@flow-scanner/lightning-flow-scanner-core 6.6.4 → 6.6.5

package/CONTRIBUTING.md

@@ -0,0 +1,31 @@
+## Contributing Guidelines
+
+Since 20201, the _Lightning Flow Scanner_ has grown from its roots as VS Code tool to empower Salesforce Developers across six free and open-source platforms—from developer tools to native Salesforce App—delivering a unified experience for robust static analysis of Flows. Our dedicated community has shared their expertise to deepen understanding of Flow optimization. Your support can amplify our impact. Here’s how you can contribute:
+
+- ⭐ Star or follow the project.
+- 📢 Share our work with your network.
+- 💬 Share feedback to help us improve.
+- 💻 Contribute code by submitting pull requests.
+- 🤝 [Join as a member](https://register.lightningflowscanner.org/) to connect.
+
+### I have a Question/Feedback
+
+For general questions, ideas, or seeking input on topics that might (or might not) turn into issues, we recommend to use our [Discussions](https://github.com/orgs/Flow-Scanner/discussions) forum. This is best for open-ended conversations, brainstorming, and gathering community input before creating a feature request.
+
+If it's more specific like a bug or a new feature—use [GitHub Issues](https://github.com/features/issues) instead. Before creating a new issue, please take a moment to search the existing [Issues](https://github.com/Flow-Scanner/lightning-flow-scanner/issues) to prevent duplicates. If you find something relevant, adding an upvote helps us understand demand and prioritize better. We've prepared a few templates to guide you through the process of issue reporting:
+
+###### Core Engine - For issues or requests related to the core functionality of the scanner, use the following links to submit your request:
+
+- [Report Issue](https://github.com/Flow-Scanner/lightning-flow-scanner/issues/new?template=bug_report.md): Report a bug or issue.
+- [Rule Request](https://github.com/Flow-Scanner/lightning-flow-scanner/issues/new?template=rule-request.md): Submit a request for a new rule.
+- [Features/Other](https://github.com/Flow-Scanner/lightning-flow-scanner/issues/new): Suggest a new feature or enhancement.
+
+###### Platforms - For issues or requests related to specific platforms, use the appropriate link below:
+
+- [CLI Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner/issues)
+- [Copado Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner-copado/issues)
+- [GitHub Action](https://github.com/Flow-Scanner/lightning-flow-scanner/issues)
+- [Salesforce App](https://github.com/Flow-Scanner/lightning-flow-scanner-app/issues)
+- [VS Code/Code Builder](https://github.com/Flow-Scanner/lightning-flow-scanner/issues)
+
+###### Thank you

