Compliance Hardened
-
--targetusername/-uflag removed
The ability to retrieve latest Flows from an org viasf project retrieve start(usingchild_process.exec()) has been fully eliminated. -
Zero persistent data
All operations now run 100% within the Node.js runtime. Metadata (e.g., timestamps) is held in-memory only and discarded immediately on exit.
This change ensures full compliance with our new Project's Security Policy, making the CLI plugin more optimal for air-gapped, CI/CD, and enterprise environments.
For users:
Scan local metadata only. Use sf project retrieve manually if needed, then run the scanner on your local force-app/ directory.
→ See: SECURITY.md