npm - @flow-scanner/lightning-flow-scanner-core - Versions diffs - 6.0.4 → 6.1.0 - Mend

@flow-scanner/lightning-flow-scanner-core 6.0.4 → 6.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +52 -16
package/index.d.ts +2 -1
package/index.js +4 -0
package/main/libs/ExportSarif.d.ts +2 -0
package/main/libs/ExportSarif.js +136 -0
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -4,18 +4,23 @@
   </a>
 </p>
-<p align="center"><i>A plug-and-play engine for Flow metadata in Node.js & browsers—with 20+ rules to catch unsafe contexts, loop queries, hardcoded IDs, and more.</i></p>
+<p align="center"><i>UMD-compatible Flow metadata engine for Node.js & browsers—20+ rules to catch common issues.</i></p>
-- [Default Rules](#default-rules)
-- [Configuration](#configuration)
+---
+## Table of contens
+- **[Default Rules](#default-rules)**
+- **[Configuration](#configuration)**
   - [Defining Severity Levels](#defining-severity-levels)
   - [Configuring Expressions](#configuring-expressions)
   - [Specifying Exceptions](#specifying-exceptions)
   - [Include Beta Rules](#include-beta-rules)
-- [Usage](#Usage)
-  - [Installation](#installation)
-  - [Core Functions](#core-functions)
-- [Development](#development)
+- **[Usage](#Usage)**
+  - [Examples](#examples)
+  - [Functions](#core-functions)
+- **[Installation](#installation)**
+- **[Development](#development)**
 ---
@@ -24,7 +29,7 @@
 <p>📌 <strong>Tip:</strong> To link directly to a specific rule, use the full GitHub anchor link format. Example:</p>
 <p><em><a href="https://github.com/Flow-Scanner/lightning-flow-scanner-core#unsafe-running-context">https://github.com/Flow-Scanner/lightning-flow-scanner-core#unsafe-running-context</a></em></i></p>
-### Action Calls In Loop
+### Action Calls In Loop(Beta)
 _[ActionCallsInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/rules/ActionCallsInLoop.ts)_ - To prevent exceeding Apex governor limits, it is advisable to consolidate and bulkify your apex calls, utilizing a single action call containing a collection variable at the end of the loop.
@@ -226,15 +231,28 @@ New rules are introduced in Beta mode before being added to the default ruleset.
 ## Usage
-### Installation
+The Lightning Flow Scanner Core can be used as a dependency in Node.js and browser environments, or used as a standalone UMD module.
-The Lightning Flow Scanner Core can be used as a dependency in Node.js and browser environments, or used as a standalone UMD module. To install:
+### Examples
-```bash
-npm install @flow-scanner/lightning-flow-scanner-core
+```js
+// Basic
+import { parse, scan } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan);
+// Apply fixes automatically
+import { parse, scan, fix } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan).then(fix);
+// Get SARIF output
+import { parse, scan, exportSarif } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml")
+  .then(scan)
+  .then(exportSarif)
+  .then((sarif) => save("results.sarif", sarif));
 ```
-### Core Functions
+### Functions
 #### [`getRules(ruleNames?: string[]): IRuleDefinition[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/GetRuleDefinitions.ts)
@@ -242,15 +260,33 @@ _Retrieves rule definitions used in the scanner._
 #### [`parse(selectedUris: any): Promise<ParsedFlow[]>`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ParseFlows.ts)
-_Parses metadata from selected Flow files._
+_Loads Flow XML files into in-memory models._
 #### [`scan(parsedFlows: ParsedFlow[], ruleOptions?: IRulesConfig): ScanResult[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ScanFlows.ts)
-_Runs rules against parsed flows and returns scan results._
+_Runs all enabled rules and returns detailed violations._
 #### [`fix(results: ScanResult[]): ScanResult[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/FixFlows.ts)
-_Attempts to apply automatic fixes where available._
+_Automatically applies available fixes(removing variables and unconnected elements)._
+#### [`exportSarif(results: ScanResult[]): string`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ExportSarif.ts)
+_Generates SARIF output with paths and exact line numbers._
+---
+## Installation
+`lightning-flow-scanner-core` is published to **npm** only.
