@flow-scanner/lightning-flow-scanner-core 6.11.5 → 6.13.0

package/README.md

@@ -52,7 +52,7 @@
 
 > Want to code a new rule? → See [How to Write a Rule](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/write-a-rule.md)
 
-### Action Calls In Loop  
+### Action Call In A Loop
 _[ActionCallsInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/ActionCallsInLoop.ts)_ – To prevent exceeding Apex governor limits, it is advisable to consolidate and bulkify your apex calls, utilizing a single action call containing a collection variable at the end of the loop.  
 **Rule ID:** `action-call-in-loop`  
 **Severity:** 🔴 *Error*
@@ -193,9 +193,8 @@ _[UnusedVariable](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/ma
 
 It is recommend to configure and define:
 
-- The rules to be executed.
 - The severity of violating any specific rule.
-- Rule properties such as REGEX expressions.
+- Expressions used for rules, such as REGEX patterns and comparison operators.
 - Any known exceptions that should be ignored during scanning.
 
 ```json
@@ -216,7 +215,7 @@ By default, all default rules are executed. You can customize individual rules a
 ```json
 {
   "rules": {
-    "<RuleName>": {
+    "<RuleId>": {
       "severity": "<Severity>", // Override severity level
       "expression": "<Expression>", // Override rule expression
       "enabled": "false" // Disable this rule
@@ -232,10 +231,10 @@ When the severity is not provided it will be `warning` by default. Other availab
 ```json
 {
   "rules": {
-    "FlowDescription": {
+    "missing-flow-description": {
       "severity": "error"
     },
-    "UnusedVariable": {
+    "unused-variable": {
       "severity": "note"
     }
   }
@@ -249,10 +248,10 @@ Some rules have an expression to configure, such as the expression, that will ov
 ```json
 {
   "rules": {
-    "APIVersion": {
+    "invalid-api-version": {
       "expression": "===58" // comparison operator
     },
-    "FlowName": {
+    "invalid-naming-convention": {
       "expression": "[A-Za-z0-9]" // regular expression
     }
   }
@@ -267,7 +266,7 @@ Defining exceptions allows you to exclude specific scenarios from rule enforceme
 {
   "exceptions": {
     "<FlowName>": {
-      "<RuleName>": [
+      "<RuleId>": [
         "<ResultName>", // Suppress a result
         "*", // Wildcard to suppress all results
         ...
@@ -284,8 +283,8 @@ _Example_
 {
   "exceptions": {
     "MyFlow": {
-      "HardcodedId": ["Old_Lookup_1"]
-      "MissingNullHandler": ["*"],
+      "hardcoded-id": ["Old_Lookup_1"],
+      "missing-null-handler": ["*"]
     }
   }
 }
@@ -321,7 +320,7 @@ By default, Lightning Flow Scanner runs **all** default rules and merges any cus
 | **[Salesforce CLI Plugin](https://www.npmjs.com/package/lightning-flow-scanner)** | Local development, scratch orgs, CI/CD        | `sf plugins install lightning-flow-scanner`                                                             |
 | **[VS Code Extension](https://open-vsx.org/extension/ForceConfigControl/lightning-flow-scanner-vsx)** | Real-time scanning inside VS Code             | `code --install-extension ForceConfigControl.lightning-flow-scanner-vsx`                               |
 | **[Salesforce App (Managed Package)](https://github.com/Flow-Scanner/lightning-flow-scanner-app)** | Run scans directly inside a Salesforce org  | `sf package install --package 04tgK0000008CLlQAM` |
-| **[GitHub Action](https://github.com/marketplace/actions/lightning-flow-scan)** | Native PR checks        | `uses: Flow-Scanner/lightning-flow-scanner@action-v2.6.0` |
+| **[GitHub Action](https://github.com/marketplace/actions/lightning-flow-scan)** | Native PR checks        | `uses: Flow-Scanner/lightning-flow-scanner@main` |
 | **[Core Library](https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core)** (Node.js + Browser) | Custom tools, scripts, extensions, web apps   | `npm install -g @flow-scanner/lightning-flow-scanner-core`                                                 |
 
