Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The SFDX Data Move Utility (SFDMU) is the most modern and powerful salesforce data migration tool. It will help you to populate your org with data in minutes.
The SFDX Data Move Utility (SFDMU) is an advanced SFDX plugin designed to streamline data migration within various Salesforce environments, including scratch, development, sandbox, and production orgs.
This powerful tool supports migration from other Salesforce orgs or CSV files and efficiently manages various data operations, enabling the migration of multiple related sObjects in a single run.
Prepare Environment: Install the Salesforce CLI following the official instructions.
Plugin Installation:
# Uninstall old version, if any:
$ sf plugins uninstall sfdmu
# Install the latest version:
$ sf plugins install sfdmu
For developers needing customization or access to the source:
# Clone the repository:
$ git clone https://github.com/forcedotcom/SFDX-Data-Move-Utility
# Navigate to the directory and link it:
$ cd SFDX-Data-Move-Utility
$ npm install
$ sf plugins link
Set up a migration job by creating an export.json
file with specific data models and operations, as detailed in the Full export.json Format Guide.
Here is a basic export.json
example for upserting Accounts and their related Contacts, assuming a unique Name for Accounts and a unique LastName for Contacts across source and target orgs:
{
"objects": [
{
"operation": "Upsert",
"externalId": "LastName",
"query": "SELECT FirstName, LastName, AccountId FROM Contact",
"master": false
},
{
"operation": "Upsert",
"externalId": "Name",
"query": "SELECT Name, Phone FROM Account WHERE Name = 'John Smith'"
}
]
}
First Object (Contact):
false
- This setting ensures that SFDMU only processes Contact records that are related to the specified Accounts.Second Object (Account):
Navigate to the directory where your export.json
file is located and execute migrations using commands tailored to your source and target, whether they are Salesforce orgs or CSV files:
# Migrate data from one Salesforce org to another
$ sf sfdmu run --sourceusername source.org.username@name.com --targetusername target.org.username@name.com
# Export data from a Salesforce org to CSV files
$ sf sfdmu run --sourceusername source.org.username@name.com --targetusername csvfile
# Import data from CSV files to a Salesforce org
$ sf sfdmu run --sourceusername csvfile --targetusername target.org.username@name.com
Note:
When importing or exporting from/to CSV files, ensure that the files are located in the directory containing the export.json
file. The files should be named according to the API name of the respective sObject, such as Account.csv
, Contact.csv
. This naming convention helps in accurately mapping the data to the correct sObjects during the import or export process.
sudo
. Adjust CLI command syntax if using the older SFDX CLI platform.sf org login web
commands, as detailed in the Authorize an Org Using a Browser documentation.FAQs
The SFDX Data Move Utility (SFDMU) is the most modern and powerful salesforce data migration tool. It will help you to populate your org with data in minutes.
The npm package sfdmu receives a total of 4,291 weekly downloads. As such, sfdmu popularity was classified as popular.
We found that sfdmu demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.