code-analyzer-apex
Salesforce Code Analyzer (SFDX Scanner) is the official Salesforce CLI plugin for scanning Apex code, triggers, and other Salesforce components to identify potential issues, security vulnerabilities, and code quality problems. It uses industry-standard tools like PMD and ESLint to provide comprehensive analysis of Salesforce development artifacts.
Key Features:
- Multi-Engine Analysis: Combines PMD for Apex analysis with ESLint for JavaScript/Lightning Web Components
- Security Focus: Identifies security vulnerabilities and potential attack vectors in Salesforce code
- Performance Optimization: Detects performance anti-patterns and inefficient code constructs
- Code Quality Rules: Comprehensive rule sets covering best practices, naming conventions, and maintainability
- Configurable Severity: Customizable severity thresholds and rule categories for different project needs
- Multiple Output Formats: Supports CSV, JSON, SARIF, and other formats for integration with development tools
- Lightning Platform Specific: Rules tailored for Salesforce platform constraints and governor limits
- Custom Rule Sets: Support for custom PMD rule sets and organization-specific coding standards
If your root folder is not force-app, please set variable SALESFORCE_SFDX_SCANNER_DIRECTORY
You can select categories and single rules by defining custom arguments (example: SALESFORCE_SFDX_SCANNER_ARGUMENTS: -c "Best Practices,Security")
See more details in Help
Workaround: Restricted to PMD
code-analyzer-apex documentation
- Version in MegaLinter: 5.10.0
- Visit Official Web Site
- See How to configure code-analyzer-apex rules
- If custom
code-analyzer.ymlconfig file isn't found, code-analyzer.yml will be used
- If custom
- See How to disable code-analyzer-apex rules in files
- See Index of problems detected by code-analyzer-apex
Configuration in MegaLinter
- Enable code-analyzer-apex by adding
SALESFORCE_CODE_ANALYZER_APEXin ENABLE_LINTERS variable - Disable code-analyzer-apex by adding
SALESFORCE_CODE_ANALYZER_APEXin DISABLE_LINTERS variable
| Variable | Description | Default value |
|---|---|---|
| SALESFORCE_CODE_ANALYZER_APEX_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
| SALESFORCE_CODE_ANALYZER_APEX_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
| SALESFORCE_CODE_ANALYZER_APEX_CLI_LINT_MODE | Override default CLI lint mode ⚠️ As default value is project, overriding might not work - file: Calls the linter for each file- list_of_files: Call the linter with the list of files as argument- project: Call the linter from the root of the project |
project |
| SALESFORCE_CODE_ANALYZER_APEX_PRE_COMMANDS | List of bash commands to run before the linter | None |
| SALESFORCE_CODE_ANALYZER_APEX_POST_COMMANDS | List of bash commands to run after the linter | None |
| SALESFORCE_CODE_ANALYZER_APEX_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling SALESFORCE_CODE_ANALYZER_APEX and its pre/post commands | None |
| SALESFORCE_CODE_ANALYZER_APEX_CONFIG_FILE | code-analyzer-apex configuration file name Use LINTER_DEFAULT to let the linter find it |
code-analyzer.yml |
| SALESFORCE_CODE_ANALYZER_APEX_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
| SALESFORCE_CODE_ANALYZER_APEX_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
| SALESFORCE_CODE_ANALYZER_APEX_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
| SALESFORCE_CODE_ANALYZER_APEX_CLI_EXECUTABLE | Override CLI executable | ['sf'] |
| SALESFORCE_DIRECTORY | Directory containing SALESFORCE files (use any to always activate the linter) |
force-app |
IDE Integration
Use code-analyzer-apex in your favorite IDE to catch errors before MegaLinter !
| IDE | Extension Name | Install | |
|---|---|---|---|
| Eclipse | pmd-eclipse-plugin | Visit Web Site | |
| Emacs | pmd-emacs | Visit Web Site | |
| IDEA | PMD IntelliJ | ||
| Visual Studio Code | Salesforce Extension Pack |  |
MegaLinter Flavors
This linter is available in the following flavors
| Flavor | Description | Embedded linters | Info | |
|---|---|---|---|---|
 |
all | Default MegaLinter Flavor | 134 |   |
| salesforce | Optimized for Salesforce based projects | 58 |   |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
force-appis found. (directory name can be overridden withSALESFORCE_DIRECTORY) - If this linter is active, all files will always be linted
How the linting is performed
code-analyzer-apex is called once on the whole project directory (project CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using code-analyzer-apex configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: falsedoesn't make code-analyzer-apex analyze only updated files
Example calls
sf code-analyzer run --rule-selector pmd:Recommended --workspace . --output-file results.csv
Help content
› Warning: @salesforce/cli update available from 2.124.6 to 2.124.7.
