npm - @flow-scanner/lightning-flow-scanner-core - Versions diffs - 6.11.0 → 6.11.1 - Mend

@flow-scanner/lightning-flow-scanner-core 6.11.0 → 6.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +55 -45
package/main/rules/TransformInsteadOfLoop.js +15 -16
package/package.json +1 -1
package/CONTRIBUTING.md +0 -31
package/SECURITY.md +0 -55
package/docs/media/banner.png +0 -0

package/README.md CHANGED Viewed

@@ -33,11 +33,10 @@
 - **[Default Rules](#default-rules)**
 - **[Configuration](#configuration)**
-  - [Defining Severity Levels](#defining-severity-levels)
-  - [Configuring Expressions](#configuring-expressions)
-  - [Specifying Exceptions](#specifying-exceptions)
-  - [Include Beta Rules](#include-beta-rules)
-  - [Rule Mode](#rule-mode)
+  - [Configure Severity Levels](#configure-severity-levels)
+  - [Overwrite Expressions](#overwrite-expressions)
+  - [Define Exceptions](#define-exceptions)
+  - [Scan Modes](#scan-modes)
 - **[Installation](#installation)**
   - [Distributions](#distributions)
   - [CICD Templates](#cicd-templates)
@@ -199,9 +198,9 @@ By default, all default rules are executed. You can customize individual rules a
 }
 ```
-### Defining Severity Levels
+### Configure Severity Levels
-When the severity is not provided it will be `warning` by default. Other available values for severity are `error` and `note`. Define the severity per rule as shown below:
+When the severity is not provided it will be `warning` by default. Other available values for severity are `error` and `note`. Configure the severity per rule as shown below:
 ```json
 {
@@ -216,9 +215,9 @@ When the severity is not provided it will be `warning` by default. Other availab
 }
 ```
-### Configuring Expressions
+### Overwrite Expressions
-Some rules have additional attributes to configure, such as the expression, that will overwrite default values. These can be configured in the same way as severity as shown in the following example.
+Some rules have an expression to configure, such as the expression, that will overwrite default values. These can be configured in the same way as severity as shown in the following example.
 ```json
 {
@@ -233,9 +232,9 @@ Some rules have additional attributes to configure, such as the expression, that
 }
 ```
-### Specifying Exceptions
+### Define Exceptions
-Specifying exceptions allows you to exclude specific scenarios from rule enforcement. Exceptions can be specified at the flow, rule, or result level to provide fine-grained control. Below is a breakdown of the available attributes of exception configuration:
+Defining exceptions allows you to exclude specific scenarios from rule enforcement. Exceptions can be specified at the flow, rule, or result level to provide fine-grained control. Below is a breakdown of the available attributes of exception configuration:
 ```json
 {
@@ -265,7 +264,9 @@ _Example_
 }
 ```
-### Include Beta Rules
+### Scan Modes
+#### Beta Mode
 New rules are introduced in Beta mode before being added to the default ruleset. To include current Beta rules, enable the optional betamode parameter in your configuration:
@@ -275,7 +276,7 @@ New rules are introduced in Beta mode before being added to the default ruleset.
