npm - sfdx-hardis - Versions diffs - 6.2.0 → 6.3.0 - Mend

sfdx-hardis 6.2.0 → 6.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/CHANGELOG.md +11 -0
package/lib/commands/hardis/org/diagnose/unsecure-connected-apps.d.ts +16 -0
package/lib/commands/hardis/org/diagnose/unsecure-connected-apps.js +190 -0
package/lib/commands/hardis/org/diagnose/unsecure-connected-apps.js.map +1 -0
package/lib/commands/hardis/org/monitor/all.js +6 -0
package/lib/commands/hardis/org/monitor/all.js.map +1 -1
package/lib/commands/hardis/work/save.js +7 -8
package/lib/commands/hardis/work/save.js.map +1 -1
package/lib/common/gitProvider/index.js +1 -1
package/lib/common/gitProvider/index.js.map +1 -1
package/lib/common/metadata-utils/index.js +1 -1
package/lib/common/metadata-utils/index.js.map +1 -1
package/lib/common/notifProvider/index.d.ts +1 -1
package/lib/common/notifProvider/index.js.map +1 -1
package/oclif.lock +24 -24
package/oclif.manifest.json +387 -267
package/package.json +5 -5

package/oclif.manifest.json CHANGED Viewed

@@ -5800,6 +5800,121 @@
         "import:files:org:hardis"
       ]
     },
+    "hardis:org:fix:listviewmine": {
+      "aliases": [],
+      "args": {},
+      "description": "Fix listviews whose scope Mine has been replaced by Everything\n\n[![Invalid scope:Mine, not allowed ? Deploy your ListViews anyway !](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-invalid-scope-mine.jpg)](https://nicolas.vuillamy.fr/invalid-scope-mine-not-allowed-deploy-your-listviews-anyway-443aceca8ac7)\n\nList of ListViews can be:\n\n- read from .sfdx-hardis.yml file in property **listViewsToSetToMine**\n- sent in argument listviews\n\nNote: property **listViewsToSetToMine** can be auto-generated by command hardis:work:save if .sfdx-hardis.yml contains the following configuration\n\n```yaml\nautoCleanTypes:\n  - listViewsMine\n```\n\n- Example of sfdx-hardis.yml property `listViewsToSetToMine`:\n\n```yaml\nlistViewsToSetToMine:\n  - \"force-app/main/default/objects/Operation__c/listViews/MyCurrentOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Operation__c/listViews/MyFinalizedOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/Default_Opportunity_Pipeline.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MyCurrentSubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MySubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Account/listViews/MyActivePartners.listView-meta.xml\"\n```\n\n- If manually written, this could also be:\n\n```yaml\nlistViewsToSetToMine:\n  - \"Operation__c:MyCurrentOperations\"\n  - \"Operation__c:MyFinalizedOperations\"\n  - \"Opportunity:Default_Opportunity_Pipeline\"\n  - \"Opportunity:MyCurrentSubscriptions\"\n  - \"Opportunity:MySubscriptions\"\n  - \"Account:MyActivePartners\"\n```\n\nTroubleshooting: if you need to run this command from an alpine-linux based docker image, use this workaround in your dockerfile:\n\n```dockerfile\n# Do not use puppeteer embedded chromium\nRUN apk add --update --no-cache chromium\nENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=\"true\"\nENV CHROMIUM_PATH=\"/usr/bin/chromium-browser\"\nENV PUPPETEER_EXECUTABLE_PATH=\"$\\{CHROMIUM_PATH}\" // remove \\ before {\n```\n",
+      "examples": [
+        "$ sf hardis:org:fix:listviewmine",
+        "$ sf hardis:org:fix:listviewmine --listviews Opportunity:MySubscriptions,Account:MyActivePartners"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "listviews": {
+          "char": "l",
+          "description": "Comma-separated list of listviews following format Object:ListViewName\nExample: Contact:MyContacts,Contact:MyActiveContacts,Opportunity:MYClosedOpportunities",
+          "name": "listviews",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:fix:listviewmine",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Fix listviews with ",
+      "requiresProject": true,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "fix",
+        "listviewmine.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:fix:listviewmine",
+        "org:hardis:fix:listviewmine",
+        "org:fix:hardis:listviewmine",
+        "org:fix:listviewmine:hardis",
+        "hardis:fix:org:listviewmine",
+        "fix:hardis:org:listviewmine",
+        "fix:org:hardis:listviewmine",
+        "fix:org:listviewmine:hardis",
+        "hardis:fix:listviewmine:org",
+        "fix:hardis:listviewmine:org",
+        "fix:listviewmine:hardis:org",
+        "fix:listviewmine:org:hardis",
+        "hardis:org:listviewmine:fix",
+        "org:hardis:listviewmine:fix",
+        "org:listviewmine:hardis:fix",
+        "org:listviewmine:fix:hardis",
+        "hardis:listviewmine:org:fix",
+        "listviewmine:hardis:org:fix",
+        "listviewmine:org:hardis:fix",
+        "listviewmine:org:fix:hardis",
+        "hardis:listviewmine:fix:org",
+        "listviewmine:hardis:fix:org",
