- Code is open-source and peer-reviewed by the community.
- Vulnerabilities can be reported privately via GitHub security features.
- Changes to the repository are scanned and reviewed before merging.
If you discover a security vulnerability, please report it using GitHub vulnerability reporting.
This project collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
Note: We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include:
| Package | License | Purpose |
|---|---|---|
@actions/core |
MIT | Toolkit for developing GitHub Actions |
@actions/github |
MIT | Interact with the GitHub API in Actions |
@vercel/ncc |
MIT | Compile Node.js projects into a single file |
lightning-flow-scanner-core |
MIT | Core library for scanning Salesforce flows |