Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
lightning-flow-scanner-core
Advanced tools
##### _This core rule set is used in both the [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=ForceConfigControl.lightningflowscanner&ssr=false#review-details) and the [SFDX Plugin](https://www.npmjs.com/package/lightning-flow-scan
Introducing newer API components may lead to unexpected issues with older versions of Flows, as they might not align with the underlying mechanics. Starting from API version 50.0, the 'Api Version' attribute has been readily available on the Flow Object. To ensure smooth operation and reduce discrepancies between API versions, it is strongly advised to regularly update and maintain them.
Default Value: >49.0
Configuration example:
APIVersion:
{
severity: 'error',
expression: '===58'
}
Configuration ID: APIVersion
(View source code)
Maintaining multiple elements with a similar name, like 'Copy_X_Of_Element,' can diminish the overall readability of your Flow. When copying and pasting these elements, it's crucial to remember to update the API name of the newly created copy.
Configuration ID: CopyAPIName
(View source code)
To prevent exceeding Apex governor limits, it is advisable to consolidate all your database operations, including record creation, updates, or deletions, at the conclusion of the flow.
Configuration ID: DMLStatementInLoop
(View source code)
When the flow executes database changes or actions between two screens, it's important to prevent users from navigating back between screens. Failure to do so may result in duplicate database operations being performed within the flow.
Configuration ID: DuplicateDMLOperation
(View source code)
Descriptions play a vital role in documentation. We highly recommend including details about where they are used and their intended purpose.
Configuration ID: FlowDescription
(View source code)
The readability of a flow is of utmost importance. Establishing a naming convention for the Flow Name significantly enhances findability, searchability, and maintains overall consistency. It is advisable to include at least a domain and a brief description of the actions carried out in the flow, for instance, 'Service_OrderFulfillment'.
Default Value: [A-Za-z0-9]+_[A-Za-z0-9]+
Configuration example:
FlowName:
{
severity: 'error',
expression: '[A-Za-z0-9]'
}
Configuration ID: FlowName
(View source code)
Avoid hard-coding IDs as they are org-specific. Instead, pass them into variables at the start of the flow. You can achieve this by utilizing merge fields in URL parameters or employing a Get Records element.
Configuration ID: HardcodedId
(View source code)
At times, a flow may fail to execute a configured operation as intended. By default, the flow displays an error message to the user and notifies the admin who created the flow via email. However, you can customize this behavior by incorporating a Fault Path.
Configuration ID: MissingFaultPath
(View source code)
When a Get Records operation doesn't find any data, it returns null. To ensure data validation, utilize a decision element on the operation result variable to check for a non-null result.
Configuration ID: MissingNullHandler
(View source code)
To prevent exceeding Apex governor limits, it is advisable to consolidate all your SOQL queries at the conclusion of the flow.
Configuration ID: SOQLQueryInLoop
(View source code)
To maintain the efficiency and manageability of your Flow, it's best to avoid including unconnected elements that are not in use.
Configuration ID: UnconnectedElement
(View source code)
To maintain the efficiency and manageability of your Flow, it's advisable to avoid including unconnected variables that are not in use.
Configuration ID: UnusedVariable
(View source code)
FAQs
A rule engine capable of conducting static analysis on the metadata associated with Salesforce Lightning Flows, Process Builders, and Workflows.
The npm package lightning-flow-scanner-core receives a total of 3,830 weekly downloads. As such, lightning-flow-scanner-core popularity was classified as popular.
We found that lightning-flow-scanner-core demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.