diff --git a/README.md b/README.md index 0b17470..79740b1 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,14 @@ Use our side bar or the **Command Palette** and type `Flow Scanner` to see the l ## Development +> This project optionally uses [Volta](https://volta.sh) to manage Node.js versions. Install Volta with: +> +> ```sh +> curl https://get.volta.sh | bash +> ``` +> +> Volta will automatically use the Node.js version defined in `package.json`. + 1. Clone the repo: ```bash diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..804cffe --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,28 @@ +# Security Policy for Lightning Flow Scanner + +## Security Practices + +- Code is open-source and peer-reviewed by the community. +- Vulnerabilities can be reported privately via GitHub security features. +- Changes to the repository are scanned and reviewed before merging. + +## Reporting a Vulnerability + +If you discover a security vulnerability, please report it using [GitHub vulnerability reporting](https://github.com/Flow-Scanner/lightning-flow-scanner-vsx/security). + +## Data Handling + +This project collects zero user data. No credentials, PII, payment info, or health data is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to any external services. + +## Dependencies + +We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include: + +| Package | License | Purpose` | +| ------------------------------- | ------------------------------------------------------------------------------------ | ---------------------------------------------- | +| `convert-array-to-csv` | [MIT](https://github.com/zemirco/convert-array-to-csv/blob/master/LICENSE) | Converts JavaScript arrays into CSV format | +| `lightning-flow-scanner-core` | [MIT](https://github.com/Flow-Scanner/lightning-flow-scanner-core/blob/main/LICENSE.md) | Salesforce Flow scanning utilities | +| `tabulator-tables` | [MIT](https://github.com/olifolkerd/tabulator/blob/master/LICENSE) | Interactive tables and data grids for web apps | +| `uuid` | [MIT](https://github.com/uuidjs/uuid/blob/main/LICENSE.md) | Generates RFC-compliant UUIDs | +| `xml2js` | [MIT](https://github.com/Leonidas-from-XIV/node-xml2js/blob/master/LICENSE) | XML-to-JavaScript object converter | +| `yaml` | [ISC](https://github.com/eemeli/yaml/blob/main/LICENSE) | YAML parser and stringifier for JavaScript | diff --git a/package-lock.json b/package-lock.json index 93a0ae5..943f380 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,16 +1,16 @@ { "name": "lightning-flow-scanner-vsx", - "version": "1.8.2", + "version": "1.8.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "lightning-flow-scanner-vsx", - "version": "1.8.2", + "version": "1.8.3", "license": "AGPL-3.0", "dependencies": { "convert-array-to-csv": "^2.0.0", - "lightning-flow-scanner-core": "^5.9.4", + "lightning-flow-scanner-core": "^5.9.7", "tabulator-tables": "^6.3.1", "uuid": "^11.0.5", "xml2js": "^0.6.2", @@ -67,7 +67,6 @@ "vite": "^6.3.5", "vite-plugin-vue-devtools": "^7.7.6", "vitest": "^3.1.3", - "vscode-ext-gen": "^1.0.2", "vue": "3.5.14", "vue-tsc": "2.2.10", "wdio-vscode-service": "^6.1.2", @@ -16099,15 +16098,14 @@ "peer": true }, "node_modules/lightning-flow-scanner-core": { - "version": "5.9.4", - "resolved": "https://registry.npmjs.org/lightning-flow-scanner-core/-/lightning-flow-scanner-core-5.9.4.tgz", - "integrity": "sha512-MO15uAPbR8COiwRynHU+Y0M3SQY5S9BIOCmTB46gZ9vMMpUZUaxOI2OzHIvfXWvRMBBcHqg5XJEZtpdpMNY7Tw==", - "license": "MIT", + "version": "5.9.7", + "resolved": "https://registry.npmjs.org/lightning-flow-scanner-core/-/lightning-flow-scanner-core-5.9.7.tgz", + "integrity": "sha512-Ku4Vi1BxVPWz6MN3QCVfZqJL6eTQiqRoUtMLbjzSdXdvTBhKehFq4Mtpk7azxRK6XoHZdAwSUYOxpYkEStHhPw==", "dependencies": { "xmlbuilder2": "^3.1.1" }, "engines": { - "node": " ^18 || ^20 || ^22 || ^23" + "node": "^18 || ^20 || ^22 || ^23" } }, "node_modules/lilconfig": { @@ -22480,22 +22478,6 @@ "node": ">=14.0.0" } }, - "node_modules/vscode-ext-gen": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/vscode-ext-gen/-/vscode-ext-gen-1.0.2.tgz", - "integrity": "sha512-CgKGhGvO4Zpz87v3LRmDLtM1FaMVilJCy7fwKzxvrRnhUPTBgj9zkjlPM8lcVAq5vm87v9V8HzVer9COtU5bNA==", - "dev": true, - "license": "MIT", - "dependencies": { - "cac": "^6.7.14" - }, - "bin": { - "vscode-ext-gen": "bin.mjs" - }, - "funding": { - "url": "https://github.com/sponsors/antfu" - } - }, "node_modules/vscode-uri": { "version": "3.1.0", "resolved": "https://registry.npmjs.org/vscode-uri/-/vscode-uri-3.1.0.tgz", diff --git a/package.json b/package.json index a0cc7cc..cdad20b 100644 --- a/package.json +++ b/package.json @@ -9,7 +9,7 @@ }, "icon": "media/lightningflow.png", "description": "A VS Code Extension for analysis and optimization of Salesforce Flows. Scans metadata for 20+ issues such as hardcoded IDs, unsafe contexts, inefficient SOQL/DML operations, recursion risks, and missing fault handling. Supports auto-fixes, rule configurations, and tests integration.", - "version": "1.8.2", + "version": "1.8.3", "engines": { "vscode": "^1.99.1" }, @@ -90,10 +90,10 @@ "scripts": { "vscode:prepublish": "npm run package", "compile": "webpack --config ./build/node-extension.webpack.config.js", - "watch": "npm run v:update && concurrently \"rollup -c -w\" \"webpack --watch --config ./build/node-extension.webpack.config.js\"", + "watch": "concurrently \"rollup -c -w\" \"webpack --watch --config ./build/node-extension.webpack.config.js\"", "build-webapp": "rollup -c", - "build": "npm run v:update && rollup -c && vsce package", - "build:beta": "npm run v:update && rollup -c && vsce package --pre-release", + "build": "rollup -c && vsce package", + "build:beta": "rollup -c && vsce package --pre-release", "package": "webpack --mode production --devtool hidden-source-map --config ./build/node-extension.webpack.config.js", "test-compile": "tsc -p ./", "test-watch": "tsc -watch -p ./", @@ -105,15 +105,14 @@ "________": "scripts for reactive-vscode", "v:dev": "run-p v:dev:*", "v:build:reactive": "tsup --env.NODE_ENV production --treeshake", - "v:build:vite": "npm run v:update && vue-tsc --noEmit -p beta-vscode.tsconfig.json && vite build", + "v:build:vite": "vue-tsc --noEmit -p beta-vscode.tsconfig.json && vite build", "v:dev:reactive": "tsup --watch ./src --env.NODE_ENV development", "v:dev:vite": "vite", "v:vite:preview": "vite preview", "v:typecheck:reactive": "tsc --noEmit -p reactive-vscode.tsconfig.json", "v:vscode:prepublish:reactive": "pnpm run build", "v:test:reactive": "jest", - "v:test": "vitest", - "v:update": "vscode-ext-gen --output src/generated/meta.ts" + "v:test": "vitest" }, "devDependencies": { "@rollup/plugin-commonjs": "^28.0.2", @@ -166,7 +165,6 @@ "vite": "^6.3.5", "vite-plugin-vue-devtools": "^7.7.6", "vitest": "^3.1.3", - "vscode-ext-gen": "^1.0.2", "vue": "3.5.14", "vue-tsc": "2.2.10", "wdio-vscode-service": "^6.1.2", @@ -175,7 +173,7 @@ }, "dependencies": { "convert-array-to-csv": "^2.0.0", - "lightning-flow-scanner-core": "^5.9.4", + "lightning-flow-scanner-core": "^5.9.7", "tabulator-tables": "^6.3.1", "uuid": "^11.0.5", "xml2js": "^0.6.2", @@ -192,5 +190,8 @@ "best practices", "code quality", "salesforce automation" - ] + ], + "volta": { + "node": "20.13.1" + } } diff --git a/rollup.config.mjs b/rollup.config.mjs index ad5a88c..daf33e4 100644 --- a/rollup.config.mjs +++ b/rollup.config.mjs @@ -34,12 +34,6 @@ export default fs file: "out/compiled/" + name + ".js", assetFileNames: name + '.css', }, - onwarn: function (message) { - if (message.code !== 'EVAL'){ - console.log(JSON.stringify(message)); - throw new Error(message); - } - }, plugins: [ svelte({ compilerOptions: {