+[![npm version](https://img.shields.io/npm/v/@flow-scanner/lightning-flow-scanner-core?label=npm)](https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core)
+**To install with npm:**
+```bash
+npm install @flow-scanner/lightning-flow-scanner-core
+```
 ---

package/index.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import type { IRuleDefinition } from "./main/interfaces/IRuleDefinition";
 import type { IRulesConfig } from "./main/interfaces/IRulesConfig";
 import { Compiler } from "./main/libs/Compiler";
+import { exportSarif } from "./main/libs/ExportSarif";
 import { fix } from "./main/libs/FixFlows";
 import { getBetaRules, getRules } from "./main/libs/GetRuleDefinitions";
 import { parse } from "./main/libs/ParseFlows";
@@ -17,5 +18,5 @@ import { ParsedFlow } from "./main/models/ParsedFlow";
 import { ResultDetails } from "./main/models/ResultDetails";
 import { RuleResult } from "./main/models/RuleResult";
 import { ScanResult } from "./main/models/ScanResult";
-export { AdvancedRule, Compiler, fix, Flow, FlowAttribute, FlowElement, FlowNode, FlowResource, FlowType, FlowVariable, getBetaRules, getRules, parse, ParsedFlow, ResultDetails, RuleResult, scan, ScanResult, };
+export { AdvancedRule, Compiler, exportSarif, fix, Flow, FlowAttribute, FlowElement, FlowNode, FlowResource, FlowType, FlowVariable, getBetaRules, getRules, parse, ParsedFlow, ResultDetails, RuleResult, scan, ScanResult, };
 export type { IRuleDefinition, IRulesConfig };

package/index.js CHANGED Viewed

@@ -48,6 +48,9 @@ _export(exports, {
     get ScanResult () {
         return _ScanResult.ScanResult;
     },
+    get exportSarif () {
+        return _ExportSarif.exportSarif;
+    },
     get fix () {
         return _FixFlows.fix;
     },
@@ -65,6 +68,7 @@ _export(exports, {
     }
 });
 const _Compiler = require("./main/libs/Compiler");
+const _ExportSarif = require("./main/libs/ExportSarif");
 const _FixFlows = require("./main/libs/FixFlows");
 const _GetRuleDefinitions = require("./main/libs/GetRuleDefinitions");
 const _ParseFlows = require("./main/libs/ParseFlows");

package/main/libs/ExportSarif.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import { ScanResult } from "../models/ScanResult";
2	+ export declare function exportSarif(results: ScanResult[]): string;

package/main/libs/ExportSarif.js ADDED Viewed

@@ -0,0 +1,136 @@
+// src/main/libs/exportSarif.ts
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "exportSarif", {
+    enumerable: true,
+    get: function() {
+        return exportSarif;
+    }
+});
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _object_spread(target) {
+    for(var i = 1; i < arguments.length; i++){
+        var source = arguments[i] != null ? arguments[i] : {};
+        var ownKeys = Object.keys(source);
+        if (typeof Object.getOwnPropertySymbols === "function") {
+            ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
+                return Object.getOwnPropertyDescriptor(source, sym).enumerable;
+            }));
+        }
+        ownKeys.forEach(function(key) {
+            _define_property(target, key, source[key]);
+        });
+    }
+    return target;
+}
+function exportSarif(results) {
+    const runs = results.map((result)=>{
+        const flow = result.flow;
+        const uri = getUri(flow);
+        return {
+            artifacts: [
+                {
+                    location: {
+                        uri
+                    },
+                    sourceLanguage: "xml"
+                }
+            ],
+            results: result.ruleResults.filter((r)=>r.occurs).flatMap((r)=>r.details.map((d)=>({
+                        level: mapSeverity(r.severity),
+                        locations: [
+                            {
+                                physicalLocation: {
+                                    artifactLocation: {
+                                        index: 0,
+                                        uri
+                                    },
+                                    region: mapRegion(d, result.flow.toXMLString() || "")
+                                }
+                            }
+                        ],
+                        message: {
+                            text: r.errorMessage || `${r.ruleName} in ${d.name}`
+                        },
+                        properties: _object_spread({
+                            element: d.name,
+                            flow: flow.name,
+                            type: d.type
+                        }, d.details),
+                        ruleId: r.ruleName
+                    }))),
+            tool: {
+                driver: {
+                    informationUri: "https://github.com/Flow-Scanner/lightning-flow-scanner-core",
+                    name: "Lightning Flow Scanner",
+                    rules: result.ruleResults.filter((r)=>r.occurs).map((r)=>({
+                            defaultConfiguration: {
+                                level: mapSeverity(r.severity)
+                            },
+                            fullDescription: {
+                                text: r.ruleDefinition.description || ""
+                            },
+                            id: r.ruleName,
+                            shortDescription: {
+                                text: r.ruleDefinition.description || r.ruleName
+                            }
+                        })),
+                    version: "1.0.0"
+                }
+            }
+        };
+    });
+    return JSON.stringify({
+        $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+        runs,
+        version: "2.1.0"
+    }, null, 2);
+}
+function getUri(flow) {
+    return flow.fsPath ? flow.fsPath.replace(/\\/g, "/") : `flows/${flow.name}.flow-meta.xml`;
+}
+function mapRegion(detail, rawXml = "") {
+    if (!rawXml) return {
+        startLine: 1,
+        startColumn: 1
+    };
+    const lines = rawXml.split("\n");
+    const name = detail.name;
+    for(let i = 0; i < lines.length; i++){
+        if (lines[i].includes(`<name>${name}</name>`)) {
+            return {
+                startLine: i + 1,
+                startColumn: lines[i].indexOf(name) + 1
+            };
+        }
+    }
+    return {
+        startLine: 1,
+        startColumn: 1
+    };
+}
+function mapSeverity(sev) {
+    switch(sev === null || sev === void 0 ? void 0 : sev.toLowerCase()){
+        case "info":
+        case "note":
+            return "note";
+        case "warning":
+            return "warning";
+        default:
+            return "error";
+    }
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@flow-scanner/lightning-flow-scanner-core",
   "description": "A lightweight, purpose-built engine for parsing and analyzing Salesforce Flow metadata in Node.js or browser environments. Scan, validate, and optimize Flow automations for security risks, best practices, governor limits, and performance bottlenecks.",
-  "version": "6.0.4",
+  "version": "6.1.0",
   "main": "index.js",
   "types": "index.d.ts",
   "engines": {