Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@salesforce/command
Advanced tools
@salesforce/command is an npm package that provides a framework for building CLI commands for Salesforce. It is designed to help developers create commands that interact with Salesforce APIs and services, making it easier to automate tasks and integrate Salesforce with other systems.
Command Creation
This feature allows developers to create custom CLI commands by extending the SfdxCommand class. The example demonstrates a simple command that logs a message to the console.
const { SfdxCommand } = require('@salesforce/command');
class MyCommand extends SfdxCommand {
async run() {
this.ux.log('Hello, Salesforce!');
}
}
module.exports = MyCommand;
Parameter Handling
This feature provides a way to define and handle command-line parameters using the flags property. The example shows how to define a 'name' parameter and use it within the command.
const { flags, SfdxCommand } = require('@salesforce/command');
class MyCommand extends SfdxCommand {
static flagsConfig = {
name: flags.string({ char: 'n', description: 'name to print' })
};
async run() {
const name = this.flags.name || 'world';
this.ux.log(`Hello, ${name}!`);
}
}
module.exports = MyCommand;
Salesforce Authentication
This feature allows commands to authenticate and interact with Salesforce orgs. The example demonstrates how to create a connection and query Salesforce data.
const { SfdxCommand } = require('@salesforce/command');
const { Connection } = require('@salesforce/core');
class MyCommand extends SfdxCommand {
async run() {
const conn = await Connection.create({ authInfo: this.org.getConnection().getAuthInfo() });
const result = await conn.query('SELECT Id, Name FROM Account');
this.ux.logJson(result.records);
}
}
module.exports = MyCommand;
oclif is a framework for building command-line interfaces in Node.js. It is highly extensible and supports plugins, making it suitable for creating complex CLI applications. Compared to @salesforce/command, oclif is more general-purpose and not specifically tailored for Salesforce.
commander is a popular Node.js library for building command-line interfaces. It provides a simple and flexible API for defining commands and options. While it is not specifically designed for Salesforce, it can be used to create CLI tools for various purposes, including Salesforce automation.
yargs is another widely-used library for building command-line tools in Node.js. It offers a rich set of features for parsing arguments and generating help messages. Like commander, yargs is a general-purpose library and can be used to create CLI tools for different use cases, including Salesforce.
This package contains the base command class for Salesforce CLI, SfdxCommand
. Extend this class for convenient access to common Salesforce CLI parameters, a logger, CLI output formatting, scratch orgs, and Dev Hubs. This class extends @oclif/command and is available within a plug-in generated by Salesforce Plug-In Generator.
Commands that extend SfdxCommand
can only be used with Salesforce CLI version 6.8.2 or later. To check your Salesforce CLI version:
$ sfdx version
sfdx-cli/6.42.0-ae478b3cb8 (darwin-x64) node-v8.9.4
To learn more about the features of the Command Library see the Salesforce CLI Plug-In Developer Guide.
If you are interested in contributing, please take a look at the CONTRIBUTING guide.
If you are interested in building this package locally, please take a look at the DEVELOPING doc.
SfdxCommand
.Command
, which SfdxCommand
extends.FAQs
Salesforce CLI base command class
We found that @salesforce/command demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 54 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.