+        "listviewmine:fix:hardis:org",
+        "listviewmine:fix:org:hardis"
+      ]
+    },
     "hardis:org:diagnose:audittrail": {
       "aliases": [],
       "args": {},
@@ -6409,6 +6524,120 @@
         "releaseupdates:diagnose:org:hardis"
       ]
     },
+    "hardis:org:diagnose:unsecure-connected-apps": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Detects unsecured Connected Apps in a Salesforce org and generates detailed reports for security analysis.**\n\nThis command is a critical security diagnostic tool that helps administrators identify Connected Apps that may pose security risks due to improper configuration. It provides comprehensive analysis of OAuth tokens and Connected App security settings to ensure proper access control.\n\nKey functionalities:\n\n- **OAuth Token Analysis:** Queries all OAuth tokens in the org using SOQL to retrieve comprehensive token information including app names, users, authorization status, and usage statistics.\n- **Security Status Assessment:** Evaluates each Connected App's security configuration by checking the `IsUsingAdminAuthorization` flag to determine if admin pre-approval is required.\n- **Unsecured App Detection:** Identifies Connected Apps that allow users to authorize themselves without admin approval, which can pose security risks.\n- **Detailed Reporting:** Generates two comprehensive CSV reports:\n  - **OAuth Tokens Report:** Lists all OAuth tokens with security status, user information, and usage data\n  - **Connected Apps Summary:** Aggregates unsecured Connected Apps with counts of associated OAuth tokens\n- **Visual Indicators:** Uses status icons (❌ for unsecured, ✅ for secured) to provide immediate visual feedback on security status.\n- **Security Recommendations:** Provides actionable guidance on how to secure Connected Apps through proper configuration.\n- **Notifications:** Sends alerts to configured channels (Grafana, Slack, MS Teams) with security findings and attached reports.\n\nThis command is part of [sfdx-hardis Monitoring](https://sfdx-hardis.cloudity.com/salesforce-monitoring-org-security/) and can output Grafana, Slack and MsTeams Notifications.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **SOQL Query Execution:** Executes a comprehensive SOQL query on the `OauthToken` object, joining with `AppMenuItem` and `User` objects to gather complete security context.\n- **Security Analysis Logic:** Analyzes the `AppMenuItem.IsUsingAdminAuthorization` field to determine if a Connected App requires admin pre-approval for user authorization.\n- **Data Transformation:** Processes raw SOQL results to add security status indicators and reorganize data for optimal reporting and analysis.\n- **Aggregation Processing:** Groups OAuth tokens by Connected App name to provide summary statistics and identify the most problematic applications.\n- **Report Generation:** Uses `generateCsvFile` to create structured CSV reports with proper formatting and metadata for easy analysis and sharing.\n- **Notification Integration:** Integrates with the `NotifProvider` to send security alerts with detailed metrics, including the number of unsecured Connected Apps and associated OAuth tokens.\n- **File Management:** Generates multiple output formats (CSV, XLSX) and manages file paths using `generateReportPath` for consistent report organization.\n- **Connection Management:** Uses `setConnectionVariables` to ensure proper authentication context for notification providers that require org connection details.\n</details>\n",
+      "examples": [
+        "$ sf hardis:org:diagnose:unsecure-connected-apps"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "outputfile": {
+          "char": "f",
+          "description": "Force the path and name of output report file. Must end with .csv",
+          "name": "outputfile",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "target-org": {
+          "aliases": [
+            "targetusername",
+            "u"
+          ],
+          "char": "o",
+          "deprecateAliases": true,
+          "name": "target-org",
+          "noCacheDefault": true,
+          "required": true,
+          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
+          "hasDynamicHelp": true,
+          "multiple": false,
+          "type": "option"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:diagnose:unsecure-connected-apps",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Detect Unsecured Connected Apps",
+      "requiresProject": false,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "diagnose",
+        "unsecure-connected-apps.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:diagnose:unsecure-connected-apps",
+        "org:hardis:diagnose:unsecure-connected-apps",
+        "org:diagnose:hardis:unsecure-connected-apps",
+        "org:diagnose:unsecure-connected-apps:hardis",
