- Code is open-source and peer-reviewed by the community.
- Vulnerabilities can be reported privately via GitHub security features.
- Changes to the repository are scanned and reviewed before merging.
If you discover a security vulnerability, please report it using GitHub vulnerability reporting.
This tool collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
Note: You may manually save scan results (e.g., reports, CSV, JSON) to your local filesystem. These files are created at your request and remain under your full control. This tool does not access, upload, or retain them.
We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include:
| Package | License | Purpose |
|---|---|---|
@oclif/core | MIT | CLI framework core utilities |
@salesforce/core | BSD-3-Clause | Salesforce core library for CLI plugins |
@salesforce/sf-plugins-core | BSD-3-Clause | Base library for Salesforce CLI plugins |
chalk | MIT | Terminal string styling (colors) |
cosmiconfig | MIT | Config file loader for JavaScript/Node |
glob | MIT | File pattern matching |
lightning-flow-scanner-core | MIT | Salesforce Flow scanning utilities |