package/README.md

@@ -0,0 +1,426 @@
+<p align="center">
+  <a href="https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/LICENSE.md">
+    <img src="https://img.shields.io/github/license/Flow-Scanner/lightning-flow-scanner?style=flat-square" alt="License">
+  </a>
+  <a href="https://github.com/Flow-Scanner/lightning-flow-scanner/graphs/contributors">
+    <img src="https://img.shields.io/github/contributors/Flow-Scanner/lightning-flow-scanner.svg?style=flat-square" alt="Contributors">
+  </a>
+  <a href="https://www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-core">
+    <img src="https://img.shields.io/npm/v/@flow-scanner/lightning-flow-scanner-core?label=core&style=flat-square" alt="Core version">
+  </a>
+  <a href="https://www.npmjs.com/package/lightning-flow-scanner">
+    <img src="https://img.shields.io/npm/v/lightning-flow-scanner?label=cli&style=flat-square" alt="CLI version">
+  </a>
+  <a href="https://open-vsx.org/extension/ForceConfigControl/lightning-flow-scanner-vsx">
+    <img src="https://img.shields.io/open-vsx/v/ForceConfigControl/lightning-flow-scanner-vsx?label=Open%20VSX&style=flat-square" alt="Open VSX">
+  </a>
+  <a href="https://github.com/Flow-Scanner/lightning-flow-scanner/stargazers">
+    <img src="https://img.shields.io/github/stars/Flow-Scanner/lightning-flow-scanner?style=flat-square" alt="GitHub stars">
+  </a>
+  <a href="https://www.npmjs.com/package/lightning-flow-scanner-core">
+    <img src="https://img.shields.io/badge/downloads-510k%2B-success?style=flat-square" alt="Total Downloads">
+  </a>
+</p>
+
+<p align="center">
+  <a href="https://github.com/Flow-Scanner">
+    <img src="https://raw.githubusercontent.com/Flow-Scanner/Lightning-Flow-Scanner/main/assets/media/banner.png" alt="Lightning Flow Scanner" width="43%" />
+  </a>
+</p>
+
+<p align="center"><i>Detect unsafe contexts, queries in loops, hardcoded IDs, and more to optimize Salesforce Flows</i></p>
+
+---
+
+## Table of contens
+
+- **[Default Rules](#default-rules)**
+- **[Configuration](#configuration)**
+  - [Defining Severity Levels](#defining-severity-levels)
+  - [Configuring Expressions](#configuring-expressions)
+  - [Specifying Exceptions](#specifying-exceptions)
+  - [Include Beta Rules](#include-beta-rules)
+- **[Installation](#installation)**
+  - [Distributions](#distributions)
+  - [CICD Templates](#cicd-templates)
+- **[Quick Start](#quick-start)**
+- **[Development](#development)**
+
+---
+
+## Default Rules
+
+<p>📌<strong>Tip:</strong> To link directly to a specific rule, use the full GitHub anchor link format. Example:</p>
+<p><em><a href="https://github.com/Flow-Scanner/lightning-flow-scanner#unsafe-running-context">https://github.com/Flow-Scanner/lightning-flow-scanner#unsafe-running-context</a></em></p>
+
+> Want to code a new rule? → See [How to Write a Rule](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/write-a-rule.md)
+
+### Action Calls In Loop
+
+_[ActionCallsInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/ActionCallsInLoop.ts)_ - To prevent exceeding Apex governor limits, it is advisable to consolidate and bulkify your apex calls, utilizing a single action call containing a collection variable at the end of the loop.
+
+### Outdated API Version
+
+_[APIVersion](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/APIVersion.ts)_ - Introducing newer API components may lead to unexpected issues with older versions of Flows, as they might not align with the underlying mechanics. Starting from API version 50.0, the **Api Version** attribute has been readily available on the Flow Object. To ensure smooth operation and reduce discrepancies between API versions, it is strongly advised to regularly update and maintain them.
+
+### Auto Layout
+
+_[AutoLayout](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/AutoLayout.ts)_ - With Canvas Mode set to Auto‑Layout, elements are spaced, connected, and aligned automatically, keeping your Flow neatly organized—saving you time.
+
+### Copy API Name
+
+_[CopyAPIName](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/CopyAPIName.ts)_ - Maintaining multiple elements with a similar name, like `Copy_X_Of_Element`, can diminish the overall readability of your Flow. When copying and pasting these elements, remember to update the API name of the newly created copy.
+
+### Cyclomatic Complexity
+
+_[CyclomaticComplexity](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/CyclomaticComplexity.ts)_ - The number of loops and decision rules, plus the number of decisions. Use a combination of 1) subflows and 2) breaking flows into multiple concise trigger‑ordered flows to reduce cyclomatic complexity within a single flow, ensuring maintainability and simplicity.
+
+### DML Statement In A Loop
+