Analyze your code with a selection of rules to ensure good coding practices.
USAGE
$ sf code-analyzer run [--flags-dir <value>] [-w <value>...] [-t <value>...]
[-r <value>...] [-s <value>] [-v detail|table] [-f <value>...] [-c <value>]
FLAGS
-c, --config-file=<value> Path to the configuration file used to
customize the engines and rules.
-f, --output-file=<value>... Name of the file where the analysis results
are written. The file format depends on the
extension you specify, such as .csv, .html,
.xml, and so on.
-r, --rule-selector=<value>... [default: Recommended] Selection of rules,
based on engine name, severity level, rule
name, tag, or a combination of criteria
separated by colons.
-s, --severity-threshold=<value> Severity level of a found violation that
must be met or exceeded to cause this
command to fail with a non-zero exit code.
-t, --target=<value>... Subset of files within your workspace to be
targeted for analysis.
-v, --view=<option> Format to display the command results in the
terminal.
<options: detail|table>
-w, --workspace=<value>... [default: .] Set of files that make up your
workspace.
GLOBAL FLAGS
--flags-dir=<value> Import flag values from a directory.
› Warning: @salesforce/cli update available from 2.124.6 to 2.124.7.
Streaming logs in real time to:
/tmp/sfca-2026_02_28_01_45_04_551.log
Selecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 0%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 14%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 28%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 30%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 31%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 32%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 33%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 34%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 35%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 36%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 37%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 38%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 39%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 40%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 41%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 42%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 53%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 57%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 62%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 72%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 74%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 75%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 75%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 84%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 85%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 87%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 96%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 98%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 99%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 100%; Elapsed time: 1sSelecting rules... done.
# Name Engine Severity Tag
────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 LibraryWithKnownCriticalSeverityVulnerability retire-js 1 (Critical) Recommended, Security, JavaScript
2 LibraryWithKnownHighSeverityVulnerability retire-js 2 (High) Recommended, Security, JavaScript
3 LibraryWithKnownMediumSeverityVulnerability retire-js 3 (Moderate) Recommended, Security, JavaScript
4 LibraryWithKnownLowSeverityVulnerability retire-js 4 (Low) Recommended, Security, JavaScript
5 NoTrailingWhitespace regex 5 (Info) Recommended, CodeStyle, Apex
6 AvoidTermsWithImplicitBias regex 5 (Info) Recommended, BestPractices
7 AvoidOldSalesforceApiVersions regex 2 (High) Recommended, Security, XML
8 AvoidGetHeapSizeInLoop regex 2 (High) Recommended, Performance, Apex
9 MinVersionForAbstractVirtualClassesWithPrivateMethod regex 2 (High) Recommended, BestPractices, Apex
10 @lwc/lwc-platform/no-aura eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
11 @lwc/lwc-platform/no-aura-libs eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
12 @lwc/lwc-platform/no-community-import eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
13 @lwc/lwc-platform/no-create-context-provider eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
14 @lwc/lwc-platform/no-deprecated-module-import eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
15 @lwc/lwc-platform/no-dynamic-import-identifier eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
16 @lwc/lwc-platform/no-inline-disable eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
17 @lwc/lwc-platform/no-interop eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
18 @lwc/lwc-platform/no-interop-create eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
19 @lwc/lwc-platform/no-interop-dispatch eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
20 @lwc/lwc-platform/no-interop-execute eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
