Updated weekly · last scan 14 Jun 2026

Feature flag debt, across the open-source ecosystem.

Every week, FlagShark scans a curated list of public repos that use known feature flag SDKs. Sortable, filterable, and (if it's your repo) embarrassing. Public MIT/Apache repos only, no opt-in required. If you're a maintainer and want off the list, email us and we remove within 24 hours, no questions asked.

repos in the scoreboard

617

total stale flags

77/repo

average stale flag count

3650d

oldest stale flag

// filter

#	Repo	★ stars	stale flags↓	total flags	primary lang	last scan
01	PostHog/posthog-js	★ 549	465	68	typescript	4d ago	details →
02	Unleash/unleash	★ 14k	47	26	typescript	4d ago	details →
03	PostHog/posthog	★ 35k	39	64	python	4d ago	details →
04	medusajs/medusa	★ 34k	34	10	typescript	4d ago	details →
05	supabase/supabase	★ 104k	19	15	typescript	4d ago	details →
06	gitpod-io/gitpod	★ 14k	7	5	typescript	4d ago	details →
07	growthbook/growthbook	★ 7.9k	4	2	typescript	4d ago	details →
08	medplum/medplum	★ 2.4k	2	2	typescript	4d ago	details →

Showing 8 of 8 repos

// 22 candidates skipped this run

appwrite/appwrite · no-flag-sdk-detected
bytebase/bytebase · no-flag-sdk-detected
calcom/cal.com · no-flag-sdk-detected
directus/directus · no-flag-sdk-detected
discourse/discourse · no-flag-sdk-detected
firefly-iii/firefly-iii · no-flag-sdk-detected
FlagShark/flagshark · github-api-failed
getsentry/sentry · no-flag-sdk-detected
immich-app/immich · no-flag-sdk-detected
infisical/infisical · no-flag-sdk-detected
ladybirdbrowser/ladybird · no-flag-sdk-detected
mattermost/mattermost · no-flag-sdk-detected
n8n-io/n8n · no-flag-sdk-detected
novuhq/novu · no-flag-sdk-detected
outline/outline · no-flag-sdk-detected
prisma/prisma · no-flag-sdk-detected
RocketChat/Rocket.Chat · no-flag-sdk-detected
strapi/strapi · no-flag-sdk-detected
torvalds/linux · no-flag-sdk-detected
triggerdotdev/trigger.dev · no-flag-sdk-detected
vercel/next.js · no-flag-sdk-detected
withastro/astro · no-flag-sdk-detected

Methodology

How this scoreboard actually works.

Honest about the limits. If you're a maintainer of a listed repo and find a finding incorrect, every row has a "report" link, or you can ask us to remove the repo entirely.

// scan source

Public default branches.

We clone the default branch of public repos. Same tree-sitter scanner the FlagShark GitHub Action runs. No tokens, no signed-in access, no traffic data, just the code that's already on GitHub.

// staleness rules

90 days, then git blame.

A flag is "stale" if its line was last modified more than 90 days ago, or if it only appears in a single file (suggesting a fully-rolled-out flag). We require full clone history because git blame on a shallow clone is meaningless.

// frequency

Weekly re-scan.

Every Sunday at 03:00 UTC. Results are written to data/oss-scoreboard.json and published on the next site build.

// opt-out

Any maintainer can request removal.

Email [email protected] from a verifiable maintainer address. We add the repo to data/oss-denylist.json and it disappears on the next scan.

// false positives

Click "report" on any row.

Every row has a mailto link with the repo prefilled. We don't publish a false-positive rate yet; too few scans to compute one honestly. We'll publish once we have 90 days of feedback signal.

// what we won't do

No shaming, no badges of dishonor.

We won't tweet at maintainers about their stale flags. We won't sell "flag-debt insurance." We won't approach companies offering "let us clean this up" unless they ask.

// last full scan 14 Jun 2026 · 8 of 30 candidate repos qualified for the board · scanner v @flagshark/core