+_[DMLStatementInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/DMLStatementInLoop.ts)_ - To prevent exceeding Apex governor limits, consolidate all your database operations—record creation, updates, or deletions—at the conclusion of the flow.
+
+### Duplicate DML Operation
+
+_[DuplicateDMLOperation](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/DuplicateDMLOperation.ts)_ - When a flow executes database changes or actions between two screens, prevent users from navigating backward between screens; otherwise, duplicate database operations may be performed.
+
+### Flow Naming Convention
+
+_[FlowName](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/FlowName.ts)_ - The readability of a flow is paramount. Establishing a naming convention significantly enhances findability, searchability, and overall consistency. Include at least a domain and a brief description of the flow’s actions, for example `Service_OrderFulfillment`.
+
+### Get Record All Fields
+
+_[GetRecordAllFields](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/GetRecordAllFields.ts)_ - Following the principle of least privilege (PoLP), avoid using **Get Records** with “Automatically store all fields” unless necessary.
+
+### Hardcoded Id
+
+_[HardcodedId](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedId.ts)_ - Avoid hard‑coding IDs because they are org specific. Instead, pass them into variables at the start of the flow—via merge‑field URL parameters or a **Get Records** element.
+
+### Hardcoded Url
+
+_[HardcodedUrl](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/HardcodedUrl.ts)_ - Avoid hard‑coding URLs because they are environment specific. Use an `$API` formula (preferred) or environment‑specific sources like custom labels, metadata, or settings.
+
+### Inactive Flow
+
+_[InactiveFlow](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/InactiveFlow.ts)_ - Like cleaning out your closet: deleting unused flows is essential. Inactive flows can still cause trouble—such as accidentally deleting records during testing, or being activated as subflows.
+
+### Missing Fault Path
+
+_[MissingFaultPath](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/MissingFaultPath.ts)_ - A flow may fail to execute an operation as intended. By default, the flow displays an error to the user and emails the creator. Customize this behavior by incorporating a Fault Path.
+
+### Missing Flow Description
+
+_[FlowDescription](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/FlowDescription.ts)_ - Descriptions play a vital role in documentation. We highly recommend including details about where flows are used and their intended purpose.
+
+### Missing Metadata Description
+
+_[MissingMetadataDescription](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/MissingMetadataDescription.ts)_ – Flags Flow elements (Get Records, Assignments, Decisions, Actions, etc.) and metadata components (Variables, Formulas, Constants, Text Templates) that lack a description. Adding concise descriptions greatly improves readability, maintainability, and helps AI tools understand your automation intent.
+
+### Missing Null Handler
+
+_[MissingNullHandler](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/MissingNullHandler.ts)_ - When a **Get Records** operation finds no data, it returns `null`. Validate data by using a Decision element to check for a non‑null result.
+
+### Process Builder
+
+_[ProcessBuilder](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/ProcessBuilder.ts)_ - Salesforce is transitioning away from Workflow Rules and Process Builder in favor of Flow. Begin migrating your organization’s automation to Flow.
+
+### Recursive After Update
+
+_[RecursiveAfterUpdate](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/RecursiveAfterUpdate.ts)_ - After‑update flows are meant for modifying **other** records. Using them on the same record can cause recursion. Consider **before‑save** flows for same‑record updates.
+
+### Same Record Field Updates
+
+_[SameRecordFieldUpdates](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/SameRecordFieldUpdates.ts)_ - Similar to triggers, **before‑save** contexts can update the same record via `$Record` without invoking DML.
+
+### SOQL Query In A Loop
+
+_[SOQLQueryInLoop](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/SOQLQueryInLoop.ts)_ - To prevent exceeding Apex governor limits, consolidate all SOQL queries at the end of the flow.
+
+### Trigger Order
+
+_[TriggerOrder](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/TriggerOrder.ts)_ - Guarantee your flow execution order with the **Trigger Order** property introduced in Spring ’22.
+
+### Unconnected Element
+
