npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

dx-cop

v0.0.12

Published

Static analysis for your Salesforce git repository

Downloads

275

Readme

DX Cop

Static analysis for your Saleforce git repository

sfdx-cli plugin that runs over a Salesforce git repository and scans for metadata problems. Inspired by tools like RuboCop and ESLint. Unlike many CLI plugins, this tool does not connect to any Salesforce orgs; it simply examines the metadata XML.

Features are drawn largely from experience in working with Salesforce projects. To the best of my knowledge there is no "style guide" for Salesforce metadata; instead this is based on common pitfalls and traps from actual projects. For example: you remove a picklist value, but forget to update your record types. The picklist will likely deploy successfully, but the record types will fail when you try to deploy them in the future. This plugin will help you find such problems.

Integrate into your Salesforce CI jobs to keep your repo clean and find deployment problems before they happen!

Prerequisites

Requires the Salesforce command line tool:

npm install --global sfdx-cli

Installation

sfdx plugins:install dx-cop

Usage

To run, clone and cd into your Salesforce git repo, then

sfdx dxcop:source:check

or to format output as JSON:

sfdx dxcop:source:check --json

There are no other parameters, other than the standard sfdx-cli ones (run with --help to view these).

Returns exit code 1 if any metadata problems are found, for easy integration into CI jobs.

Configuration

An optional .dxcoprc configuration file, in JSON format, can be used to enable/disable individual rulesets. Create this file in the base folder of your Salesforce project, with the following format:

{
    "ruleSets": {
        "adminProfile": { "enabled": false },
        "emailToCaseSettings": { "enabled": true },
        "installedPackages": { "enabled": true },
        "lightningWebComponents": { "enabled": true },
        "minimumAccessProfile": { "enabled": false, "profileName": "Minimum Access - Salesforce" },
        "queues": { "enabled": false },
        "recordTypePicklists": { "enabled": true },
        "recordTypePicklistValues": { "enabled": true }
    }
}

Default configuration

If the config file doesn't exist, the settings in the example above are used. The config file may also be incomplete; if any parts of it are missing, the default values are substituted in.

Rulesets

A ruleset is a collection of closely-related rules that are run together. There are currently a small number of rulesets, but the list is growing.

Admin profile

All objects and fields should be fully accessible to the System Administrator profile, e.g. for debugging & troubleshooting purposes. This ruleset ensures that:

  • there is an <objectPermissions> entry in the Admin profile for every object
    • includes standard objects, custom objects, custom metadata types and external objects
  • there is a <fieldPermissions> entry in the Admin profile for every custom field
    • note: this rule currently does not check standard fields
  • every <objectPermissions> entry and every <fieldPermissions> entry has all permissions set to true
  • <objectPermissions> are sorted alphabetically by object name
  • <fieldPermissions> are sorted alphbetically by field name

Email-to-Case settings

Ensures you don't have the <emailServicesAddress> and <isVerified> fields stored in version control. These are specific to each environment and usually cause validation failures if you try to change them in a deployment, so it's best not to store them at all.

Also ensures that <routingAddresses> are ordered by <routingName>.

Installed Packages

A common problem when retrieving Installed Packages is that they contain <activateRSS xsi:nil="true"/>, which fails to deploy since <activateRSS> is a required field. It must be explicity set e.g. to <activateRSS>false</activateRSS>. This ruleset will report the problem early, to avoid failed deployments.

Lightning web components

Checks *.js-meta.xml files for extra whitespace at the ends of lines. This can cause unexpected behaviour when you retrieve the same component after deployment; extra lines of whitespace can be inserted resulting in unexpected file differences.

Minimum Access profile

The Minimum Access profile should not have access (read, edit, delete, etc) to any objects or fields. Access should be controlled via permission sets instead. This ruleset will raise a warning if any <fieldPermissions> or <objectPermissions> elements in the Minimum Access profile are true.

By default the "Minimum Access - Salesforce" profile will be examined. This can be changed in the config file.

Record types: picklist names

When you add a new picklist field to an object, Salesforce automatically adds a reference to that picklist to the metadata for every record type. This check ensures you remember to add the record type changes to git as well.

Record types: picklist values

Examines record types & checks for picklist values that don't exist (or are inactive) in the corresponding picklist field definitions.

Queues

Examines queues & raises warnings if any contain users as direct members. This can lead to deployment failures if users don't exist in target environments. Preferred approach is to use public groups or roles for queue membership.

Problem categories

Errors

Metadata Errors are conditions that would in all likelihood prevent a component from being deployed, due to a Salesforce validation error. This tool does not aim to find all validation errors; rather it focuses on the ones that can be easily missed, only to surface later. e.g. when a record type references a picklist value that no longer exists.

Warnings

Metadata Warnings are conditions that usually don't result in a validation/deployment errors, but could still cause problems later. Often the result of a new component causing changes to other components, but only the first component is committed to git. The potential 'later' problems could include:

  • merge conflicts
  • config intended by the developer is missed
  • unexpected differences when retrieving components from an org

Limitations

Project structure

The most notable limitation is that currently, multiple packages are not supported. Only the default package according to your sfdx-project.json is examined.

Picklists

Picklists based on standard value sets or global value sets are currently ignored.

Objects & fields

The PersonAccount object is currently ignored. It will required some specialised rules, which haven't been built yet.

The Opportunity.ForecastCategoryName field is also ignored, for similar reasons.

Change log

A full history of changes can be viewed in the change log.