- Code is open-source and peer-reviewed by the community.
- Vulnerabilities can be reported privately via GitHub vulnerability reporting.
- All changes are scanned with Snyk prior to publication.
- Releases are published to npm using GitHub Actions Trusted Publishing (OIDC).
- Tags (
v*) trigger automatednpm publish, providing a full audit trail.
This tool collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include:
| Package | License | Purpose |
|---|---|---|
fast-xml-parser |
MIT | Validate XML, Parse XML and Build XML rapidly. |
| Package | License | Purpose |
|---|---|---|
@oclif/core |
MIT | CLI framework core utilities |
@salesforce/core |
BSD-3-Clause | Salesforce core library for CLI plugins |
@salesforce/sf-plugins-core |
BSD-3-Clause | Base library for Salesforce CLI plugins |
chalk |
MIT | Terminal string styling (colors) |
cosmiconfig |
MIT | Config file loader for JavaScript/Node |
glob |
MIT | File pattern matching |
lightning-flow-scanner-core |
MIT | Salesforce Flow scanning utilities |