+_[UnconnectedElement](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/UnconnectedElement.ts)_ - Avoid unconnected elements that are not used by the flow to keep flows efficient and maintainable.
+
+### Unsafe Running Context
+
+_[UnsafeRunningContext](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/UnsafeRunningContext.ts)_ - This flow is configured to run in **System Mode without Sharing**, granting all users permission to view and edit all data. This can lead to unsafe data access.
+
+### Unused Variable
+
+_[UnusedVariable](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/core/src/main/rules/UnusedVariable.ts)_ - To maintain efficiency and manageability, avoid including variables that are never referenced.
+
+---
+
+## Configuration
+
+It is recommend to configure and define:
+
+- The rules to be executed.
+- The severity of violating any specific rule.
+- Rule properties such as REGEX expressions.
+- Any known exceptions that should be ignored during scanning.
+
+```json
+{
+  "rules": {
+    // Your rules here
+  },
+  "exceptions": {
+    // Your exceptions here
+  }
+}
+```
+
+Most Lightning Flow Scanner distributions automatically resolve configurations from `.flow-scanner.yml`, `.flow-scanner.json`, or `package.json` → `flowScanner`.
+
+Using the rules section of your configurations, you can specify the list of rules to be run. Furthermore, you can define the severity and configure expressions of rules. Below is a breakdown of the available attributes of rule configuration:
+
+```json
+{
+  "rules": {
+    "<RuleName>": {
+      "severity": "<Severity>",
+      "expression": "<Expression>"
+    }
+  }
+}
+```
+
+### Defining Severity Levels
+
+When the severity is not provided it will be `warning` by default. Other available values for severity are `error` and `note`. Define the severity per rule as shown below:
+
+```json
+{
+  "rules": {
+    "FlowDescription": {
+      "severity": "error"
+    },
+    "UnusedVariable": {
+      "severity": "note"
+    }
+  }
+}
+```
+
+### Configuring Expressions
+
+Some rules have additional attributes to configure, such as the expression, that will overwrite default values. These can be configured in the same way as severity as shown in the following example.
+
+```json
+{
+  "rules": {
+    "APIVersion": {
+      "severity": "error",
+      "expression": "===58" // comparison operator
+    },
+    "FlowName": {
+      "severity": "note",
+      "expression": "[A-Za-z0-9]" // regular expression
+    }
+  }
+}
+```
+
+### Specifying Exceptions
+
+Specifying exceptions allows you to exclude specific scenarios from rule enforcement. Exceptions can be specified at the flow, rule, or result level to provide fine-grained control. Below is a breakdown of the available attributes of exception configuration:
+
+```json
+{
+  "exceptions": {
+    "<FlowName>": {
+      "<RuleName>": [
+        // Suppress a specific result:
+        "<ResultName>",
+        // Suppress ALL results of rule:
+        "*",
+        ...
+      ]
+    },
+    ...
+  }
+}
+```
+
+_Example_
+
+```json
+{
+  "exceptions": {
+    "MyFlow": {
+      "MissingNullHandler": ["*"],
+      "HardcodedId": ["Old_Lookup_1"]
+    }
+  }
+}
+```
+
+### Include Beta Rules
+
+New rules are introduced in Beta mode before being added to the default ruleset. To include current Beta rules, enable the optional betamode parameter in your configuration:
+
+```json
+{
+  "betaMode": true
+}
+
+```
+
+## Installation
+
+### Distributions
+
+| Distribution                                      | Best for                                      | Install / Use                                                                                           |
+|----------------------------------------------------------------|-----------------------------------------------|---------------------------------------------------------------------------------------------------------|
+| **[Salesforce CLI Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/cli/README.md)** | Local development, scratch orgs, CI/CD        | `sf plugins install lightning-flow-scanner`                                                             |
+| **[VS Code Extension](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/vsx/README.md)** | Real-time scanning inside VS Code             | `code --install-extension ForceConfigControl.lightning-flow-scanner-vsx`                               |
+| **[Salesforce App (Managed Package)](https://github.com/Flow-Scanner/lightning-flow-scanner-app)** | Run scans directly inside a Salesforce org  | `sf package install --package 04tgK0000007M73QAE` |
+| **[Core Library](https://github.com/Flow-Scanner/lightning-flow-scanner/tree/main/packages/core)** (Node.js + Browser) | Custom tools, scripts, extensions, web apps   | `npm install -g @flow-scanner/lightning-flow-scanner-core`                                                 |
