@flow-scanner/lightning-flow-scanner-core 6.0.4 → 6.1.1

package/README.md

@@ -4,18 +4,23 @@
   </a>
 </p>
 
-<p align="center"><i>A plug-and-play engine for Flow metadata in Node.js & browsers—with 20+ rules to catch unsafe contexts, loop queries, hardcoded IDs, and more.</i></p>
+<p align="center"><i>UMD-compatible Flow metadata engine for Node.js & browsers—20+ rules to catch common issues.</i></p>
 
-- [Default Rules](#default-rules)
-- [Configuration](#configuration)
+---
+
+## Table of contens
+
+- **[Default Rules](#default-rules)**
+- **[Configuration](#configuration)**
   - [Defining Severity Levels](#defining-severity-levels)
   - [Configuring Expressions](#configuring-expressions)
   - [Specifying Exceptions](#specifying-exceptions)
   - [Include Beta Rules](#include-beta-rules)
-- [Usage](#Usage)
-  - [Installation](#installation)
-  - [Core Functions](#core-functions)
-- [Development](#development)
+- **[Usage](#Usage)**
+  - [Examples](#examples)
+  - [Functions](#core-functions)
+- **[Installation](#installation)**
+- **[Development](#development)**
 
 ---
 
@@ -24,7 +29,7 @@
 <p>📌 <strong>Tip:</strong> To link directly to a specific rule, use the full GitHub anchor link format. Example:</p>
 <p><em><a href="https://github.com/Flow-Scanner/lightning-flow-scanner-core#unsafe-running-context">https://github.com/Flow-Scanner/lightning-flow-scanner-core#unsafe-running-context</a></em></i></p>
 
-### Action Calls In Loop
+### Action Calls In Loop(Beta)
 
 _[ActionCallsInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/rules/ActionCallsInLoop.ts)_ - To prevent exceeding Apex governor limits, it is advisable to consolidate and bulkify your apex calls, utilizing a single action call containing a collection variable at the end of the loop.
 
@@ -226,15 +231,39 @@ New rules are introduced in Beta mode before being added to the default ruleset.
 