 }
 ```
-### Rule Mode
+#### Rule Mode
 By default, Lightning Flow Scanner runs **all** default rules and merges any custom configurations you provide. This means you can override specific rules without having to list every rule to be executed. If instead, you want to run **only** the rules you explicitly specify, use `"ruleMode": "isolated"`:
 ```json
@@ -284,44 +285,28 @@ By default, Lightning Flow Scanner runs **all** default rules and merges any cus
 }
 ```
 ## Installation
 ### Distributions
-| Distribution                                      | Best for                                      | Install / Use                                                                                           |
+| Distribution                                      | Best for                                      | Install                                                                                           |
 |----------------------------------------------------------------|-----------------------------------------------|---------------------------------------------------------------------------------------------------------|
-| **[Salesforce CLI Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/cli/README.md)** | Local development, scratch orgs, CI/CD        | `sf plugins install lightning-flow-scanner`                                                             |
-| **[VS Code Extension](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/vsx/README.md)** | Real-time scanning inside VS Code             | `code --install-extension ForceConfigControl.lightning-flow-scanner-vsx`                               |
+| **[Salesforce CLI Plugin](https://www.npmjs.com/package/lightning-flow-scanner)** | Local development, scratch orgs, CI/CD        | `sf plugins install lightning-flow-scanner`                                                             |
+| **[VS Code Extension](https://open-vsx.org/extension/ForceConfigControl/lightning-flow-scanner-vsx)** | Real-time scanning inside VS Code             | `code --install-extension ForceConfigControl.lightning-flow-scanner-vsx`                               |
 | **[Salesforce App (Managed Package)](https://github.com/Flow-Scanner/lightning-flow-scanner-app)** | Run scans directly inside a Salesforce org  | `sf package install --package 04tgK0000007M73QAE` |
-| **[Core Library](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core)** (Node.js + Browser) | Custom tools, scripts, extensions, web apps   | `npm install -g @flow-scanner/lightning-flow-scanner-core`                                                 |
+| **[GitHub Action](https://github.com/marketplace/actions/lightning-flow-scan)** | Native PR checks        | `uses: Flow-Scanner/lightning-flow-scanner@action-v2.6.0` |
+| **[Core Library](https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core)** (Node.js + Browser) | Custom tools, scripts, extensions, web apps   | `npm install -g @flow-scanner/lightning-flow-scanner-core`                                                 |
 **Privacy:** Zero user data collected. All processing is client-side. → See our [Security Policy](https://github.com/Flow-Scanner/lightning-flow-scanner?tab=security-ov-file).
 ### CICD Templates
-Ready-to-use CI/CD templates and a **native GitHub Action**.
+Ready-to-use CI/CD templates and a **Copado Plugin**.
-| Platform       | Template Type                     | Link |
+| Platform       | Type                     | Link |
 |----------------|-----------------------------------|------|
 | [Azure DevOps](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/azure-templates.md)   | Full Project Scan                 | [`azure-pipelines-flow-FullScan.yml`](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/templates/azure-devops/azure-pipelines-flow-FullScan.yml) |
 | [Azure DevOps](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/azure-templates.md)   | Change-Based Scan                 | [`azure-pipelines-flow-changedFiles.yml`](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/templates/azure-devops/azure-pipelines-flow-changedFiles.yml) |
-| **[GitHub Action](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/action/README.md)** | Native PR checks                              | [GitHub Marketplace](https://github.com/marketplace/actions/run-flow-scanner)                           |
-| **[Copado Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner-copado)** | Copado CI/CD pipelines                        | [Copado Marketplace](https://success.copado.com/s/listing-detail?language=en_US&recordId=a54P7000003G3gBIAS) |
-GitHub Action Snippet:
-```yaml
-- name: Lightning Flow Scan
-  id: flowscanner
-  uses: Flow-Scanner/lightning-flow-scanner@main
-- name: Upload SARIF to Code Scanning
-  uses: github/codeql-action/upload-sarif@v3
-  with:
-    sarif_file: ${{ steps.flowscanner.outputs.sarifPath }}
-```
-To see the full example, see [`scan-flows.yml`](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/templates/github-action/scan-flows.yml).
+| **[Copado Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner-copado)** | Copado Plugin                       | [Copado Marketplace](https://success.copado.com/s/listing-detail?language=en_US&recordId=a54P7000003G3gBIAS) |
 ## Quick Start
@@ -330,19 +315,42 @@ To see the full example, see [`scan-flows.yml`](https://github.com/Flow-Scanner/
 Use `lightning-flow-scanner` in the Salesforce CLI:
 ```bash
-sf flow:scan # scan flows in current directory
-sf flow:fix -d src/force-app # fix flows in force-app directory
-sf flow:scan --sarif > report.sarif # get results as SARIF file
-sf flow scan --csv > results.csv # get results as CSV file
+sf flow:scan # Scan flows in the current directory
+sf flow:scan --sarif > report.sarif # Export scan results as SARIF
+sf flow scan --csv > results.csv # Export scan results as CSV
+sf flow doc > flow-docs.md # Generate flow documentation (Single markdown file)
+sf flow doc --output flow-docs --separate # Generate one Markdown file per flow
+sf flow:fix -d src/force-app # Fix flows in a specific directory
 ```
+For full details, see the [CLI Readme](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/cli/README.md).