+        "hardis:diagnose:org:unsecure-connected-apps",
+        "diagnose:hardis:org:unsecure-connected-apps",
+        "diagnose:org:hardis:unsecure-connected-apps",
+        "diagnose:org:unsecure-connected-apps:hardis",
+        "hardis:diagnose:unsecure-connected-apps:org",
+        "diagnose:hardis:unsecure-connected-apps:org",
+        "diagnose:unsecure-connected-apps:hardis:org",
+        "diagnose:unsecure-connected-apps:org:hardis",
+        "hardis:org:unsecure-connected-apps:diagnose",
+        "org:hardis:unsecure-connected-apps:diagnose",
+        "org:unsecure-connected-apps:hardis:diagnose",
+        "org:unsecure-connected-apps:diagnose:hardis",
+        "hardis:unsecure-connected-apps:org:diagnose",
+        "unsecure-connected-apps:hardis:org:diagnose",
+        "unsecure-connected-apps:org:hardis:diagnose",
+        "unsecure-connected-apps:org:diagnose:hardis",
+        "hardis:unsecure-connected-apps:diagnose:org",
+        "unsecure-connected-apps:hardis:diagnose:org",
+        "unsecure-connected-apps:diagnose:hardis:org",
+        "unsecure-connected-apps:diagnose:org:hardis"
+      ]
+    },
     "hardis:org:diagnose:unused-apex-classes": {
       "aliases": [],
       "args": {},
@@ -6900,168 +7129,53 @@
           "hasDynamicHelp": true,
           "multiple": false,
           "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:diagnose:unusedusers",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Detect unused Users in Salesforce",
-      "requiresProject": false,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "diagnose",
-        "unusedusers.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:diagnose:unusedusers",
-        "org:hardis:diagnose:unusedusers",
-        "org:diagnose:hardis:unusedusers",
-        "org:diagnose:unusedusers:hardis",
-        "hardis:diagnose:org:unusedusers",
-        "diagnose:hardis:org:unusedusers",
-        "diagnose:org:hardis:unusedusers",
-        "diagnose:org:unusedusers:hardis",
-        "hardis:diagnose:unusedusers:org",
-        "diagnose:hardis:unusedusers:org",
-        "diagnose:unusedusers:hardis:org",
-        "diagnose:unusedusers:org:hardis",
-        "hardis:org:unusedusers:diagnose",
-        "org:hardis:unusedusers:diagnose",
-        "org:unusedusers:hardis:diagnose",
-        "org:unusedusers:diagnose:hardis",
-        "hardis:unusedusers:org:diagnose",
-        "unusedusers:hardis:org:diagnose",
-        "unusedusers:org:hardis:diagnose",
-        "unusedusers:org:diagnose:hardis",
-        "hardis:unusedusers:diagnose:org",
-        "unusedusers:hardis:diagnose:org",
-        "unusedusers:diagnose:hardis:org",
-        "unusedusers:diagnose:org:hardis"
-      ]
-    },
-    "hardis:org:fix:listviewmine": {
-      "aliases": [],
-      "args": {},
-      "description": "Fix listviews whose scope Mine has been replaced by Everything\n\n[![Invalid scope:Mine, not allowed ? Deploy your ListViews anyway !](https://github.com/hardisgroupcom/sfdx-hardis/raw/main/docs/assets/images/article-invalid-scope-mine.jpg)](https://nicolas.vuillamy.fr/invalid-scope-mine-not-allowed-deploy-your-listviews-anyway-443aceca8ac7)\n\nList of ListViews can be:\n\n- read from .sfdx-hardis.yml file in property **listViewsToSetToMine**\n- sent in argument listviews\n\nNote: property **listViewsToSetToMine** can be auto-generated by command hardis:work:save if .sfdx-hardis.yml contains the following configuration\n\n```yaml\nautoCleanTypes:\n  - listViewsMine\n```\n\n- Example of sfdx-hardis.yml property `listViewsToSetToMine`:\n\n```yaml\nlistViewsToSetToMine:\n  - \"force-app/main/default/objects/Operation__c/listViews/MyCurrentOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Operation__c/listViews/MyFinalizedOperations.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/Default_Opportunity_Pipeline.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MyCurrentSubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Opportunity/listViews/MySubscriptions.listView-meta.xml\"\n  - \"force-app/main/default/objects/Account/listViews/MyActivePartners.listView-meta.xml\"\n```\n\n- If manually written, this could also be:\n\n```yaml\nlistViewsToSetToMine:\n  - \"Operation__c:MyCurrentOperations\"\n  - \"Operation__c:MyFinalizedOperations\"\n  - \"Opportunity:Default_Opportunity_Pipeline\"\n  - \"Opportunity:MyCurrentSubscriptions\"\n  - \"Opportunity:MySubscriptions\"\n  - \"Account:MyActivePartners\"\n```\n\nTroubleshooting: if you need to run this command from an alpine-linux based docker image, use this workaround in your dockerfile:\n\n```dockerfile\n# Do not use puppeteer embedded chromium\nRUN apk add --update --no-cache chromium\nENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=\"true\"\nENV CHROMIUM_PATH=\"/usr/bin/chromium-browser\"\nENV PUPPETEER_EXECUTABLE_PATH=\"$\\{CHROMIUM_PATH}\" // remove \\ before {\n```\n",
