Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The forceios npm package allows users to create iOS mobile applications to interface with the Salesforce Platform, leveraging the Salesforce Mobile SDK for iOS.
If you're new to mobile development, or the force.com platform, you may want to start at the Mobile SDK landing page. This page offers a variety of resources to help you determine the best technology path for creating your app, as well as many guides and blog posts detailing how to work with the Mobile SDK.
But assuming you're all read up, here's how to get started with the forceios package to create the starting point for your mobile application.
Because forceios is a command-line utility, we recommend installing it globally, so that it's easily accessible on your path:
sudo npm install forceios -g
You're of course welcome to install it locally as well:
npm install forceios
In this case, you can access the forceios app at [Install Directory]/node_modules/.bin/forceios
.
For the rest of this document, we'll assume that forceios
is on your path.
Typing forceios
with no arguments gives you a breakdown of the usage:
$ forceios
Usage:
forceios create
--apptype=<Application Type> (native, hybrid_remote, hybrid_local)
--appname=<Application Name>
--companyid=<Company Identifier> (com.myCompany.myApp)
--organization=<Organization Name> (Your company's/organization's name)
--startpage=<App Start Page> (The start page of your remote app. Only required for hybrid_remote)
[--outputdir=<Output directory> (Defaults to the current working directory)]
[--appid=<Salesforce App Identifier> (The Consumer Key for your app. Defaults to the sample app.)]
[--callbackuri=<Salesforce App Callback URL (The Callback URL for your app. Defaults to the sample app.)]
OR
forceios version
Note: You can specify any or all of the arguments as command line options as specified in the usage. If you run forceios create
with missing arguments, it prompts you for each missing option interactively.
Once the creation script completes, you'll have a fully functioning basic application of the type you specified. The new application is an Xcode project that you can peruse, run, and debug.
App Type: The type of application you wish to develop:
App Name: The name of your application
Company ID: An identifier for your company, similar to a Java package (e.g. com.acme.MobileApps
). This concatenates with the app name to form the unique identifier for your app in the App Store.
Organization: The name of your company or organization. For example, Acme Widgets, Inc.
Start Page: ( Required for hybrid_remote apps only ) The starting page of your application on salesforce.com. This is the entry point of your remote application, though it's only the path, not the server portion of the URL. For instance, /apex/MyVisualforceStartPage
.
Output Directory: ( optional ) The directory where you want your app to be created. If not specified, it will be created in your current working directory.
App ID: ( optional ) The Connected App Consumer Key that identifies your app in the cloud. This argument defaults to a sample key to allow you to test your app. However, you must specify your own Consumer Key before you submit your app to the App Store.
Callback URI: ( optional ) The Callback URL associated with your Connected App. As with the App ID, this argument defaults to a value for a sample app. You must specify your own Callback URL before you submit your app to the App Store.
The Salesforce Mobile SDK for Android (and package) source repository lives here.
See our developerforce site for more information about how you can leverage the Salesforce Mobile SDK with the force.com platform.
FAQs
Utilities for creating mobile apps based on the Salesforce Mobile SDK for iOS
The npm package forceios receives a total of 3 weekly downloads. As such, forceios popularity was classified as not popular.
We found that forceios demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.