+
+**Privacy:** Zero user data collected. All processing is client-side. → See our [Security Policy](https://github.com/Flow-Scanner/lightning-flow-scanner?tab=security-ov-file).
+
+### CICD Templates
+Ready-to-use CI/CD templates and a **native GitHub Action**.  
+
+| Platform       | Template Type                     | Link |
+|----------------|-----------------------------------|------|
+| Azure DevOps   | Full Project Scan                 | [`azure-pipelines-flow-FullScan.yml`](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/examples/azure-devops/azure-pipelines-flow-FullScan.yml) |
+| Azure DevOps   | Change-Based Scan                 | [`azure-pipelines-flow-changedFiles.yml`](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/examples/azure-devops/azure-pipelines-flow-changedFiles.yml) |
+| **[GitHub Action](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/packages/action/README.md)** | Native PR checks                              | [GitHub Marketplace](https://github.com/marketplace/actions/run-flow-scanner)                           |
+| **[Copado Plugin](https://github.com/Flow-Scanner/lightning-flow-scanner-copado)** | Copado CI/CD pipelines                        | [Copado Marketplace](https://success.copado.com/s/listing-detail?language=en_US&recordId=a54P7000003G3gBIAS) |
+
+
+GitHub Action Snippet:
+```yaml
+- name: Lightning Flow Scan
+  id: flowscanner
+  uses: Flow-Scanner/lightning-flow-scanner@main
+
+- name: Upload SARIF to Code Scanning
+  uses: github/codeql-action/upload-sarif@v3
+  with:
+    sarif_file: ${{ steps.flowscanner.outputs.sarifPath }}
+```
+
+To see the full example, see [`scan-flows.yml`](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/docs/examples/github-action/scan-flows.yml).
+
+## Quick Start
+
+### Salesforce CLI Plugin
+
+Use `lightning-flow-scanner` in the Salesforce CLI:
+
+```bash
+sf flow:scan 
+sf flow:fix -d src/force-app
+sf flow:scan --sarif > report.sarif
+```
+
+### VS Code Extension
+Use our side bar or the **Command Palette** and type `flowscanner` to see all available commands:
+
+* `Configure Flow Scanner` - Set up rules in `.flow-scanner.yml`
+* `Scan Flows` - Analyze a directory or selected flow files
+* `Fix Flows` - Automatically apply available fixes
+* `Flow Scanner Documentation` - Open the rules reference guide
+
+### Core Module
+Use `lightning-flow-scanner-core` as a Node.js/browser dependency:
+
+```js
+// Basic
+import { parse, scan } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan);
+
+// Get SARIF output
+import { parse, scan, exportSarif } from "@flow-scanner/lightning-flow-scanner-core";
+parse("flows/*.xml").then(scan).then(exportSarif);
+```
+
+## Development
+
+> This project optionally uses [Volta](https://volta.sh) to guarantee the exact same Node.js and tool versions for every contributor. Install Volta with:
+>
+> MacOs/Linux: 
+> ```sh
+> curl https://get.volta.sh | bash
+> ```
+> Windows:
+> ```sh
+> winget install Volta.Volta 
+> ```
+> Volta will automatically install and lock the tool versions defined in `package.json`.
+
+1. Clone the repository
+
+   ```bash
+   git clone https://github.com/Flow-Scanner/lightning-flow-scanner.git
+   ```
+
+2. Install dependencies:
+
+   ```bash
+   pnpm install
+   ```
+
+3. Compile:
+
+   ```bash
+   pnpm run build
+   ```
+
+   To compile just the core package::
+   ```bash
+   pnpm build:core 
+   ```
+
+4. Run tests:
+
+   ```bash
+   pnpm test 
+   ```
+
+    Or to test a new version of the core:
+    ```bash
+    pnpm test:core 
+    ```
+
+5. Linking the core module locally(Optional):
+
+   To link the module, run:
+
+   ```bash
+   pnpm link --global @flow-scanner/lightning-flow-scanner-core
+   ```
+
+   You can now do Ad-Hoc Testing with node:
+
+   ```bash
+   node -i -e "import('@flow-scanner/lightning-flow-scanner-core').then(m => { Object.assign(global, m.default ? m.default : m); console.log('✅ Core loaded! Try: await parse(...), scan(...), etc.'); })"
+   ```
+
+    Or test in a dependent project:
+
+    ```bash
+    npm link @flow-scanner/lightning-flow-scanner-core
+    ```
+
+6. Deploy Demo Flows (Optional):
+
+   ```bash
+   cd assets/example-flows && sf project deploy start
+   ```
+
+   Navigate to the [Demo Readme](https://github.com/Flow-Scanner/lightning-flow-scanner/blob/main/assets/example-flows\README.md) for full details
+
+7. Create a standalone UMD Module(Optional):
+
+   ```bash
+     pnpm dist
+   ```
+   This creates UMD at `dist/lightning-flow-scanner-core.umd.js`.
+
+<p><strong>Want to help improve Lightning Flow Scanner? See our <a href="https://github.com/Flow-Scanner/lightning-flow-scanner?tab=contributing-ov-file">Contributing Guidelines</a></strong></p>

