@salesforce/sfdx-scanner
Advanced tools
Static code scanner that applies quality and security rules to Apex code, and provides feedback.
The Salesforce CLI Scanner plug-in is a unified tool for static analysis of source code, in multiple languages (including Apex), with a consistent command-line interface and report output. We currently support the PMD rule engine and ESLint. We may add support for more rule engines in the future.
The Salesforce CLI Scanner Plug-in creates "Rule Violations" when the scanner identifies issues. Developers use this information as feedback to fix their code.
You can integrate this plug-in into your CI/CD solution to enforce the rules and expect high-quality code.
All the official documentation on the Salesforce CLI Scanner plug-in is hosted on GitHub Pages. These documents include instructions on how to install the plug-in, the command reference, writing and managing custom rules and an overview of the architecture of the plug-in.
https://forcedotcom.github.io/sfdx-scanner/
Instructions here.
=======
Here is the information on How to Install the plugin
Please check out the Salesforce CLI Scanner Plug-In Command Reference for usage and demo of the plugin.
FAQs
Static code scanner that applies quality and security rules to Apex code, and provides feedback.
The npm package @salesforce/sfdx-scanner receives a total of 40,503 weekly downloads. As such, @salesforce/sfdx-scanner popularity was classified as popular.
We found that @salesforce/sfdx-scanner demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious PyPI package ‘set-utils’ steals Ethereum private keys by exfiltrating them through blockchain transactions via the Polygon RPC.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