-      "examples": [
-        "$ sf hardis:org:fix:listviewmine",
-        "$ sf hardis:org:fix:listviewmine --listviews Opportunity:MySubscriptions,Account:MyActivePartners"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "listviews": {
-          "char": "l",
-          "description": "Comma-separated list of listviews following format Object:ListViewName\nExample: Contact:MyContacts,Contact:MyActiveContacts,Opportunity:MYClosedOpportunities",
-          "name": "listviews",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "target-org": {
-          "aliases": [
-            "targetusername",
-            "u"
-          ],
-          "char": "o",
-          "deprecateAliases": true,
-          "name": "target-org",
-          "noCacheDefault": true,
-          "required": true,
-          "summary": "Username or alias of the target org. Not required if the `target-org` configuration variable is already set.",
-          "hasDynamicHelp": true,
-          "multiple": false,
-          "type": "option"
-        }
-      },
-      "hasDynamicHelp": true,
-      "hiddenAliases": [],
-      "id": "hardis:org:fix:listviewmine",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Fix listviews with ",
-      "requiresProject": true,
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "org",
-        "fix",
-        "listviewmine.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:org:fix:listviewmine",
-        "org:hardis:fix:listviewmine",
-        "org:fix:hardis:listviewmine",
-        "org:fix:listviewmine:hardis",
-        "hardis:fix:org:listviewmine",
-        "fix:hardis:org:listviewmine",
-        "fix:org:hardis:listviewmine",
-        "fix:org:listviewmine:hardis",
-        "hardis:fix:listviewmine:org",
-        "fix:hardis:listviewmine:org",
-        "fix:listviewmine:hardis:org",
-        "fix:listviewmine:org:hardis",
-        "hardis:org:listviewmine:fix",
-        "org:hardis:listviewmine:fix",
-        "org:listviewmine:hardis:fix",
-        "org:listviewmine:fix:hardis",
-        "hardis:listviewmine:org:fix",
-        "listviewmine:hardis:org:fix",
-        "listviewmine:org:hardis:fix",
-        "listviewmine:org:fix:hardis",
-        "hardis:listviewmine:fix:org",
-        "listviewmine:hardis:fix:org",
-        "listviewmine:fix:hardis:org",
-        "listviewmine:fix:org:hardis"
+        }
+      },
+      "hasDynamicHelp": true,
+      "hiddenAliases": [],
+      "id": "hardis:org:diagnose:unusedusers",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Detect unused Users in Salesforce",
+      "requiresProject": false,
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "org",
+        "diagnose",
+        "unusedusers.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:org:diagnose:unusedusers",
+        "org:hardis:diagnose:unusedusers",
+        "org:diagnose:hardis:unusedusers",
+        "org:diagnose:unusedusers:hardis",
+        "hardis:diagnose:org:unusedusers",
+        "diagnose:hardis:org:unusedusers",
+        "diagnose:org:hardis:unusedusers",
+        "diagnose:org:unusedusers:hardis",
+        "hardis:diagnose:unusedusers:org",
+        "diagnose:hardis:unusedusers:org",
+        "diagnose:unusedusers:hardis:org",
+        "diagnose:unusedusers:org:hardis",
+        "hardis:org:unusedusers:diagnose",
+        "org:hardis:unusedusers:diagnose",
+        "org:unusedusers:hardis:diagnose",
+        "org:unusedusers:diagnose:hardis",
+        "hardis:unusedusers:org:diagnose",
+        "unusedusers:hardis:org:diagnose",
+        "unusedusers:org:hardis:diagnose",
+        "unusedusers:org:diagnose:hardis",
+        "hardis:unusedusers:diagnose:org",
+        "unusedusers:hardis:diagnose:org",
+        "unusedusers:diagnose:hardis:org",
+        "unusedusers:diagnose:org:hardis"
       ]
     },
     "hardis:org:generate:packagexmlfull": {
@@ -7189,7 +7303,7 @@
     "hardis:org:monitor:all": {
       "aliases": [],
       "args": {},
-      "description": "Monitor org, generate reports and sends notifications\n\nYou can disable some commands defining either a **monitoringDisable** property in `.sfdx-hardis.yml`, or a comma separated list in env variable **MONITORING_DISABLE**\n\nExample in .sfdx-hardis.yml:\n  \n```yaml\nmonitoringDisable:\n  - METADATA_STATUS\n  - MISSING_ATTRIBUTES\n  - UNUSED_METADATAS\n```\n  \nExample in env var:\n\n```sh\nMONITORING_DISABLE=METADATA_STATUS,MISSING_ATTRIBUTES,UNUSED_METADATAS\n```\n\nA [default list of monitoring commands](https://sfdx-hardis.cloudity.com/salesforce-monitoring-home/#monitoring-commands) is used, if you want to override it you can define property **monitoringCommands** in your .sfdx-hardis.yml file\n\nExample:\n\n```yaml\nmonitoringCommands:\n  - title: My Custom command\n    command: sf my:custom:command\n  - title: My Custom command 2\n    