 ### VS Code Extension
-Use our side bar or the **Command Palette** and type `flowscanner` to see all available commands:
+Use our side bar or the **Command Palette** and type `flow scanner` to see the list of all available commands.
-* `Configure Flow Scanner` - Set up rules in `.flow-scanner.yml`
+* `Configure Scanner` - Set up rules in `.flow-scanner.yml`
 * `Scan Flows` - Analyze a directory or selected flow files
 * `Fix Flows` - Automatically apply available fixes
-* `Flow Scanner Documentation` - Open the rules reference guide
+* `Generate Flow Documentation` - Generate flow documentation
+* `Open Scanner Documentation` - Open the rules reference guide
+For full details, see the [VSX Readme](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/vsx/README.md).
+### GitHub Action
+Add a GitHub workflow file `.github/workflows/scan-flows.yml` to detect issues directly in pull requests:
+```yaml
+- name: Lightning Flow Scan
+  id: flowscanner
+  uses: Flow-Scanner/lightning-flow-scanner@action-v2.6.0
+- name: Upload SARIF to Code Scanning
+  uses: github/codeql-action/upload-sarif@v3
+  with:
+    sarif_file: ${{ steps.flowscanner.outputs.sarifPath }}
+```
+For full details, see the [Action Readme](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/action/README.md).
 ### Core Module
 Use `lightning-flow-scanner-core` as a Node.js/browser dependency:
@@ -360,7 +368,7 @@ parse("flows/**/*.flow-meta.xml").then(scan).then(exportSarif)
 // Generate Markdown documentation with Mermaid flow diagrams
 import { parse, exportDiagram } from "@flow-scanner/lightning-flow-scanner-core";
 parse("flows/**/*.flow-meta.xml").then(exportDiagram)
-  // .then(md => fs.writeFile("FLOW_DOCUMENTATION.md", md))
+  // .then(md => fs.writeFile("flow-docs.md", md))
 // Browser Usage (Tooling API)
 const { Flow, scan } = window.lightningflowscanner;
@@ -373,6 +381,8 @@ const results = scan(
 );
 ```
+For more on Programmatic API, types, and advanced usage of `@flow-scanner/lightning-flow-scanner-core`, see the [Core Library Reference](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/core-reference.md).
 ## Development
 > This project optionally uses [Volta](https://volta.sh) to guarantee the exact same Node.js and tool versions for every contributor.

package/main/rules/TransformInsteadOfLoop.js CHANGED Viewed

@@ -53,23 +53,22 @@ function _interop_require_wildcard(obj, nodeInterop) {
 }
 let TransformInsteadOfLoop = class TransformInsteadOfLoop extends _RuleCommon.RuleCommon {
     check(flow, _options, _suppressions) {
-        var _flow_elements;
         const violations = [];
-        var _flow_elements_filter;
-        // Get all loop elements
-        const loops = (_flow_elements_filter = (_flow_elements = flow.elements) === null || _flow_elements === void 0 ? void 0 : _flow_elements.filter((e)=>e.subtype === "loops")) !== null && _flow_elements_filter !== void 0 ? _flow_elements_filter : [];
-        for (const loop of loops){
-            var _loopNode_connectors;
-            const loopNode = loop;
-            // Check if the loop's nextValueConnector (the iterative path) leads to an assignment
-            const nextValueConnector = (_loopNode_connectors = loopNode.connectors) === null || _loopNode_connectors === void 0 ? void 0 : _loopNode_connectors.find((connector)=>connector.type === "nextValueConnector");
-            if (nextValueConnector === null || nextValueConnector === void 0 ? void 0 : nextValueConnector.reference) {
-                var _flow_elements1;
-                // Find the element that the nextValueConnector points to
-                const targetElement = (_flow_elements1 = flow.elements) === null || _flow_elements1 === void 0 ? void 0 : _flow_elements1.find((e)=>e.name === nextValueConnector.reference);
-                // Check if the target is an assignment