21 @lwc/lwc-platform/no-interop-execute-controller-with-client-def eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
22 @lwc/lwc-platform/no-interop-execute-privileged eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
23 @lwc/lwc-platform/no-interop-execute-raw-response eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
24 @lwc/lwc-platform/no-interop-execute-with-callback eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
25 @lwc/lwc-platform/no-interop-get-event eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
26 @lwc/lwc-platform/no-interop-get-module eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
27 @lwc/lwc-platform/no-interop-is-external-definition eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
28 @lwc/lwc-platform/no-interop-load-definitions eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
29 @lwc/lwc-platform/no-interop-module-instrumentation eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
30 @lwc/lwc-platform/no-interop-module-storage eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
31 @lwc/lwc-platform/no-interop-register eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
32 @lwc/lwc-platform/no-interop-render eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
33 @lwc/lwc-platform/no-interop-sanitize eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
34 @lwc/lwc-platform/no-lds-aura-controller-method eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
35 @lwc/lwc-platform/no-process-env eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
36 @lwc/lwc-platform/no-restricted-namespaces eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
37 @lwc/lwc-platform/no-site-import eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
38 @lwc/lwc-platform/no-wire-service eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
39 @lwc/lwc-platform/valid-dynamic-import-hint eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
40 @lwc/lwc/newer-version-available eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
41 @lwc/lwc/no-api-reassignments eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
42 @lwc/lwc/no-async-operation eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
43 @lwc/lwc/no-attributes-during-construction eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
44 @lwc/lwc/no-deprecated eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
45 @lwc/lwc/no-disallowed-lwc-imports eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
46 @lwc/lwc/no-document-query eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
47 @lwc/lwc/no-inner-html eslint 2 (High) Recommended, LWC, Security, JavaScript
48 @lwc/lwc/no-leading-uppercase-api-name eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
49 @lwc/lwc/no-template-children eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
50 @lwc/lwc/no-unexpected-wire-adapter-usages eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
51 @lwc/lwc/no-unknown-wire-adapters eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
52 @lwc/lwc/prefer-custom-event eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
53 @lwc/lwc/valid-api eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
54 @lwc/lwc/valid-graphql-wire-adapter-callback-parameters eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
55 @lwc/lwc/valid-track eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
56 @lwc/lwc/valid-wire eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
57 @salesforce-ux/slds/enforce-bem-usage eslint 4 (Low) Recommended, SLDS, BestPractices, HTML
58 @salesforce-ux/slds/enforce-component-hook-naming-convention eslint 4 (Low) Recommended, SLDS, CodeStyle, CSS
59 @salesforce-ux/slds/enforce-sds-to-slds-hooks eslint 4 (Low) Recommended, SLDS, Design, CSS
60 @salesforce-ux/slds/lwc-token-to-slds-hook eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
61 @salesforce-ux/slds/modal-close-button-issue eslint 3 (Moderate) Recommended, SLDS, ErrorProne, HTML
62 @salesforce-ux/slds/no-deprecated-classes-slds2 eslint 3 (Moderate) Recommended, SLDS, ErrorProne, HTML
63 @salesforce-ux/slds/no-deprecated-slds-classes eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
64 @salesforce-ux/slds/no-hardcoded-values-slds2 eslint 4 (Low) Recommended, SLDS, Design, CSS
65 @salesforce-ux/slds/no-slds-class-overrides eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
66 @salesforce-ux/slds/no-slds-namespace-for-custom-hooks eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
67 @salesforce-ux/slds/no-slds-private-var eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
68 @salesforce-ux/slds/no-slds-var-without-fallback eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
69 @salesforce-ux/slds/no-sldshook-fallback-for-lwctoken eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
70 @salesforce-ux/slds/no-unsupported-hooks-slds2 eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
71 @salesforce-ux/slds/reduce-annotations eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
72 @salesforce/lightning/valid-apex-method-invocation eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
