Lightning Flow Scanner VSX

Detect unsafe contexts, queries in loops, hardcoded IDs, and more to optimize Salesforce Flows

Flow Overview

Usage
Configuration
- Scanner Options
- Extension Settings
Installation
Development

Usage

Lightning Flow Scanner CLI is plug-and-play. Open any project with flows and use our side bar or the Command Palette and type flowscanner to see the list of all available commands.

Configure Flow Scanner - Set up rules in .flow-scanner.yml (see scanner documentation)
Scan Flows - Analyze a directory or selected flow files
Fix Flows - Automatically apply available fixes
Flow Scanner Documentation - Open the rules reference guide

Privacy: Zero user data collected. All processing is client-side. → See Data Handling in our Security Policy.

Configuration

It is recommended to set up a .flow-scanner.yml and define:

The rules to be executed.
The severity of violating any specific rule.
Rule properties such as REGEX expressions.
Any known exceptions that should be ignored during scanning.

Scanner Options

{
  "rules": {
    // Your rules here
  },
  "exceptions": {
    // Your exceptions here
  },
  "betamode": false // Enable beta rules
}

Using the rules section of your configurations, you can specify the list of rules to be run. Furthermore, you can define the severity and configure expressions of rules. Below is a breakdown of the available attributes of rule configuration:

{
  "rules": {
    "<RuleName>": {
      "severity": "<Severity>",
      "expression": "<Expression>"
    }
  }
}

Note: if you prefer JSON format, you can create a .flow-scanner.json file using the same format. For a more on configurations, review the scanner documentation.

Extension Settings

Extension Settings	Description	Default Value
`flowscanner.SpecifyFiles`	Set to true to select .Flow file paths instead of a root directory.	`false`

Installation

lightning-flow-scanner-vsx is available on:

Visual Studio Marketplace	Open VSX Registry

To install via CLI (VS Code)

code --install-extension ForceConfigControl.lightning-flow-scanner-vsx

Development

This project optionally uses Volta to manage Node.js versions. Install Volta with:
curl https://get.volta.sh | bash
Volta will automatically use the Node.js version defined in package.json.

Clone the repository

  git clone https://github.com/Flow-Scanner/lightning-flow-scanner-vsx.git

Install Dependencies

  npm install

Build the Project

  npm run build

Watch for Changes

  npm run watch

Run End-to-End Tests

  npm run test

Linking Core Module (Optional)

If you’re developing or testing updates to the core module, you can link it locally:

In the core module directory, run:
```
npm run link
```

In this CLI project directory, run:

npm link @flow-scanner/lightning-flow-scanner-core

VSCE to VSX

The lightning-flow-scanner-vsce package was unpublished from the Visual Studio and Open VSX Marketplaces due to a vulnerability stemming from unsafe rule loading. The issue was addressed in core v5. This fork, created on 22/09/2025, emphasizes security and maintainability.

Want to help improve Lightning Flow Scanner? See our Contributing Guidelines

Flow Scanner

Table of contents