Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding -  Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
lwc-signals-plugin
Advanced tools
lwc-signals-plugin
Using the template
This repository provides a template for creating a plugin for the Salesforce CLI. To convert this template to a working plugin:
-
Please get in touch with the Platform CLI team. We want to help you develop your plugin.
-
Generate your plugin:
sf plugins install dev sf dev generate plugin git init -b main git add . && git commit -m "chore: initial commit" -
Create your plugin's repo in the salesforcecli github org
-
When you're ready, replace the contents of this README with the information you want.
Learn about sf plugins
Salesforce CLI plugins are based on the oclif plugin framework. Read the plugin developer guide to learn about Salesforce CLI plugin development.
This repository contains a lot of additional scripts and tools to help with general Salesforce node development and enforce coding standards. You should familiarize yourself with some of the node developer packages used by Salesforce.
Additionally, there are some additional tests that the Salesforce CLI will enforce if this plugin is ever bundled with the CLI. These test are included by default under the posttest script and it is required to keep these tests active in your plugin if you plan to have it bundled.
Tooling
- @salesforce/core
- @salesforce/kit
- @salesforce/sf-plugins-core
- @salesforce/ts-types
- @salesforce/ts-sinon
- @salesforce/dev-config
- @salesforce/dev-scripts
Hooks
For cross clouds commands, e.g. sf env list, we utilize oclif hooks to get the relevant information from installed plugins.
This plugin includes sample hooks in the src/hooks directory. You'll just need to add the appropriate logic. You can also delete any of the hooks if they aren't required for your plugin.
Everything past here is only a suggestion as to what should be in your specific plugin's description
This plugin is bundled with the Salesforce CLI. For more information on the CLI, read the getting started guide.
We always recommend using the latest version of these commands bundled with the CLI, however, you can install a specific version or tag if needed.
Install
sf plugins install lwc-signals-plugin@x.y.z
Issues
Please report any issues at https://github.com/forcedotcom/cli/issues
Contributing
- Please read our Code of Conduct
- Create a new issue before starting your project so that we can keep track of what you are trying to add/fix. That way, we can also offer suggestions or let you know if there is already an effort in progress.
- Fork this repository.
- Build the plugin locally
- Create a topic branch in your fork. Note, this step is recommended but technically not required if contributing using a fork.
- Edit the code in your fork.
- Write appropriate tests for your changes. Try to achieve at least 95% code coverage on any new code. No pull request will be accepted without unit tests.
- Sign CLA (see CLA below).
- Send us a pull request when you are done. We'll review your code, suggest any needed changes, and merge it in.
CLA
External contributors will be required to sign a Contributor's License Agreement. You can do so by going to https://cla.salesforce.com/sign-cla.
Build
To build the plugin locally, make sure to have yarn installed and run the following commands:
# Clone the repository
git clone git@github.com:salesforcecli/lwc-signals-plugin
# Install the dependencies and compile
yarn && yarn build
To use your plugin, run using the local ./bin/dev or ./bin/dev.cmd file.
# Run using local run file.
./bin/dev hello world
There should be no differences when running via the Salesforce CLI or using the local run file. However, it can be useful to link the plugin to do some additional testing or run your commands from anywhere on your machine.
# Link your plugin to the sf cli
sf plugins link .
# To verify
sf plugins
Commands
sf hello world
Say hello either to the world or someone you know.
USAGE
$ sf hello world [--json] [-n <value>]
FLAGS
-n, --name=<value> [default: World] The name of the person you'd like to say hello to.
GLOBAL FLAGS
--json Format output as json.
DESCRIPTION
Say hello either to the world or someone you know.
Say hello either to the world or someone you know.
EXAMPLES
Say hello to the world:
$ sf hello world
Say hello to someone you know:
$ sf hello world --name Astro
FAQs
sf cli plugin for the LWC Signals library
We found that lwc-signals-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 23 Jan 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding -  Dec 11, 2025
Security News
npm Revokes Classic Tokens, as OpenJS Warns Maintainers About OIDC Gaps
GitHub has revoked npm classic tokens for publishing; maintainers must migrate, but OpenJS warns OIDC trusted publishing still has risky gaps for critical projects.
By Sarah Gooding -  Dec 10, 2025