73 @typescript-eslint/ban-ts-comment eslint 2 (High) Recommended, ErrorProne, TypeScript
74 @typescript-eslint/no-array-constructor eslint 3 (Moderate) Recommended, BestPractices, TypeScript
75 @typescript-eslint/no-duplicate-enum-values eslint 2 (High) Recommended, ErrorProne, TypeScript
76 @typescript-eslint/no-empty-object-type eslint 3 (Moderate) Recommended, BestPractices, TypeScript
77 @typescript-eslint/no-explicit-any eslint 3 (Moderate) Recommended, BestPractices, TypeScript
78 @typescript-eslint/no-extra-non-null-assertion eslint 2 (High) Recommended, ErrorProne, TypeScript
79 @typescript-eslint/no-misused-new eslint 2 (High) Recommended, ErrorProne, TypeScript
80 @typescript-eslint/no-namespace eslint 3 (Moderate) Recommended, BestPractices, TypeScript
81 @typescript-eslint/no-non-null-asserted-optional-chain eslint 2 (High) Recommended, ErrorProne, TypeScript
82 @typescript-eslint/no-require-imports eslint 2 (High) Recommended, ErrorProne, TypeScript
83 @typescript-eslint/no-this-alias eslint 3 (Moderate) Recommended, BestPractices, TypeScript
84 @typescript-eslint/no-unnecessary-type-constraint eslint 3 (Moderate) Recommended, BestPractices, TypeScript
85 @typescript-eslint/no-unsafe-declaration-merging eslint 2 (High) Recommended, ErrorProne, TypeScript
86 @typescript-eslint/no-unsafe-function-type eslint 2 (High) Recommended, ErrorProne, TypeScript
87 @typescript-eslint/no-unused-expressions eslint 3 (Moderate) Recommended, BestPractices, TypeScript
88 @typescript-eslint/no-unused-vars eslint 2 (High) Recommended, ErrorProne, TypeScript
89 @typescript-eslint/no-wrapper-object-types eslint 2 (High) Recommended, ErrorProne, TypeScript
90 @typescript-eslint/prefer-as-const eslint 3 (Moderate) Recommended, BestPractices, TypeScript
91 @typescript-eslint/prefer-namespace-keyword eslint 3 (Moderate) Recommended, BestPractices, TypeScript
92 @typescript-eslint/triple-slash-reference eslint 3 (Moderate) Recommended, BestPractices, TypeScript
93 constructor-super eslint 2 (High) Recommended, ErrorProne, JavaScript
94 for-direction eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
95 getter-return eslint 2 (High) Recommended, ErrorProne, JavaScript
96 import/default eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
97 import/export eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
98 import/named eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
99 import/namespace eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
100 jest/expect-expect eslint 5 (Info) Recommended, LWC, BestPractices, JavaScript
101 jest/no-alias-methods eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
102 jest/no-commented-out-tests eslint 5 (Info) Recommended, LWC, BestPractices, JavaScript
103 jest/no-conditional-expect eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
104 jest/no-disabled-tests eslint 5 (Info) Recommended, LWC, BestPractices, JavaScript
105 jest/no-done-callback eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
106 jest/no-export eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
107 jest/no-focused-tests eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
108 jest/no-identical-title eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
109 jest/no-interpolation-in-snapshots eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
110 jest/no-jasmine-globals eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
111 jest/no-mocks-import eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
112 jest/no-standalone-expect eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
113 jest/no-test-prefixes eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
114 jest/valid-describe-callback eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
115 jest/valid-expect eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
116 jest/valid-expect-in-promise eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
117 jest/valid-title eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
118 jsx-a11y/alt-text eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
119 jsx-a11y/anchor-has-content eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
120 jsx-a11y/anchor-is-valid eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
121 jsx-a11y/aria-activedescendant-has-tabindex eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
122 jsx-a11y/aria-props eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
123 jsx-a11y/aria-proptypes eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
124 jsx-a11y/aria-role eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
125 jsx-a11y/aria-unsupported-elements eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
126 jsx-a11y/autocomplete-valid eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
127 jsx-a11y/click-events-have-key-events eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
128 jsx-a11y/heading-has-content eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
129 jsx-a11y/html-has-lang eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