 **Privacy:** Zero user data collected. All processing is client-side. → See our [Security Policy](https://github.com/Flow-Scanner/lightning-flow-scanner?tab=security-ov-file).
@@ -369,7 +368,7 @@ Add a GitHub workflow file `.github/workflows/scan-flows.yml` to detect issues d
 ```yaml
 - name: Lightning Flow Scan
   id: flowscanner
-  uses: Flow-Scanner/lightning-flow-scanner@action-v2.6.0
+  uses: Flow-Scanner/lightning-flow-scanner@main
 
 - name: Upload SARIF to Code Scanning
   uses: github/codeql-action/upload-sarif@v3

package/main/libs/BuildFlow.js

@@ -8,13 +8,16 @@ Object.defineProperty(exports, "BuildFlow", {
         return BuildFlow;
     }
 });
-const _ConvertFlowNodes = require("./ConvertFlowNodes");
 function BuildFlow(nodesToMerge) {
     let res = {};
     for (const nodeToMerge of nodesToMerge){
         const subtype = nodeToMerge.subtype;
         const nodesOfType = nodesToMerge.filter((node)=>subtype === node.subtype);
-        res = (0, _ConvertFlowNodes.convertFlowNodes)(res, nodesOfType, subtype);
+        res = convertFlowNodes(res, nodesOfType, subtype);
     }
     return res;
 }
+function convertFlowNodes(obj, nodes, key) {
+    obj[key] = nodes.map((node)=>node.element);
+    return obj;
+}

package/main/libs/GetRuleDefinitions.js

@@ -16,7 +16,7 @@ _export(exports, {
         return getRules;
     }
 });
-const _RuleRegistry = require("../store/RuleRegistry");
+const _RuleRegistry = require("../config/RuleRegistry");
 function GetRuleDefinitions(ruleConfig, options) {
     const includeBeta = (options === null || options === void 0 ? void 0 : options.betaMode) === true || (options === null || options === void 0 ? void 0 : options.betamode) === true;
     const rulesMode = (options === null || options === void 0 ? void 0 : options.ruleMode) || "merged";

package/main/models/Flow.d.ts

@@ -5,7 +5,7 @@ export declare class Flow {
     /**
      * Metadata Tags of Salesforce Flow Attributes
      */
-    static readonly ATTRIBUTE_TAGS: readonly ["description", "apiVersion", "processMetadataValues", "processType", "interviewLabel", "label", "status", "runInMode", "startElementReference", "isTemplate", "fullName", "timeZoneSidKey", "isAdditionalPermissionRequiredToRun", "migratedFromWorkflowRuleName", "triggerOrder", "environments", "segment"];
+    static readonly ATTRIBUTE_TAGS: readonly ["apiVersion", "areMetricsLoggedToDataCloud", "description", "environments", "fullName", "interviewLabel", "isAdditionalPermissionRequiredToRun", "isTemplate", "label", "migratedFromWorkflowRuleName", "processMetadataValues", "processType", "runInMode", "segment", "startElementReference", "status", "timeZoneSidKey", "triggerOrder"];
     /**
      * Metadata Tags of Salesforce Flow Nodes
      */

package/main/models/Flow.js

@@ -331,23 +331,24 @@ let Flow = class Flow {
 /**
    * Metadata Tags of Salesforce Flow Attributes
    */ _define_property(Flow, "ATTRIBUTE_TAGS", [
-    "description",
     "apiVersion",
-    "processMetadataValues",
-    "processType",
+    "areMetricsLoggedToDataCloud",
+    "description",
+    "environments",
+    "fullName",
     "interviewLabel",
+    "isAdditionalPermissionRequiredToRun",
+    "isTemplate",
     "label",
-    "status",
+    "migratedFromWorkflowRuleName",
+    "processMetadataValues",
+    "processType",
     "runInMode",
+    "segment",
     "startElementReference",
-    "isTemplate",
-    "fullName",
+    "status",
     "timeZoneSidKey",
-    "isAdditionalPermissionRequiredToRun",
-    "migratedFromWorkflowRuleName",
-    "triggerOrder",
-    "environments",
-    "segment"
+    "triggerOrder"
 ]);
 /**
    * Metadata Tags of Salesforce Flow Nodes

package/main/rules/APIVersion.js

@@ -57,14 +57,14 @@ let APIVersion = class APIVersion extends _RuleCommon.RuleCommon {
         if (flow.xmldata.apiVersion) {
             flowAPIVersionNumber = +flow.xmldata.apiVersion;
         }
-        // No API version
-        if (!flowAPIVersionNumber) {
-            return [
-                new _internals.Violation(new _internals.FlowAttribute("API Version <49", "apiVersion", "<49"))
-            ];
-        }
         // Custom logic
         if (options === null || options === void 0 ? void 0 : options.expression) {
+            // No API version with custom expression
+            if (!flowAPIVersionNumber) {
+                return [
+                    new _internals.Violation(new _internals.FlowAttribute("apiVersion<50", "apiVersion", "<50"))