command: sf my:other:custom:command\n```\n\nYou can force the daily run of all commands by defining env var `MONITORING_IGNORE_FREQUENCY=true`\n\nThe default list of commands is the following:\n\n| Key | Description | Command | Frequency |\n| :---: | :---- | :---- | :-----: |\n| [AUDIT_TRAIL](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | Detect suspect setup actions in major org | [sf hardis:org:diagnose:audittrail](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | daily |\n| [LEGACY_API](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | Detect calls to deprecated API versions | [sf hardis:org:diagnose:legacyapi](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | daily |\n| [ORG_LIMITS](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | Detect if org limits are close to be reached | [sf hardis:org:monitor:limits](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | daily |\n| [LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | Extract licenses information | [sf hardis:org:diagnose:licenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | weekly |\n| [LINT_ACCESS](https://sfdx-hardis.cloudity.com/hardis/lint/access) | Detect custom elements with no access rights defined in permission sets | [sf hardis:lint:access](https://sfdx-hardis.cloudity.com/hardis/lint/access) | weekly |\n| [UNUSED_LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | Detect permission set licenses that are assigned to users that do not need them | [sf hardis:org:diagnose:unusedlicenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | weekly |\n| [UNUSED_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users without recent logins | [sf hardis:org:diagnose:unusedusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ACTIVE_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users with recent logins | [sf hardis:org:diagnose:unusedusers --returnactiveusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ORG_INFO](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | Get org info + SF instance info + next major upgrade date | [sf hardis:org:diagnose:instanceupgrade](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | weekly |\n| [RELEASE_UPDATES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | Gather warnings about incoming and overdue Release Updates | [sf hardis:org:diagnose:releaseupdates](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | weekly |\n| [UNUSED_METADATAS](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | Detect custom labels and custom permissions that are not in use | [sf hardis:lint:unusedmetadatas](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | weekly |\n| [UNUSED_APEX_CLASSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | Detect unused Apex classes in an org | [sf hardis:org:diagnose:unused-apex-classes](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | weekly |\n| [CONNECTED_APPS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | Detect unused Connected Apps in an org | [sf hardis:org:diagnose:unused-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | weekly |\n| [METADATA_STATUS](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | Detect inactive metadata | [sf hardis:lint:metadatastatus](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | weekly |\n| [MISSING_ATTRIBUTES](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | Detect missing description on custom field | [sf hardis:lint:missingattributes](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | weekly |\n\n",
+      "description": "Monitor org, generate reports and sends notifications\n\nYou can disable some commands defining either a **monitoringDisable** property in `.sfdx-hardis.yml`, or a comma separated list in env variable **MONITORING_DISABLE**\n\nExample in .sfdx-hardis.yml:\n  \n```yaml\nmonitoringDisable:\n  - METADATA_STATUS\n  - MISSING_ATTRIBUTES\n  - UNUSED_METADATAS\n```\n  \nExample in env var:\n\n```sh\nMONITORING_DISABLE=METADATA_STATUS,MISSING_ATTRIBUTES,UNUSED_METADATAS\n```\n\nA [default list of monitoring commands](https://sfdx-hardis.cloudity.com/salesforce-monitoring-home/#monitoring-commands) is used, if you want to override it you can define property **monitoringCommands** in your .sfdx-hardis.yml file\n\nExample:\n\n```yaml\nmonitoringCommands:\n  - title: My Custom command\n    command: sf my:custom:command\n  - title: My Custom command 2\n    command: sf my:other:custom:command\n```\n\nYou can force the daily run of all commands by defining env var `MONITORING_IGNORE_FREQUENCY=true`\n\nThe default list of commands is the following:\n\n| Key | Description | Command | Frequency |\n| :---: | :---- | :---- | :-----: |\n| [AUDIT_TRAIL](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | Detect suspect setup actions in major org | [sf hardis:org:diagnose:audittrail](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/audittrail) | daily |\n| [LEGACY_API](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | Detect calls to deprecated API versions | [sf hardis:org:diagnose:legacyapi](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/legacyapi) | daily |\n| [ORG_LIMITS](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | Detect if org limits are close to be reached | [sf hardis:org:monitor:limits](https://sfdx-hardis.cloudity.com/hardis/org/monitor/limits) | daily |\n| [LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | Extract licenses information | [sf hardis:org:diagnose:licenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/licenses) | weekly |\n| [LINT_ACCESS](https://sfdx-hardis.cloudity.com/hardis/lint/access) | Detect custom elements with no access rights defined in permission sets | [sf hardis:lint:access](https://sfdx-hardis.cloudity.com/hardis/lint/access) | weekly |\n| [UNUSED_LICENSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | Detect permission set licenses that are assigned to users that do not need them | [sf hardis:org:diagnose:unusedlicenses](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedlicenses) | weekly |\n| [UNUSED_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users without recent logins | [sf hardis:org:diagnose:unusedusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ACTIVE_USERS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | Detect active users with recent logins | [sf hardis:org:diagnose:unusedusers --returnactiveusers](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unusedusers) | weekly |\n| [ORG_INFO](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | Get org info + SF instance info + next major upgrade date | [sf hardis:org:diagnose:instanceupgrade](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/instanceupgrade) | weekly |\n| [RELEASE_UPDATES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | Gather warnings about incoming and overdue Release Updates | [sf hardis:org:diagnose:releaseupdates](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/releaseupdates) | weekly |\n| [UNUSED_METADATAS](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | Detect custom labels and custom permissions that are not in use | [sf hardis:lint:unusedmetadatas](https://sfdx-hardis.cloudity.com/hardis/lint/unusedmetadatas) | weekly |\n| [UNUSED_APEX_CLASSES](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | Detect unused Apex classes in an org | [sf hardis:org:diagnose:unused-apex-classes](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-apex-classes) | weekly |\n| [CONNECTED_APPS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | Detect unused Connected Apps in an org | [sf hardis:org:diagnose:unused-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unused-connected-apps) | weekly |\n| [UNSECURED_CONNECTED_APPS](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unsecure-connected-apps) | Detect unsecured Connected Apps in an org | [sf hardis:org:diagnose:unsecure-connected-apps](https://sfdx-hardis.cloudity.com/hardis/org/diagnose/unsecure-connected-apps) | weekly |\n| [METADATA_STATUS](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | Detect inactive metadata | [sf hardis:lint:metadatastatus](https://sfdx-hardis.cloudity.com/hardis/lint/metadatastatus) | weekly |\n| [MISSING_ATTRIBUTES](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | Detect missing description on custom field | [sf hardis:lint:missingattributes](https://sfdx-hardis.cloudity.com/hardis/lint/missingattributes) | weekly |\n\n",
       "examples": [
         "$ sf hardis:org:monitor:all"
       ],
@@ -7333,6 +7447,12 @@
           "command": "sf hardis:org:diagnose:unused-connected-apps",
           "frequency": "weekly"
         },
+        {
+          "key": "UNSECURED_CONNECTED_APPS",
+          "title": "Detect unsecured Connected Apps in an org",
+          "command": "sf hardis:org:diagnose:unsecure-connected-apps",
+          "frequency": "weekly"
+        },
         {
           "key": "METADATA_STATUS",
           "title": "Detect inactive metadata",
@@ -9691,109 +9811,6 @@
         "auth:configure:project:hardis"
       ]
     },
-    "hardis:project:convert:profilestopermsets": {
-      "aliases": [],
-      "args": {},
