02 Nov 18:39

Runtime Beta Mode (`--betamode` / `-z`)

Introduces --betamode (-z) – a runtime flag to enable experimental beta rules during scan.
Default: Disabled (opt-out) – ensures stable, production-safe scans.
CLI override: --betamode forces beta rules even if config says false.
Config support: betamode: true in .flow-scanner.yml enables by default.
Precedence: CLI flag > config file > default (false)
Fully backward compatible – configs without betamode default to false.
No code changes needed – core scanner automatically includes getBetaRules() when enabled.

Assets 2

30 Oct 17:28

RubenHalman

v6.0.0

1b468c4

Compliance Hardened

--targetusername / -u flag removed
The ability to retrieve latest Flows from an org via sf project retrieve start (using child_process.exec()) has been fully eliminated.
Zero persistent data
All operations now run 100% within the Node.js runtime. Metadata (e.g., timestamps) is held in-memory only and discarded immediately on exit.

This change ensures full compliance with our new Project's Security Policy, making the CLI plugin more optimal for air-gapped, CI/CD, and enterprise environments.

For users:
Scan local metadata only. Use sf project retrieve manually if needed, then run the scanner on your local force-app/ directory.

→ See: SECURITY.md

Assets 2

07 Oct 19:40

RubenHalman

v5.7.0

6ad357f

The MissingFaultPath rule now correctly ignores "Wait for Amount of Time" and "Wait Until Date" nodes

Upgraded to lightning-flow-scanner-core v5.9.0. This release fixes the MissingFaultPath rule to correctly ignore "Wait for Amount of Time" and "Wait Until Date" nodes, checking fault paths only for relevant nodes like "Wait for Conditions". Resolves Issue #272 (contributed by @chazwatkins). See v5.9.0 release notes for full details.

Contributors

chazwatkins

Assets 2

04 Sep 19:03

RubenHalman

v5.2.0

f4985a7

Security Patch

🚨 v5.6 – Security Patch

🔒 Security Fixes

Enforced Security Guards
- eval and Function constructors are restricted.
- Dynamic import() from remote URLs are blocked.
Removed loading of custom rules entirely in the core module.