- Code is open-source and peer-reviewed by the community.
- Vulnerabilities can be reported privately via GitHub security features.
- Changes to the repository are scanned and reviewed before merging.
If you discover a security vulnerability, please report it using GitHub vulnerability reporting.
This project collects zero user data. No credentials, PII, payment info, or health data is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to any external services.
We actively track and maintain an up-to-date inventory of all third-party dependencies to ensure security and compatibility. Our dependencies include:
| Package | License | Purpose |
|---|---|---|
@oclif/core |
MIT | CLI framework core utilities |
@salesforce/core |
BSD-3-Clause | Salesforce core library for CLI plugins |
@salesforce/sf-plugins-core |
BSD-3-Clause | Base library for Salesforce CLI plugins |
chalk |
MIT | Terminal string styling (colors) |
cosmiconfig |
MIT | Config file loader for JavaScript/Node |
fs-extra |
MIT | Extended filesystem utilities |
glob |
MIT | File pattern matching |
lightning-flow-scanner-core |
MIT | Salesforce Flow scanning utilities |