-      "description": "\n## Command Behavior\n\n**Converts existing Salesforce Profiles into Permission Sets, facilitating a more granular and recommended security model.**\n\nThis command helps in migrating permissions from Profiles to Permission Sets, which is a best practice for managing user access in Salesforce. It creates a new Permission Set for each specified Profile, adopting a naming convention of `PS_PROFILENAME`.\n\nKey functionalities:\n\n- **Profile to Permission Set Conversion:** Automatically extracts permissions from a Profile and creates a corresponding Permission Set.\n- **Naming Convention:** New Permission Sets are named with a `PS_` prefix followed by the Profile name (e.g., `PS_Standard_User`).\n- **Exclusion Filter:** Allows you to exclude specific Profiles from the conversion process using the `--except` flag.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **External Plugin Integration:** It relies on the `shane-sfdx-plugins` (specifically the `sf shane:profile:convert` command) to perform the actual conversion.\n- **File System Scan:** It reads the contents of the `force-app/main/default/profiles` directory to identify all available Profile metadata files.\n- **Command Execution:** For each identified Profile (that is not excluded), it constructs and executes the `sf shane:profile:convert` command with the appropriate Profile name and desired Permission Set name.\n- **Error Handling:** Includes basic error handling for the external command execution.\n</details>\n",
-      "examples": [
-        "$ sf hardis:project:convert:profilestopermsets"
-      ],
-      "flags": {
-        "json": {
-          "description": "Format output as json.",
-          "helpGroup": "GLOBAL",
-          "name": "json",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "flags-dir": {
-          "helpGroup": "GLOBAL",
-          "name": "flags-dir",
-          "summary": "Import flag values from a directory.",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "except": {
-          "char": "e",
-          "description": "List of filters",
-          "name": "except",
-          "default": [],
-          "hasDynamicHelp": false,
-          "multiple": true,
-          "type": "option"
-        },
-        "debug": {
-          "char": "d",
-          "description": "Activate debug mode (more logs)",
-          "name": "debug",
-          "allowNo": false,
-          "type": "boolean"
-        },
-        "websocket": {
-          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
-          "name": "websocket",
-          "hasDynamicHelp": false,
-          "multiple": false,
-          "type": "option"
-        },
-        "skipauth": {
-          "description": "Skip authentication check when a default username is required",
-          "name": "skipauth",
-          "allowNo": false,
-          "type": "boolean"
-        }
-      },
-      "hasDynamicHelp": false,
-      "hiddenAliases": [],
-      "id": "hardis:project:convert:profilestopermsets",
-      "pluginAlias": "sfdx-hardis",
-      "pluginName": "sfdx-hardis",
-      "pluginType": "core",
-      "strict": true,
-      "enableJsonFlag": true,
-      "title": "Convert Profiles into Permission Sets",
-      "requiresProject": true,
-      "requiresSfdxPlugins": [
-        "shane-sfdx-plugins"
-      ],
-      "isESM": true,
-      "relativePath": [
-        "lib",
-        "commands",
-        "hardis",
-        "project",
-        "convert",
-        "profilestopermsets.js"
-      ],
-      "aliasPermutations": [],
-      "permutations": [
-        "hardis:project:convert:profilestopermsets",
-        "project:hardis:convert:profilestopermsets",
-        "project:convert:hardis:profilestopermsets",
-        "project:convert:profilestopermsets:hardis",
-        "hardis:convert:project:profilestopermsets",
-        "convert:hardis:project:profilestopermsets",
-        "convert:project:hardis:profilestopermsets",
-        "convert:project:profilestopermsets:hardis",
-        "hardis:convert:profilestopermsets:project",
-        "convert:hardis:profilestopermsets:project",
-        "convert:profilestopermsets:hardis:project",
-        "convert:profilestopermsets:project:hardis",
-        "hardis:project:profilestopermsets:convert",
-        "project:hardis:profilestopermsets:convert",
-        "project:profilestopermsets:hardis:convert",
-        "project:profilestopermsets:convert:hardis",
-        "hardis:profilestopermsets:project:convert",
-        "profilestopermsets:hardis:project:convert",
-        "profilestopermsets:project:hardis:convert",
-        "profilestopermsets:project:convert:hardis",
-        "hardis:profilestopermsets:convert:project",
-        "profilestopermsets:hardis:convert:project",
-        "profilestopermsets:convert:hardis:project",
-        "profilestopermsets:convert:project:hardis"
-      ]
-    },
     "hardis:project:clean:emptyitems": {
       "aliases": [],
       "args": {},
@@ -11279,6 +11296,109 @@
         "xml:clean:project:hardis"
       ]
     },
+    "hardis:project:convert:profilestopermsets": {
+      "aliases": [],
+      "args": {},
