Recommended Approach	Why	Cost Impact
UI rollout, A/B test, or canary deployment	Client-side local evaluation	Zero latency, safe for product features, matches flat-rate billing	Low (predictable flat cost)
Pricing tier access, admin privileges, or paid features	Server-side local evaluation	Rules remain private, prevents client-side bypass	Medium (requires server infrastructure)
Third-party integration circuit breaker	Server-side kill switch with fail-open fallback	Immediate disable without deploy, maintains service availability	Low (operational efficiency)
High-traffic SaaS platform	Flat-rate vendor tier	MAU billing inflates costs despite local evaluation	High savings vs metered plans
Startup or internal tool	Client-side evaluation with simple context	Fast implementation, minimal infrastructure overhead	Low

Configuration Template

Copy this TypeScript configuration to bootstrap a production-ready flag system. Adjust environment variables and context builders to match your domain.

// config/flags.ts
import { FlagManager } from '../core/flag-engine';
import { FeatureGate } from '../core/feature-gate';
import { buildUserContext } from '../core/flag-context';

export async function bootstrapFlags() {
  const apiKey = process.env.FLAG_API_KEY;
  if (!apiKey) throw new Error('FLAG_API_KEY is required');

  await FlagManager.initialize(apiKey);
  return new FeatureGate();
}

// Usage in route handler or component
export async function getFeatureFlags(req: Request) {
  const gate = new FeatureGate();
  const userContext = buildUserContext(req.user);
  
  const showNewDashboard = gate.isReleaseActive('release-new-dashboard', userContext);
  const paymentProviderActive = gate.isKillSwitchEngaged('kill-payment-provider', userContext);
  
  return { showNewDashboard, paymentProviderActive };
}

Quick Start Guide

Install the SDK: Add your chosen flag platform’s TypeScript package to your project dependencies.
Initialize at Startup: Call the singleton initialize() method in your application entry point. Await ruleset loading before handling requests.
Define Context Types: Create a TypeScript interface for user/session context. Build a mapper function to transform raw data into the expected shape.
Evaluate Locally: Use the FeatureGate wrapper to evaluate flags with explicit fallbacks. Prefix keys by lifecycle intent.
Audit & Clean: Enable dashboard audit logs. Schedule quarterly reviews to archive flags unchanged for 90+ days. Create removal tickets at creation time.

🎉 Mid-Year Sale — Unlock Full Article

Base plan from just $4.99/mo or $49/yr

7-day free trial · Cancel anytime · 30-day money-back