 ## Usage
 
-### Installation
-
-The Lightning Flow Scanner Core can be used as a dependency in Node.js and browser environments, or used as a standalone UMD module. To install:
-
-```bash
-npm install @flow-scanner/lightning-flow-scanner-core
+The Lightning Flow Scanner Core can be used as a dependency in Node.js and browser environments, or used as a standalone UMD module.
+
+### Examples
+
+```js
+// Basic
+import { parse, scan } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan);
+
+// Apply fixes automatically
+import { parse, scan, fix } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan).then(fix);
+
+// Get SARIF output
+import { parse, scan, exportSarif } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml")
+  .then(scan)
+  .then(exportSarif)
+  .then((sarif) => save("results.sarif", sarif));
+
+// Browser Usage (Tooling API)
+const { Flow, scan } = window.lightningflowscanner;
+const metadataRes = await conn.tooling.query(`SELECT Id, FullName, Metadata FROM Flow`);
+const results = scan(
+  metadataRes.records.map((r) => ({
+    uri: `/services/data/v60.0/tooling/sobjects/Flow/${r.Id}`,
+    flow: new Flow(r.FullName, r.Metadata),
+  })),
+  optionsForScan
+);
 ```
 
-### Core Functions
+### Functions
 
 #### [`getRules(ruleNames?: string[]): IRuleDefinition[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/GetRuleDefinitions.ts)
 
@@ -242,15 +271,33 @@ _Retrieves rule definitions used in the scanner._
 
 #### [`parse(selectedUris: any): Promise<ParsedFlow[]>`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ParseFlows.ts)
 
-_Parses metadata from selected Flow files._
+_Loads Flow XML files into in-memory models._
 
 #### [`scan(parsedFlows: ParsedFlow[], ruleOptions?: IRulesConfig): ScanResult[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ScanFlows.ts)
 
-_Runs rules against parsed flows and returns scan results._
+_Runs all enabled rules and returns detailed violations._
 
 #### [`fix(results: ScanResult[]): ScanResult[]`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/FixFlows.ts)
 
-_Attempts to apply automatic fixes where available._
+_Automatically applies available fixes(removing variables and unconnected elements)._
+
+#### [`exportSarif(results: ScanResult[]): string`](https://github.com/Flow-Scanner/lightning-flow-scanner-core/tree/main/src/main/libs/ExportSarif.ts)
+
+_Generates SARIF output with paths and exact line numbers._
+
+---
+
+## Installation
+
+`lightning-flow-scanner-core` is published to **npm** only.
+
+[![npm version](https://img.shields.io/npm/v/@flow-scanner/lightning-flow-scanner-core?label=npm)](https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core)
+
+**To install with npm:**
+
+```bash
+npm install @flow-scanner/lightning-flow-scanner-core
+```
 
 ---
 

package/index.d.ts

@@ -1,6 +1,7 @@
 import type { IRuleDefinition } from "./main/interfaces/IRuleDefinition";
 import type { IRulesConfig } from "./main/interfaces/IRulesConfig";
 import { Compiler } from "./main/libs/Compiler";
+import { exportSarif } from "./main/libs/ExportSarif";
 import { fix } from "./main/libs/FixFlows";
 import { getBetaRules, getRules } from "./main/libs/GetRuleDefinitions";
 import { parse } from "./main/libs/ParseFlows";
@@ -17,5 +18,5 @@ import { ParsedFlow } from "./main/models/ParsedFlow";
 import { ResultDetails } from "./main/models/ResultDetails";
 import { RuleResult } from "./main/models/RuleResult";
 import { ScanResult } from "./main/models/ScanResult";
-export { AdvancedRule, Compiler, fix, Flow, FlowAttribute, FlowElement, FlowNode, FlowResource, FlowType, FlowVariable, getBetaRules, getRules, parse, ParsedFlow, ResultDetails, RuleResult, scan, ScanResult, };
+export { AdvancedRule, Compiler, exportSarif, fix, Flow, FlowAttribute, FlowElement, FlowNode, FlowResource, FlowType, FlowVariable, getBetaRules, getRules, parse, ParsedFlow, ResultDetails, RuleResult, scan, ScanResult, };
 export type { IRuleDefinition, IRulesConfig };

package/index.js

@@ -48,6 +48,9 @@ _export(exports, {
     get ScanResult () {
         return _ScanResult.ScanResult;
     },
+    get exportSarif () {
+        return _ExportSarif.exportSarif;
+    },
     get fix () {
         return _FixFlows.fix;
     },
@@ -65,6 +68,7 @@ _export(exports, {
     }
 });
 const _Compiler = require("./main/libs/Compiler");
+const _ExportSarif = require("./main/libs/ExportSarif");
 const _FixFlows = require("./main/libs/FixFlows");
 const _GetRuleDefinitions = require("./main/libs/GetRuleDefinitions");
 const _ParseFlows = require("./main/libs/ParseFlows");

package/main/libs/ExportSarif.d.ts

@@ -0,0 +1,2 @@
+import { ScanResult } from "../models/ScanResult";
+export declare function exportSarif(results: ScanResult[]): string;

package/main/libs/ExportSarif.js

@@ -0,0 +1,136 @@
+// src/main/libs/exportSarif.ts
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "exportSarif", {
+    enumerable: true,
+    get: function() {
+        return exportSarif;
+    }
+});
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _object_spread(target) {
+    for(var i = 1; i < arguments.length; i++){
+        var source = arguments[i] != null ? arguments[i] : {};
+        var ownKeys = Object.keys(source);
+        if (typeof Object.getOwnPropertySymbols === "function") {
+            ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
+                return Object.getOwnPropertyDescriptor(source, sym).enumerable;
+            }));
+        }
+        ownKeys.forEach(function(key) {
+            _define_property(target, key, source[key]);
+        });
+    }
+    return target;
+}
+function exportSarif(results) {
+    const runs = results.map((result)=>{
+        const flow = result.flow;
+        const uri = getUri(flow);
+        return {
+            artifacts: [
+                {
+                    location: {
+                        uri
+                    },
+                    sourceLanguage: "xml"
+                }
+            ],
+            results: result.ruleResults.filter((r)=>r.occurs).flatMap((r)=>r.details.map((d)=>({
+                        level: mapSeverity(r.severity),
+                        locations: [
+                            {
+                                physicalLocation: {
+                                    artifactLocation: {
+                                        index: 0,
+                                        uri
+                                    },
+                                    region: mapRegion(d, result.flow.toXMLString() || "")
+                                }
+                            }
+                        ],
+                        message: {
+                            text: r.errorMessage || `${r.ruleName} in ${d.name}`
+                        },
+                        properties: _object_spread({
+                            element: d.name,
+                            flow: flow.name,
+                            type: d.type
+                        }, d.details),
+                        ruleId: r.ruleName
+                    }))),
+            tool: {
+                driver: {
+                    informationUri: "https://github.com/Flow-Scanner/lightning-flow-scanner-core",
+                    name: "Lightning Flow Scanner",
+                    rules: result.ruleResults.filter((r)=>r.occurs).map((r)=>({
+                            defaultConfiguration: {
+                                level: mapSeverity(r.severity)
+                            },
+                            fullDescription: {
+                                text: r.ruleDefinition.description || ""
+                            },
+                            id: r.ruleName,
+                            shortDescription: {
+                                text: r.ruleDefinition.description || r.ruleName
+                            }
+                        })),
+                    version: "1.0.0"
+                }
+            }
+        };
+    });
+    return JSON.stringify({
+        $schema: "https://json.schemastore.org/sarif-2.1.0.json",
+        runs,
+        version: "2.1.0"
+    }, null, 2);
+}
+function getUri(flow) {
+    return flow.fsPath ? flow.fsPath.replace(/\\/g, "/") : `flows/${flow.name}.flow-meta.xml`;
+}
+function mapRegion(detail, rawXml = "") {
+    if (!rawXml) return {
+        startLine: 1,
+        startColumn: 1
+    };
+    const lines = rawXml.split("\n");
+    const name = detail.name;
+    for(let i = 0; i < lines.length; i++){
+        if (lines[i].includes(`<name>${name}</name>`)) {
+            return {
+                startLine: i + 1,
+                startColumn: lines[i].indexOf(name) + 1
+            };
+        }
+    }
+    return {
+        startLine: 1,
+        startColumn: 1
+    };
+}
+function mapSeverity(sev) {
+    switch(sev === null || sev === void 0 ? void 0 : sev.toLowerCase()){
+        case "info":
+        case "note":
+            return "note";
+        case "warning":
+            return "warning";
+        default:
+            return "error";
+    }
+}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@flow-scanner/lightning-flow-scanner-core",
   "description": "A lightweight, purpose-built engine for parsing and analyzing Salesforce Flow metadata in Node.js or browser environments. Scan, validate, and optimize Flow automations for security risks, best practices, governor limits, and performance bottlenecks.",
-  "version": "6.0.4",
+  "version": "6.1.1",
   "main": "index.js",
   "types": "index.d.ts",
   "engines": {