package/SECURITY.md

@@ -0,0 +1,54 @@
+# Security Policy for Lightning Flow Scanner
+
+## Security Practices
+
+- Code is open-source and peer-reviewed by the community.
+- Vulnerabilities can be reported privately via [GitHub vulnerability reporting](https://github.com/Flow-Scanner/lightning-flow-scanner/security).
+- All changes are scanned with [Snyk](https://github.com/snyk/cli) prior to publication.
+- Releases are published to npm using **GitHub Actions Trusted Publishing (OIDC)**.
+- Tags (`v*`) trigger automated `npm publish`, providing a full audit trail.
+
+## Data Handling
+
+This tool collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
+
+We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
+
+## Dependencies
+
+We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include:
+
+### Core
+
+| Package           | License                                                                           | Purpose                                        |
+| ----------------- | --------------------------------------------------------------------------------- | ---------------------------------------------- |
+| `fast-xml-parser` | [MIT](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/LICENSE) | Validate XML, Parse XML and Build XML rapidly. |
+
+### CLI
+
+| Package                             | License | Purpose |
+| ----------------------------------- | ------- | ------- |
+| `@oclif/core`                        | [MIT](https://github.com/oclif/oclif/blob/main/LICENSE) | CLI framework core utilities |
+| `@salesforce/core`                   | [BSD-3-Clause](https://github.com/salesforce/core/blob/main/LICENSE) | Salesforce core library for CLI plugins |
+| `@salesforce/sf-plugins-core`       | [BSD-3-Clause](https://github.com/salesforce/sf-plugins-core/blob/main/LICENSE) | Base library for Salesforce CLI plugins |
+| `chalk`                              | [MIT](https://github.com/chalk/chalk/blob/main/license) | Terminal string styling (colors) |
+| `cosmiconfig`                        | [MIT](https://github.com/davidtheclark/cosmiconfig/blob/main/LICENSE) | Config file loader for JavaScript/Node |
+| `glob`                               | [MIT](https://github.com/isaacs/node-glob/blob/master/LICENSE) | File pattern matching |
+
+### Action
+
+| Package                         | License                                                                         | Purpose                                     |
+| ------------------------------- | ------------------------------------------------------------------------------- | ------------------------------------------- |
+| `@actions/core`               | [MIT](https://github.com/actions/toolkit/blob/main/packages/core/LICENSE)          | Toolkit for developing GitHub Actions       |
+| `@actions/github`             | [MIT](https://github.com/actions/toolkit/blob/main/packages/github/LICENSE)        | Interact with the GitHub API in Actions     |
+| `cosmiconfig`                        | [MIT](https://github.com/davidtheclark/cosmiconfig/blob/main/LICENSE) | Config file loader for JavaScript/Node |
+
+### VSX
+
+| Package                         | License                                                                              | Purpose`                                       |
+| ------------------------------- | ------------------------------------------------------------------------------------ | ---------------------------------------------- |
+| `convert-array-to-csv`        | [MIT](https://github.com/zemirco/convert-array-to-csv/blob/master/LICENSE)              | Converts JavaScript arrays into CSV format     |
+| `tabulator-tables`            | [MIT](https://github.com/olifolkerd/tabulator/blob/master/LICENSE)                      | Interactive tables and data grids for web apps |
+| `uuid`                        | [MIT](https://github.com/uuidjs/uuid/blob/main/LICENSE.md)                              | Generates RFC-compliant UUIDs                  |
+| `cosmiconfig`                        | [MIT](https://github.com/davidtheclark/cosmiconfig/blob/main/LICENSE) | Config file loader for JavaScript/Node |
+| `glob`                               | [MIT](https://github.com/isaacs/node-glob/blob/master/LICENSE) | File pattern matching |