+                ];
+            }
             // Match something like: >= 58
             const match = options.expression.match(/^\s*(>=|<=|>|<|===|!==)\s*(\d+)\s*$/);
             if (!match) {
@@ -101,6 +101,13 @@ let APIVersion = class APIVersion extends _RuleCommon.RuleCommon {
                     new _internals.Violation(new _internals.FlowAttribute(`${flowAPIVersionNumber}`, "apiVersion", options.expression))
                 ];
             }
+        } else {
+            // Default: no API version OR version below 50
+            if (!flowAPIVersionNumber || flowAPIVersionNumber < 50) {
+                return [
+                    new _internals.Violation(new _internals.FlowAttribute(flowAPIVersionNumber ? `${flowAPIVersionNumber}` : "apiVersion<50", "apiVersion", "<50"))
+                ];
+            }
         }
         return [];
     }

package/main/rules/GetRecordAllFields.js

@@ -59,7 +59,9 @@ let GetRecordAllFields = class GetRecordAllFields extends _RuleCommon.RuleCommon
         const violations = lookupNodes.filter((node)=>{
             const el = node.element;
             const storeAllFields = typeof el === "object" && "storeOutputAutomatically" in el && el.storeOutputAutomatically;
-            const hasQueriedFields = typeof el === "object" && Array.isArray(el.queriedFields) && el.queriedFields.length > 0;
+            // Handle both single field (string) and multiple fields (array)
+            const queriedFields = el.queriedFields;
+            const hasQueriedFields = queriedFields && (Array.isArray(queriedFields) && queriedFields.length > 0 || typeof queriedFields === "string");
             return storeAllFields && !hasQueriedFields;
         }).map((node)=>new _internals.Violation(node));
         return violations;

package/main/rules/MissingNullHandler.js

@@ -64,9 +64,12 @@ let MissingNullHandler = class MissingNullHandler extends _RuleCommon.RuleCommon
             if (suppressions.has(getElement.name)) continue;
             const elementName = getElement.name;
             const assignNulls = String(getElement.element["assignNullValuesIfNoRecordsFound"]).toLowerCase() === "true";
-            if (!assignNulls) continue;
             const hasFaultConnector = !!getElement.element["faultConnector"] || ((_getElement_connectors = getElement.connectors) === null || _getElement_connectors === void 0 ? void 0 : _getElement_connectors.some((c)=>c.type === "faultConnector"));
-            if (hasFaultConnector) continue;
+            // Only skip if NOT assigning nulls AND has fault connector
+            // (because fault will catch the "no records" error)
+            if (!assignNulls && hasFaultConnector) {
+                continue;
+            }
             const resultReferences = [];
             if (getElement.element["storeOutputAutomatically"]) {
                 resultReferences.push(elementName);
@@ -84,6 +87,10 @@ let MissingNullHandler = class MissingNullHandler extends _RuleCommon.RuleCommon
                 return resultReferences.some((ref)=>json.includes(`"${ref}"`) || json.includes(`"${ref}.`));
             });
             if (!resultIsUsed) continue;
+            // If assignNullValuesIfNoRecordsFound is TRUE, we need a null check decision
+            if (!assignNulls) {
+                continue;
+            }
             let nullCheckFound = false;
             for (const decision of decisionElements){
                 let rules = decision.element["rules"];

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@flow-scanner/lightning-flow-scanner-core",
   "description": "A lightweight engine for Flow metadata in Node.js, and browser environments. Assess and enhance Salesforce Flow automations for best practices, security, governor limits, and performance issues.",
-  "version": "6.11.5",
+  "version": "6.13.0",
   "main": "index.js",
   "exports": {
     ".": {

package/main/libs/ConvertFlowNodes.d.ts

@@ -1 +0,0 @@
-export declare function convertFlowNodes(obj: any, nodes: any, key: any): any;

package/main/libs/ConvertFlowNodes.js

@@ -1,14 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", {
-    value: true
-});
-Object.defineProperty(exports, "convertFlowNodes", {
-    enumerable: true,
-    get: function() {
-        return convertFlowNodes;
-    }
-});
-function convertFlowNodes(obj, nodes, key) {
-    obj[key] = nodes.map((node)=>node.element);
-    return obj;
-}