130 jsx-a11y/iframe-has-title eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
131 jsx-a11y/img-redundant-alt eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
132 jsx-a11y/interactive-supports-focus eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
133 jsx-a11y/label-has-associated-control eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
134 jsx-a11y/media-has-caption eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
135 jsx-a11y/mouse-events-have-key-events eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
136 jsx-a11y/no-access-key eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
137 jsx-a11y/no-autofocus eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
138 jsx-a11y/no-distracting-elements eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
139 jsx-a11y/no-interactive-element-to-noninteractive-role eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
140 jsx-a11y/no-noninteractive-element-interactions eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
141 jsx-a11y/no-noninteractive-element-to-interactive-role eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
142 jsx-a11y/no-noninteractive-tabindex eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
143 jsx-a11y/no-redundant-roles eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
144 jsx-a11y/no-static-element-interactions eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
145 jsx-a11y/role-has-required-aria-props eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
146 jsx-a11y/role-supports-aria-props eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
147 jsx-a11y/scope eslint 3 (Moderate) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
148 jsx-a11y/tabindex-no-positive eslint 2 (High) Recommended, A11y, React, BestPractices, JavaScript, TypeScript
149 no-async-promise-executor eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
150 no-case-declarations eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
151 no-class-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
152 no-compare-neg-zero eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
153 no-cond-assign eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
154 no-const-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
155 no-constant-condition eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
156 no-control-regex eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
157 no-debugger eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
158 no-delete-var eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
159 no-dupe-args eslint 2 (High) Recommended, ErrorProne, JavaScript
160 no-dupe-class-members eslint 2 (High) Recommended, ErrorProne, JavaScript
161 no-dupe-else-if eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
162 no-dupe-keys eslint 2 (High) Recommended, ErrorProne, JavaScript
163 no-duplicate-case eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
164 no-empty eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
165 no-empty-character-class eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
166 no-empty-pattern eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
167 no-ex-assign eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
168 no-extra-boolean-cast eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
169 no-fallthrough eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
170 no-func-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
171 no-global-assign eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
172 no-import-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
173 no-inner-declarations eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
174 no-invalid-regexp eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
175 no-irregular-whitespace eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
176 no-loss-of-precision eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
177 no-misleading-character-class eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
178 no-nonoctal-decimal-escape eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
179 no-obj-calls eslint 2 (High) Recommended, ErrorProne, JavaScript
180 no-octal eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
181 no-prototype-builtins eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
182 no-redeclare eslint 3 (Moderate) Recommended, BestPractices, JavaScript
183 no-regex-spaces eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
184 no-self-assign eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
185 no-setter-return eslint 2 (High) Recommended, ErrorProne, JavaScript
186 no-shadow-restricted-names eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
187 no-sparse-arrays eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
188 no-this-before-super eslint 2 (High) Recommended, ErrorProne, JavaScript
189 no-undef eslint 2 (High) Recommended, ErrorProne, JavaScript
190 no-unexpected-multiline eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
191 no-unreachable eslint 2 (High) Recommended, ErrorProne, JavaScript