package/package.json

@@ -1,14 +1,13 @@
 {
   "name": "@flow-scanner/lightning-flow-scanner-core",
   "description": "A lightweight engine for Flow metadata in Node.js, and browser environments. Assess and enhance Salesforce Flow automations for best practices, security, governor limits, and performance issues.",
-  "version": "6.6.4",
-  "main": "out/index.js",
+  "version": "6.6.5",
+  "main": "index.js",
   "exports": {
     ".": {
-      "types": "./out/index.d.ts",
-      "import": "./out/index.js",
-      "require": "./out/index.js",
-      "default": "./out/index.js"
+      "import": "./index.js",
+      "require": "./index.js",
+      "types": "./index.d.ts"
     }
   },
   "engines": {
@@ -23,33 +22,6 @@
   "dependencies": {
     "fast-xml-parser": "^5.3.0"
   },
-  "devDependencies": {
-    "@jest/types": "30.0.1",
-    "@swc-node/jest": "1.9.1",
-    "@swc/cli": "0.7.7",
-    "@swc/core": "1.13.5",
-    "@swc/helpers": "0.5.17",
-    "@types/jest": "29.5.14",
-    "@types/node": "22.15.30",
-    "@types/semantic-release": "20.0.6",
-    "cross-env": "^10.1.0",
-    "eslint": "9.30.0",
-    "eslint-plugin-de-morgan": "1.3.0",
-    "eslint-plugin-github": "6.0.0",
-    "eslint-plugin-jest": "29.0.1",
-    "eslint-plugin-perfectionist": "4.15.0",
-    "eslint-plugin-sonarjs": "3.0.4",
-    "husky": "9.1.7",
-    "jest": "30.0.3",
-    "lint-staged": "^16.1.2",
-    "prettier": "3.6.2",
-    "rimraf": "^6.1.0",
-    "ts-node": "10.9.2",
-    "typescript": "5.8.3",
-    "typescript-eslint": "8.35.0",
-    "vite": "6.4.1",
-    "vite-plugin-node-polyfills": "0.23.0"
-  },
   "homepage": "https://dev.lightningflowscanner.org",
   "author": {
     "name": "Ruben Halman",
@@ -67,27 +39,5 @@
     "security-scanner",
     "static-analysis"
   ],
-  "scripts": {
-    "clean": "rimraf out dist",
-    "build:js": "swc src --out-dir out --copy-files --strip-leading-paths --config-file .swcrc",
-    "build:types": "tsc -p tsconfig.types.json --declaration --emitDeclarationOnly --outDir out",
-    "copy:media": "node -e \"require('fs').cpSync('assets/media','out/assets/media',{recursive:true,force:true}) || require('fs').mkdirSync('out/assets/media',{recursive:true})\"",
-    "prepare:publish": "node ../../scripts/prepare-publish.js",
-    "copy:root-files:dist": "node -e \"['../../LICENSE.md'].forEach(f => { const n = f.split('/').pop(); if (require('fs').existsSync(f)) require('fs').copyFileSync(f, 'dist/'+n) })\"",
-    "____main____": "__DEVELOPER COMMANDS__",
-    "build": "npm run clean && npm run build:js && npm run build:types && npm run copy:media",
-    "test": "npm run test:umd",
-    "test:node": "jest",
-    "test:umd": "npm run build:js && vite build && npm run copy:root-files:dist && cross-env UMD_PATH=dist/lightning-flow-scanner-core.umd.js jest",
-    "link": "npm run build && npm link ./out",
-    "____pack____": "PACKAGING COMMANDS__",
-    "swc:sim:pack": "npm run build",
-    "vite:dist": "npm run build:js && vite build && npm run copy:root-files:dist",
-    "stryker": "npm i -g @stryker-mutator/core @stryker-mutator/jest-runner && stryker run",
-    "version:patch": "npm version patch",
-    "version:minor": "npm version minor",
-    "version:major": "npm version major",
-    "publish:npm": "npm run build && npm run prepare:publish && cd out && npm publish",
-    "publish:tag": "node ../../scripts/publish-tag.js ."
-  }
-}
+  "types": "index.d.ts"
+}

package/.husky/pre-commit

@@ -1 +0,0 @@
-npm run precommit

package/.husky/pre-push

@@ -1 +0,0 @@
-npm run prepush

package/.prettierignore

@@ -1,5 +0,0 @@
-assets/example-flows/**
-out/**
-tests/**/*.test.ts
-jest.config.ts
-vite.config.ts

package/.swcrc

@@ -1,26 +0,0 @@
-{
-  "$schema": "https://swc.rs/schema.json",
-  "sourceMaps": false,
-  "module": {
-    "type": "commonjs",
-    "strictMode": true,
-    "noInterop": false,
-    "resolveFully": true
-  },
-  "jsc": {
-    "externalHelpers": false,
-    "target": "es2015",
-    "parser": {
-      "syntax": "typescript",
-      "tsx": true,
-      "decorators": true,
-      "dynamicImport": true
-    },
-    "transform": {
-      "legacyDecorator": true,
-      "decoratorMetadata": false
-    },
-    "keepClassNames": true
-  },
-  "minify": false  // Disable for now; re-enable post-debug if needed for smaller JS
-}