SFDX CLI plugin for the apex-link Salesforce metadata static analysis library. This plugin provides a simple 'check' command that can be used to examine metadata for errors, in addition it can report on various warnings such as unused fields & methods or variable shadowing. The command can also be used to obtain Apex class dependencies in either CSV or JSON format.
To install the CLI plugin (from npm)
sfdx plugins:install apexlink
Check the installation was successful with
sfdx plugins
This should show apexlink in the plugin list.
To perform a simple validity check use:
sfdx apexlink:check <directory>
This parses and performs semantic checks on the code and reports any errors, such as types not being found. The library contains a pretty comprehensive set of platform types that it validates against. This command does not require an sfdx project, if you omit the directory it will search the current directory for metadata. To also see warnings add the argument "--verbose".
You can use the check command to report on unused fields, properties and methods of Apex classes.
sfdx apexlink:check --verbose --unused <directory>
The check command can also report Apex class dependencies with:
sfdx apexlink:check --depends --json <directory>
If you omit the --json the dependency default format is CSV.
To download metadata for use by apexlink use:
sfdx apexlink:gulp --namespaces="unmanaged,ns1"
If you org does not have a namespace you can use "unmanaged" to download umanaged metadata, if the org does have a namespaces you should use it instead. The metadata will be stored in a .apexlink/gulp directory within your workspace. Note: to make use of the metadata you need to add settings to sfdx-project.json, see apex-assist README for instructions.
$ npm install -g apexlink
$ sfdx COMMAND
running command...
$ sfdx (-v|--version|version)
apexlink/2.3.5 darwin-x64 node-v16.6.0
$ sfdx --help [COMMAND]
USAGE
$ sfdx COMMAND
...
sfdx apexlink:check [--depends] [--unused] [--nocache] [--debug] [--verbose] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx apexlink:gulp [--namespaces <array>] [--debug] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx apexlink:packages [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]sfdx apexlink:check [--depends] [--unused] [--nocache] [--debug] [--verbose] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]Validate Apex code in current or passed directories
USAGE
$ sfdx apexlink:check [--depends] [--unused] [--nocache] [--debug] [--verbose] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
ARGUMENTS
DIRECTORY directory to search for metadata files, defaults to current directory
OPTIONS
--debug show debug log
--depends output class dependencies rather
than issues, in CSV (default) or
JSON format
--json show output in json format (disables
--verbose)
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
--nocache don't use cache during loading
--unused show unused messages, requires
--verbose
--verbose show warning messages
EXAMPLES
$ sfdx apexlink:check
$ sfdx apexlink:check --verbose $HOME/myproject
$ sfdx apexlink:check --json --depends $HOME/myproject
See code: src/commands/apexlink/check.ts
sfdx apexlink:gulp [--namespaces <array>] [--debug] [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]Download metadata to enable apex-link semantic analysis
USAGE
$ sfdx apexlink:gulp [--namespaces <array>] [--debug] [-u <string>] [--apiversion <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-u, --targetusername=targetusername username or alias for the target
org; overrides default target org
--apiversion=apiversion override the api version used for
api requests made by this command
--debug show progress messages
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
--namespaces=namespaces gulp metadata for these namespaces,
if not set 'unmanaged' is loaded
EXAMPLES
$ sfdx apexlink:gulp
$ sfdx apexlink:gulp --debug --namespaces="ns1,ns2"
See code: src/commands/apexlink/gulp.ts
sfdx apexlink:packages [-u <string>] [--apiversion <string>] [--json] [--loglevel trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]Display information about installed packages
USAGE
$ sfdx apexlink:packages [-u <string>] [--apiversion <string>] [--json] [--loglevel
trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]
OPTIONS
-u, --targetusername=targetusername username or alias for the target
org; overrides default target org
--apiversion=apiversion override the api version used for
api requests made by this command
--json format output as json
--loglevel=(trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL) [default: warn] logging level for
this command invocation
EXAMPLES
$ sfdx apexlink:packages
$ sfdx apexlink:packages --debug"
See code: src/commands/apexlink/packages.ts
FAQs
SFDX CLI plugin for Apexlink Salesforce metadata analysis library
The npm package apexlink receives a total of 11 weekly downloads. As such, apexlink popularity was classified as not popular.
We found that apexlink demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.