-                if ((targetElement === null || targetElement === void 0 ? void 0 : targetElement.subtype) === "assignments") {
+        const triggerType = this.getStartProperty(flow, 'triggerType');
+        const isRecordBeforeSave = triggerType === "RecordBeforeSave";
+        if (isRecordBeforeSave) {
+            return violations;
+        }
+        const loops = flow.graph.getLoopNodes();
+        for (const loopNode of loops){
+            // Get elements that the loop connects to (includes nextValueConnector)
+            const nextElements = flow.graph.getNextElements(loopNode.name);
+            // Check if any directly connected element is an assignment
+            for (const nextElementName of nextElements){
+                const nextElement = flow.graph.getNode(nextElementName);
+                if ((nextElement === null || nextElement === void 0 ? void 0 : nextElement.subtype) === "assignments") {
                     violations.push(new _internals.Violation(loopNode));
+                    break; // Only report once per loop
                 }
             }
         }
@@ -88,7 +87,7 @@ let TransformInsteadOfLoop = class TransformInsteadOfLoop extends _RuleCommon.Ru
                 }
             ]
         }, {
-            severity: "error"
+            severity: "note"
         });
     }
 };

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@flow-scanner/lightning-flow-scanner-core",
   "description": "A lightweight engine for Flow metadata in Node.js, and browser environments. Assess and enhance Salesforce Flow automations for best practices, security, governor limits, and performance issues.",
-  "version": "6.11.0",
+  "version": "6.11.1",
   "main": "index.js",
   "exports": {
     ".": {

package/CONTRIBUTING.md DELETED Viewed

@@ -1,31 +0,0 @@
-## Contributing Guidelines
-Since 20201, the _Lightning Flow Scanner_ has grown from its roots as VS Code tool to empower Salesforce Developers across six free and open-source platforms—from developer tools to native Salesforce App—delivering a unified experience for robust static analysis of Flows. Our dedicated community has shared their expertise to deepen understanding of Flow optimization. Your support can amplify our impact. Here’s how you can contribute:
-- ⭐ Star or follow the project.
-- 📢 Share our work with your network.
-- 💬 Share feedback to help us improve.
-- 💻 Contribute code by submitting pull requests.
-- 🤝 [Join as a member](https://register.lightningflowscanner.org/) to connect.
-### I have a Question/Feedback
-For general questions, ideas, or seeking input on topics that might (or might not) turn into issues, we recommend to use our [Discussions](https://github.com/orgs/Flow-Scanner/discussions) forum. This is best for open-ended conversations, brainstorming, and gathering community input before creating a feature request.
-If it's more specific like a bug or a new feature—use [GitHub Issues](https://github.com/features/issues) instead. Before creating a new issue, please take a moment to search the existing [Issues](https://github.com/Flow-Scanner/lightning-flow-scanner/issues) to prevent duplicates. If you find something relevant, adding an upvote helps us understand demand and prioritize better. We've prepared a few templates to guide you through the process of issue reporting:
-###### Core Engine - For issues or requests related to the core functionality of the scanner, use the following links to submit your request:
-- [Report Issue](https://github.com/Flow-Scanner/lightning-flow-scanner/issues/new?template=bug_report.md): Report a bug or issue.
-- [Rule Request](https://github.com/Flow-Scanner/lightning-flow-scanner/issues/new?template=rule-request.md): Submit a request for a new rule.
-- [Features/Other](https://github.com/Flow-Scanner/lightning-flow-scanner/issues/new): Suggest a new feature or enhancement.
