Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@salesforce/core-bundle
Advanced tools
Core libraries to interact with SFDX projects, orgs, and APIs.
The @salesforce/core library provides client-side management of Salesforce DX projects, org authentication, connections to Salesforce APIs, and other utilities. Much of the core functionality that powers the Salesforce CLI plugins comes from this library. You can use this functionality in your plugins too.
See the API documentation.
If you're interested in contributing, take a look at the CONTRIBUTING guide.
Report all issues to the issues only repository.
The Salesforce DX Core Library provides a unit testing utility to help with mocking and sand-boxing core components. This feature allows unit tests to execute without needing to make API calls to salesforce.com.
See the Test Setup documentation.
The Messages class, by default, loads message text during run time. It's optimized to do this only per file.
If you're using @salesforce/core or other code that uses its Messages class in a bundler (webpack, esbuild, etc) it may struggle with these runtime references.
src/messageTransformer will "inline" the messages into the js files during TS compile using https://github.com/nonara/ts-patch
.
In your plugin or library,
yarn add --dev ts-patch
tsconfig.json
{
...
"plugins": [{ "transform": "@salesforce/core/lib/messageTransformer", "import": "messageTransformer" }]
}
.sfdevrc.json, which gets merged into package.json
"wireit": {
"compile": {
"command": "tspc -p . --pretty --incremental",
"files": [
"src/**/*.ts",
"tsconfig.json",
"messages"
],
"output": [
"lib/**",
"*.tsbuildinfo"
],
"clean": "if-file-deleted"
}
}
There are some benchmark.js checks to get a baseline for Logger performance. https://forcedotcom.github.io/sfdx-core/perf-Linux https://forcedotcom.github.io/sfdx-core/perf-Windows
You can add more test cases in test/perf/logger/main.js
If you add tests for new parts of sfdx-core outside of Logger, add new test Suites and create new jobs in the GHA perf.yml
FAQs
Core libraries to interact with SFDX projects, orgs, and APIs.
We found that @salesforce/core-bundle demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.