192 no-unsafe-finally eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
193 no-unsafe-negation eslint 2 (High) Recommended, ErrorProne, JavaScript
194 no-unsafe-optional-chaining eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
195 no-unused-labels eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
196 no-unused-vars eslint 2 (High) Recommended, ErrorProne, JavaScript
197 no-useless-backreference eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
198 no-useless-catch eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
199 no-useless-escape eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
200 no-var eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
201 no-with eslint 3 (Moderate) Recommended, BestPractices, JavaScript
202 prefer-const eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
203 prefer-rest-params eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
204 prefer-spread eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
205 react-hooks/exhaustive-deps eslint 3 (Moderate) Recommended, React, Design, JavaScript, TypeScript
206 react-hooks/rules-of-hooks eslint 2 (High) Recommended, React, Design, JavaScript, TypeScript
207 react/display-name eslint 3 (Moderate) Recommended, React, BestPractices, JavaScript, TypeScript
208 react/jsx-key eslint 3 (Moderate) Recommended, React, BestPractices, JavaScript, TypeScript
209 react/jsx-no-comment-textnodes eslint 3 (Moderate) Recommended, React, ErrorProne, JavaScript, TypeScript
210 react/jsx-no-duplicate-props eslint 2 (High) Recommended, React, ErrorProne, JavaScript, TypeScript
211 react/jsx-no-target-blank eslint 2 (High) Recommended, React, Security, JavaScript, TypeScript
212 react/jsx-no-undef eslint 3 (Moderate) Recommended, React, ErrorProne, JavaScript, TypeScript
213 react/jsx-uses-vars eslint 4 (Low) Recommended, React, BestPractices, JavaScript, TypeScript
214 react/no-children-prop eslint 3 (Moderate) Recommended, React, BestPractices, JavaScript, TypeScript
215 react/no-danger-with-children eslint 2 (High) Recommended, React, Security, JavaScript, TypeScript
216 react/no-deprecated eslint 4 (Low) Recommended, React, Design, JavaScript, TypeScript
217 react/no-direct-mutation-state eslint 2 (High) Recommended, React, ErrorProne, JavaScript, TypeScript
218 react/no-find-dom-node eslint 2 (High) Recommended, React, BestPractices, JavaScript, TypeScript
219 react/no-is-mounted eslint 2 (High) Recommended, React, BestPractices, JavaScript, TypeScript
220 react/no-render-return-value eslint 3 (Moderate) Recommended, React, BestPractices, JavaScript, TypeScript
221 react/no-string-refs eslint 4 (Low) Recommended, React, BestPractices, JavaScript, TypeScript
222 react/no-unescaped-entities eslint 3 (Moderate) Recommended, React, ErrorProne, JavaScript, TypeScript
223 react/no-unknown-property eslint 3 (Moderate) Recommended, React, ErrorProne, JavaScript, TypeScript
224 react/prop-types eslint 3 (Moderate) Recommended, React, BestPractices, JavaScript, TypeScript
225 react/require-render-return eslint 2 (High) Recommended, React, ErrorProne, JavaScript, TypeScript
226 require-yield eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
227 use-isnan eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
228 valid-typeof eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
229 CyclicSubflow flow 1 (Critical) Recommended, Performance, XML
230 DbInLoop flow 2 (High) Recommended, Performance, XML
231 DefaultCopy flow 3 (Moderate) Recommended, CodeStyle, XML
232 HardcodedId flow 3 (Moderate) Recommended, BestPractices, XML
233 MissingNextValueConnector flow 1 (Critical) Recommended, BestPractices, XML
234 PreventPassingUserDataIntoElementWithoutSharing flow 2 (High) Recommended, Security, XML
235 PreventPassingUserDataIntoElementWithSharing flow 4 (Low) Recommended, Security, XML
236 SameRecordUpdate flow 3 (Moderate) Recommended, Security, XML
237 TriggerCallout flow 2 (High) Recommended, Performance, XML
238 TriggerEntryCriteria flow 2 (High) Recommended, Performance, XML
239 TriggerWaitEvent flow 2 (High) Recommended, Performance, XML
240 AnnotationsNamingConventions pmd 4 (Low) Recommended, CodeStyle, Apex
241 ApexBadCrypto pmd 2 (High) Recommended, Security, Apex
242 ApexCRUDViolation pmd 2 (High) Recommended, Security, Apex
243 ApexCSRF pmd 1 (Critical) Recommended, Security, Apex
244 ApexDangerousMethods pmd 3 (Moderate) Recommended, Security, Apex
245 ApexDoc pmd 4 (Low) Recommended, Documentation, Apex
246 ApexInsecureEndpoint pmd 2 (High) Recommended, Security, Apex
247 ApexOpenRedirect pmd 2 (High) Recommended, Security, Apex
248 ApexSharingViolations pmd 3 (Moderate) Recommended, Security, Apex
249 ApexSOQLInjection pmd 2 (High) Recommended, Security, Apex
250 ApexSuggestUsingNamedCred pmd 2 (High) Recommended, Security, Apex
251 ApexUnitTestClassShouldHaveAsserts pmd 3 (Moderate) Recommended, BestPractices, Apex
252 ApexUnitTestClassShouldHaveRunAs pmd 4 (Low) Recommended, BestPractices, Apex
253 ApexUnitTestMethodShouldHaveIsTestAnnotation pmd 2 (High) Recommended, BestPractices, Apex