+      "description": "\n## Command Behavior\n\n**Converts existing Salesforce Profiles into Permission Sets, facilitating a more granular and recommended security model.**\n\nThis command helps in migrating permissions from Profiles to Permission Sets, which is a best practice for managing user access in Salesforce. It creates a new Permission Set for each specified Profile, adopting a naming convention of `PS_PROFILENAME`.\n\nKey functionalities:\n\n- **Profile to Permission Set Conversion:** Automatically extracts permissions from a Profile and creates a corresponding Permission Set.\n- **Naming Convention:** New Permission Sets are named with a `PS_` prefix followed by the Profile name (e.g., `PS_Standard_User`).\n- **Exclusion Filter:** Allows you to exclude specific Profiles from the conversion process using the `--except` flag.\n\n<details markdown=\"1\">\n<summary>Technical explanations</summary>\n\nThe command's technical implementation involves:\n\n- **External Plugin Integration:** It relies on the `shane-sfdx-plugins` (specifically the `sf shane:profile:convert` command) to perform the actual conversion.\n- **File System Scan:** It reads the contents of the `force-app/main/default/profiles` directory to identify all available Profile metadata files.\n- **Command Execution:** For each identified Profile (that is not excluded), it constructs and executes the `sf shane:profile:convert` command with the appropriate Profile name and desired Permission Set name.\n- **Error Handling:** Includes basic error handling for the external command execution.\n</details>\n",
+      "examples": [
+        "$ sf hardis:project:convert:profilestopermsets"
+      ],
+      "flags": {
+        "json": {
+          "description": "Format output as json.",
+          "helpGroup": "GLOBAL",
+          "name": "json",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "flags-dir": {
+          "helpGroup": "GLOBAL",
+          "name": "flags-dir",
+          "summary": "Import flag values from a directory.",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "except": {
+          "char": "e",
+          "description": "List of filters",
+          "name": "except",
+          "default": [],
+          "hasDynamicHelp": false,
+          "multiple": true,
+          "type": "option"
+        },
+        "debug": {
+          "char": "d",
+          "description": "Activate debug mode (more logs)",
+          "name": "debug",
+          "allowNo": false,
+          "type": "boolean"
+        },
+        "websocket": {
+          "description": "Websocket host:port for VsCode SFDX Hardis UI integration",
+          "name": "websocket",
+          "hasDynamicHelp": false,
+          "multiple": false,
+          "type": "option"
+        },
+        "skipauth": {
+          "description": "Skip authentication check when a default username is required",
+          "name": "skipauth",
+          "allowNo": false,
+          "type": "boolean"
+        }
+      },
+      "hasDynamicHelp": false,
+      "hiddenAliases": [],
+      "id": "hardis:project:convert:profilestopermsets",
+      "pluginAlias": "sfdx-hardis",
+      "pluginName": "sfdx-hardis",
+      "pluginType": "core",
+      "strict": true,
+      "enableJsonFlag": true,
+      "title": "Convert Profiles into Permission Sets",
+      "requiresProject": true,
+      "requiresSfdxPlugins": [
+        "shane-sfdx-plugins"
+      ],
+      "isESM": true,
+      "relativePath": [
+        "lib",
+        "commands",
+        "hardis",
+        "project",
+        "convert",
+        "profilestopermsets.js"
+      ],
+      "aliasPermutations": [],
+      "permutations": [
+        "hardis:project:convert:profilestopermsets",
+        "project:hardis:convert:profilestopermsets",
+        "project:convert:hardis:profilestopermsets",
+        "project:convert:profilestopermsets:hardis",
+        "hardis:convert:project:profilestopermsets",
+        "convert:hardis:project:profilestopermsets",
+        "convert:project:hardis:profilestopermsets",
+        "convert:project:profilestopermsets:hardis",
+        "hardis:convert:profilestopermsets:project",
+        "convert:hardis:profilestopermsets:project",
+        "convert:profilestopermsets:hardis:project",
+        "convert:profilestopermsets:project:hardis",
+        "hardis:project:profilestopermsets:convert",
+        "project:hardis:profilestopermsets:convert",
+        "project:profilestopermsets:hardis:convert",
+        "project:profilestopermsets:convert:hardis",
+        "hardis:profilestopermsets:project:convert",
+        "profilestopermsets:hardis:project:convert",
+        "profilestopermsets:project:hardis:convert",
+        "profilestopermsets:project:convert:hardis",
+        "hardis:profilestopermsets:convert:project",
+        "profilestopermsets:hardis:convert:project",
+        "profilestopermsets:convert:hardis:project",
+        "profilestopermsets:convert:project:hardis"
+      ]
+    },
     "hardis:project:deploy:notify": {
       "aliases": [],
       "args": {},
@@ -15151,5 +15271,5 @@
       ]
     }
   },
-  "version": "6.2.0"
+  "version": "6.3.0"
 }