Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@salesforce/core
Advanced tools
@salesforce/core is a powerful npm package designed to facilitate interaction with Salesforce's APIs and services. It provides a set of tools and utilities for managing Salesforce authentication, configuration, and API requests, making it easier for developers to build and manage Salesforce applications.
Authentication
This feature allows you to authenticate to a Salesforce org using a username. The code sample demonstrates how to create an AuthInfo object and establish a connection to Salesforce.
const { AuthInfo } = require('@salesforce/core');
async function authenticate() {
const authInfo = await AuthInfo.create({ username: 'your-username' });
const connection = await authInfo.getConnection();
console.log('Authenticated to Salesforce:', connection.instanceUrl);
}
authenticate();
Configuration Management
This feature provides tools for managing and retrieving Salesforce configuration settings. The code sample shows how to create a ConfigAggregator and retrieve the current configuration.
const { ConfigAggregator } = require('@salesforce/core');
async function getConfig() {
const configAggregator = await ConfigAggregator.create();
const config = configAggregator.getConfig();
console.log('Salesforce Configuration:', config);
}
getConfig();
API Requests
This feature allows you to make API requests to Salesforce. The code sample demonstrates how to create a connection and perform a SOQL query to retrieve data from Salesforce.
const { Connection } = require('@salesforce/core');
async function querySalesforce() {
const connection = await Connection.create({ authInfo: await AuthInfo.create({ username: 'your-username' }) });
const result = await connection.query('SELECT Id, Name FROM Account');
console.log('Query Result:', result.records);
}
querySalesforce();
Jsforce is a popular library for interacting with Salesforce APIs. It provides a comprehensive set of features for authentication, CRUD operations, and more. Compared to @salesforce/core, jsforce offers a more extensive set of functionalities and is widely used in the Salesforce developer community.
Nforce is another library for working with Salesforce APIs. It focuses on providing a simple and intuitive interface for performing CRUD operations and managing authentication. While it may not be as feature-rich as @salesforce/core, it is known for its ease of use and simplicity.
The @salesforce/core library provides client-side management of Salesforce DX projects, org authentication, connections to Salesforce APIs, and other utilities. Much of the core functionality that powers the Salesforce CLI plugins comes from this library. You can use this functionality in your plugins too.
See the API documentation.
If you're interested in contributing, take a look at the CONTRIBUTING guide.
Report all issues to the issues only repository.
The Salesforce DX Core Library provides a unit testing utility to help with mocking and sand-boxing core components. This feature allows unit tests to execute without needing to make API calls to salesforce.com.
See the Test Setup documentation.
The Messages class, by default, loads message text during run time. It's optimized to do this only per file.
If you're using @salesforce/core or other code that uses its Messages class in a bundler (webpack, esbuild, etc) it may struggle with these runtime references.
src/messageTransformer will "inline" the messages into the js files during TS compile using https://github.com/nonara/ts-patch
.
In your plugin or library,
yarn add --dev ts-patch
tsconfig.json
{
...
"plugins": [{ "transform": "@salesforce/core/lib/messageTransformer", "import": "messageTransformer" }]
}
.sfdevrc.json, which gets merged into package.json
"wireit": {
"compile": {
"command": "tspc -p . --pretty --incremental",
"files": [
"src/**/*.ts",
"tsconfig.json",
"messages"
],
"output": [
"lib/**",
"*.tsbuildinfo"
],
"clean": "if-file-deleted"
}
}
There are some benchmark.js checks to get a baseline for Logger performance. https://forcedotcom.github.io/sfdx-core/perf-Linux https://forcedotcom.github.io/sfdx-core/perf-Windows
You can add more test cases in test/perf/logger/main.js
If you add tests for new parts of sfdx-core outside of Logger, add new test Suites and create new jobs in the GHA perf.yml
FAQs
Core libraries to interact with SFDX projects, orgs, and APIs.
The npm package @salesforce/core receives a total of 382,187 weekly downloads. As such, @salesforce/core popularity was classified as popular.
We found that @salesforce/core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 47 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.