254 ApexUnitTestShouldNotUseSeeAllDataTrue pmd 2 (High) Recommended, BestPractices, Apex
255 ApexXSSFromEscapeFalse pmd 2 (High) Recommended, Security, Apex
256 ApexXSSFromURLParam pmd 2 (High) Recommended, Security, Apex
257 AvoidBooleanMethodParameters pmd 3 (Moderate) Recommended, Design, Apex
258 AvoidDebugStatements pmd 4 (Low) Recommended, Performance, Apex
259 AvoidDeeplyNestedIfStmts pmd 3 (Moderate) Recommended, Design, Apex
260 AvoidDirectAccessTriggerMap pmd 3 (Moderate) Recommended, ErrorProne, Apex
261 AvoidFutureAnnotation pmd 4 (Low) Recommended, BestPractices, Apex
262 AvoidGlobalModifier pmd 3 (Moderate) Recommended, BestPractices, Apex
263 AvoidHardcodingId pmd 3 (Moderate) Recommended, ErrorProne, Apex
264 AvoidLogicInTrigger pmd 3 (Moderate) Recommended, BestPractices, Apex
265 AvoidNonExistentAnnotations pmd 4 (Low) Recommended, ErrorProne, Apex
266 AvoidNonRestrictiveQueries pmd 4 (Low) Recommended, Performance, Apex
267 AvoidStatefulDatabaseResult pmd 3 (Moderate) Recommended, ErrorProne, Apex
268 ClassNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
269 CognitiveComplexity pmd 3 (Moderate) Recommended, Design, Apex
270 CyclomaticComplexity pmd 3 (Moderate) Recommended, Design, Apex
271 DebugsShouldUseLoggingLevel pmd 4 (Low) Recommended, BestPractices, Apex
272 EagerlyLoadedDescribeSObjectResult pmd 2 (High) Recommended, Performance, Apex
273 EmptyCatchBlock pmd 2 (High) Recommended, ErrorProne, Apex
274 EmptyIfStmt pmd 3 (Moderate) Recommended, ErrorProne, Apex
275 EmptyStatementBlock pmd 3 (Moderate) Recommended, ErrorProne, Apex
276 EmptyTryOrFinallyBlock pmd 3 (Moderate) Recommended, ErrorProne, Apex
277 EmptyWhileStmt pmd 3 (Moderate) Recommended, ErrorProne, Apex
278 ExcessiveParameterList pmd 3 (Moderate) Recommended, Design, Apex
279 ExcessivePublicCount pmd 3 (Moderate) Recommended, Design, Apex
280 FieldDeclarationsShouldBeAtStart pmd 3 (Moderate) Recommended, CodeStyle, Apex
281 FieldNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
282 ForLoopsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
283 FormalParameterNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
284 IfElseStmtsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
285 IfStmtsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
286 InaccessibleAuraEnabledGetter pmd 3 (Moderate) Recommended, ErrorProne, Apex
287 LocalVariableNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
288 MethodNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
289 MethodWithSameNameAsEnclosingClass pmd 3 (Moderate) Recommended, ErrorProne, Apex
290 NcssCount pmd 3 (Moderate) Recommended, Apex, Custom
291 OneDeclarationPerLine pmd 3 (Moderate) Recommended, CodeStyle, Apex
292 OperationWithHighCostInLoop pmd 3 (Moderate) Recommended, Performance, Apex
293 OperationWithLimitsInLoop pmd 3 (Moderate) Recommended, Performance, Apex
294 OverrideBothEqualsAndHashcode pmd 2 (High) Recommended, ErrorProne, Apex
295 PropertyNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
296 QueueableWithoutFinalizer pmd 4 (Low) Recommended, BestPractices, Apex
297 TestMethodsMustBeInTestClasses pmd 3 (Moderate) Recommended, ErrorProne, Apex
298 TooManyFields pmd 3 (Moderate) Recommended, Design, Apex
299 TypeShadowsBuiltInNamespace pmd 2 (High) Recommended, ErrorProne, Apex
300 UnusedLocalVariable pmd 3 (Moderate) Recommended, BestPractices, Apex
301 UnusedMethod pmd 3 (Moderate) Recommended, Design, Apex
302 VfCsrf pmd 2 (High) Recommended, Security, Visualforce
303 VfHtmlStyleTagXss pmd 2 (High) Recommended, Security, Visualforce
304 VfUnescapeEl pmd 2 (High) Recommended, Security, Visualforce
305 WhileLoopsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
306 DetectCopyPasteForApex cpd 5 (Info) Recommended, Design, Apex
307 DetectCopyPasteForJavascript cpd 5 (Info) Recommended, Design, Javascript
308 DetectCopyPasteForTypescript cpd 5 (Info) Recommended, Design, Typescript
309 DetectCopyPasteForVisualforce cpd 5 (Info) Recommended, Design, Visualforce
=== Summary
Found 309 rule(s) from 6 engine(s):
4 retire-js rule(s) found.
5 regex rule(s) found.
219 eslint rule(s) found.
11 flow rule(s) found.
66 pmd rule(s) found.
4 cpd rule(s) found.
Additional log information written to:
/tmp/sfca-2026_02_28_01_45_04_551.log
Installation on mega-linter Docker image
- Dockerfile commands :
# Parent descriptor install
# renovate: datasource=npm depName=@salesforce/cli
ARG NPM_SALESFORCE_CLI_VERSION=2.124.6
# renovate: datasource=npm depName=@salesforce/plugin-packaging
ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.25.5
# renovate: datasource=npm depName=sfdx-hardis
ARG SFDX_HARDIS_VERSION=6.27.0
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
&& rm -rf /root/.npm/_cacache
ENV SF_AUTOUPDATE_DISABLE=true SF_CLI_DISABLE_AUTOUPDATE=true
# Linter install
# renovate: datasource=npm depName=@salesforce/plugin-code-analyzer
ARG SALESFORCE_CODE_ANALYZER_VERSION=5.10.0
RUN sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
&& (npm cache clean --force || true) \
&& rm -rf /root/.npm/_cacache