-###### Platforms - For issues or requests related to specific platforms, use the appropriate link below:
-- [CLI Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner/issues)
-- [Copado Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner-copado/issues)
-- [GitHub Action](https://github.com/Flow-Scanner/lightning-flow-scanner/issues)
-- [Salesforce App](https://github.com/Flow-Scanner/lightning-flow-scanner-app/issues)
-- [VS Code/Code Builder](https://github.com/Flow-Scanner/lightning-flow-scanner/issues)
-###### Thank you

package/SECURITY.md DELETED Viewed

@@ -1,55 +0,0 @@
-# Security Policy for Lightning Flow Scanner
-## Security Practices
-- All code is open-source and peer-reviewed by the community.
-- Vulnerabilities can be reported privately via [GitHub vulnerability reporting](https://github.com/Flow-Scanner/lightning-flow-scanner/security).
-- All changes are scanned with [Snyk](https://github.com/snyk/cli) prior to publication.
-- Releases to npm are published using **GitHub Actions Trusted Publishing (OIDC)**.
-- Tags (`v*`) trigger automated `npm publish`, providing a full audit trail.
-## Data Handling
-This tool collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
-We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
-**Note:** You may manually save scan results (e.g., reports, CSV, JSON) to your local filesystem. These files are created at your request and remain under your full control. This tool does not access, upload, or retain them.
-## Dependencies
-We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include:
-### Core
-| Package           | License                                                                           | Purpose                                        |
-| ----------------- | --------------------------------------------------------------------------------- | ---------------------------------------------- |
-| `fast-xml-parser` | [MIT](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/LICENSE) | Validate XML, Parse XML and Build XML rapidly. |
-### CLI
-| Package                             | License | Purpose |
-| ----------------------------------- | ------- | ------- |
-| `@oclif/core`                        | [MIT](https://github.com/oclif/oclif/blob/main/LICENSE) | CLI framework core utilities |
-| `@salesforce/core`                   | [BSD-3-Clause](https://github.com/forcedotcom/sfdx-core/blob/main/LICENSE.txt) | Salesforce core library for CLI plugins |
-| `@salesforce/sf-plugins-core`       | [Apache License 2.0](https://github.com/salesforcecli/sf-plugins-core/blob/main/LICENSE.txt) | Base library for Salesforce CLI plugins |
-| `chalk`                              | [MIT](https://github.com/chalk/chalk/blob/main/license) | Terminal string styling (colors) |
-| `cosmiconfig`                        | [MIT](https://github.com/cosmiconfig/cosmiconfig/blob/main/LICENSE) | Config file loader for JavaScript/Node |
-| `glob`                               | [MIT](https://github.com/isaacs/node-glob/blob/main/LICENSE.md) | File pattern matching |
-### VSX
-| Package                         | License                                                                              | Purpose`                                       |
-| ------------------------------- | ------------------------------------------------------------------------------------ | ---------------------------------------------- |
-| `cosmiconfig`                        | [MIT](https://github.com/cosmiconfig/cosmiconfig/blob/main/LICENSE) | Config file loader for JavaScript/Node |
-| `glob`                               | [MIT](https://github.com/isaacs/node-glob/blob/main/LICENSE.md) | File pattern matching |
-| `tabulator-tables`            | [MIT](https://github.com/olifolkerd/tabulator/blob/master/LICENSE)                      | Interactive tables and data grids for web apps |
-| `uuid`                        | [MIT](https://github.com/uuidjs/uuid/blob/main/LICENSE.md)                              | Generates RFC-compliant UUIDs                  |
-### Action
-| Package                         | License                                                                         | Purpose                                     |
-| ------------------------------- | ------------------------------------------------------------------------------- | ------------------------------------------- |
-| `@actions/core`               | [MIT](https://github.com/actions/toolkit/blob/main/packages/github/LICENSE)          | Toolkit for developing GitHub Actions       |
-| `@actions/github`             | [MIT](https://github.com/actions/toolkit/blob/main/packages/github/LICENSE)        | Interact with the GitHub API in Actions     |
-| `cosmiconfig`                        | [MIT](https://github.com/cosmiconfig/cosmiconfig/blob/main/LICENSE) | Config file loader for JavaScript/Node |

package/docs/media/banner.png DELETED Viewed

Binary file