code-analyzer-apex
Salesforce Code Analyzer (SFDX Scanner) is the official Salesforce CLI plugin for scanning Apex code, triggers, and other Salesforce components to identify potential issues, security vulnerabilities, and code quality problems. It uses industry-standard tools like PMD and ESLint to provide comprehensive analysis of Salesforce development artifacts.
Key Features:
- Multi-Engine Analysis: Combines PMD for Apex analysis with ESLint for JavaScript/Lightning Web Components
- Security Focus: Identifies security vulnerabilities and potential attack vectors in Salesforce code
- Performance Optimization: Detects performance anti-patterns and inefficient code constructs
- Code Quality Rules: Comprehensive rule sets covering best practices, naming conventions, and maintainability
- Configurable Severity: Customizable severity thresholds and rule categories for different project needs
- Multiple Output Formats: Supports CSV, JSON, SARIF, and other formats for integration with development tools
- Lightning Platform Specific: Rules tailored for Salesforce platform constraints and governor limits
- Custom Rule Sets: Support for custom PMD rule sets and organization-specific coding standards
If your root folder is not force-app, please set variable SALESFORCE_SFDX_SCANNER_DIRECTORY
You can select categories and single rules by defining custom arguments (example: SALESFORCE_SFDX_SCANNER_ARGUMENTS: -c "Best Practices,Security")
See more details in Help
Workaround: Restricted to PMD
code-analyzer-apex documentation
- Version in MegaLinter: 5.7.1
- Visit Official Web Site
- See How to configure code-analyzer-apex rules
- If custom
code-analyzer.ymlconfig file isn't found, code-analyzer.yml will be used
- If custom
- See How to disable code-analyzer-apex rules in files
- See Index of problems detected by code-analyzer-apex
Configuration in MegaLinter
- Enable code-analyzer-apex by adding
SALESFORCE_CODE_ANALYZER_APEXin ENABLE_LINTERS variable - Disable code-analyzer-apex by adding
SALESFORCE_CODE_ANALYZER_APEXin DISABLE_LINTERS variable
| Variable | Description | Default value |
|---|---|---|
| SALESFORCE_CODE_ANALYZER_APEX_ARGUMENTS | User custom arguments to add in linter CLI call Ex: -s --foo "bar" |
|
| SALESFORCE_CODE_ANALYZER_APEX_COMMAND_REMOVE_ARGUMENTS | User custom arguments to remove from command line before calling the linter Ex: -s --foo "bar" |
|
| SALESFORCE_CODE_ANALYZER_APEX_CLI_LINT_MODE | Override default CLI lint mode ⚠️ As default value is project, overriding might not work - file: Calls the linter for each file- list_of_files: Call the linter with the list of files as argument- project: Call the linter from the root of the project |
project |
| SALESFORCE_CODE_ANALYZER_APEX_PRE_COMMANDS | List of bash commands to run before the linter | None |
| SALESFORCE_CODE_ANALYZER_APEX_POST_COMMANDS | List of bash commands to run after the linter | None |
| SALESFORCE_CODE_ANALYZER_APEX_UNSECURED_ENV_VARIABLES | List of env variables explicitly not filtered before calling SALESFORCE_CODE_ANALYZER_APEX and its pre/post commands | None |
| SALESFORCE_CODE_ANALYZER_APEX_CONFIG_FILE | code-analyzer-apex configuration file name Use LINTER_DEFAULT to let the linter find it |
code-analyzer.yml |
| SALESFORCE_CODE_ANALYZER_APEX_RULES_PATH | Path where to find linter configuration file | Workspace folder, then MegaLinter default rules |
| SALESFORCE_CODE_ANALYZER_APEX_DISABLE_ERRORS | Run linter but consider errors as warnings | false |
| SALESFORCE_CODE_ANALYZER_APEX_DISABLE_ERRORS_IF_LESS_THAN | Maximum number of errors allowed | 0 |
| SALESFORCE_CODE_ANALYZER_APEX_CLI_EXECUTABLE | Override CLI executable | ['sf'] |
| SALESFORCE_DIRECTORY | Directory containing SALESFORCE files (use any to always activate the linter) |
force-app |
IDE Integration
Use code-analyzer-apex in your favorite IDE to catch errors before MegaLinter !
| IDE | Extension Name | Install | |
|---|---|---|---|
| Eclipse | pmd-eclipse-plugin | Visit Web Site | |
| Emacs | pmd-emacs | Visit Web Site | |
| IDEA | PMD IntelliJ | ||
| Visual Studio Code | Salesforce Extension Pack |  |
MegaLinter Flavors
This linter is available in the following flavors
| Flavor | Description | Embedded linters | Info | |
|---|---|---|---|---|
 |
all | Default MegaLinter Flavor | 131 |   |
| salesforce | Optimized for Salesforce based projects | 57 |   |
Behind the scenes
How are identified applicable files
- Activated only if sub-directory
force-appis found. (directory name can be overridden withSALESFORCE_DIRECTORY) - If this linter is active, all files will always be linted
How the linting is performed
code-analyzer-apex is called once on the whole project directory (project CLI lint mode)
- filtering can not be done using MegaLinter configuration variables,it must be done using code-analyzer-apex configuration or ignore file (if existing)
VALIDATE_ALL_CODEBASE: falsedoesn't make code-analyzer-apex analyze only updated files
Example calls
sf code-analyzer run --rule-selector pmd:Recommended --workspace . --output-file results.csv
Help content
Analyze your code with a selection of rules to ensure good coding practices.
USAGE
$ sf code-analyzer run [--flags-dir <value>] [-w <value>...] [-t <value>...]
[-r <value>...] [-s <value>] [-v detail|table] [-f <value>...] [-c <value>]
FLAGS
-c, --config-file=<value> Path to the configuration file used to
customize the engines and rules.
-f, --output-file=<value>... Name of the file where the analysis results
are written. The file format depends on the
extension you specify, such as .csv, .html,
.xml, and so on.
-r, --rule-selector=<value>... [default: Recommended] Selection of rules,
based on engine name, severity level, rule
name, tag, or a combination of criteria
separated by colons.
-s, --severity-threshold=<value> Severity level of a found violation that
must be met or exceeded to cause this
command to fail with a non-zero exit code.
-t, --target=<value>... Subset of files within your workspace to be
targeted for analysis.
-v, --view=<option> Format to display the command results in the
terminal.
<options: detail|table>
-w, --workspace=<value>... [default: .] Set of files that make up your
workspace.
GLOBAL FLAGS
--flags-dir=<value> Import flag values from a directory.
Streaming logs in real time to:
/tmp/sfca-2025_12_15_01_08_16_973.log
Selecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 0%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 14%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 28%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 30%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 31%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 32%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 33%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 34%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 35%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 36%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 37%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 38%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 39%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 40%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 41%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 42%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 53%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 57%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 62%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 72%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 74%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 75%; Elapsed time: 0sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 75%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 84%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 85%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 87%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 96%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 98%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 99%; Elapsed time: 1sSelecting rules... Eligible engines: retire-js, regex, eslint, flow, pmd, cpd, sfge; Completion: 100%; Elapsed time: 1sSelecting rules... done.
# Name Engine Severity Tag
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 LibraryWithKnownCriticalSeverityVulnerability retire-js 1 (Critical) Recommended, Security, JavaScript
2 LibraryWithKnownHighSeverityVulnerability retire-js 2 (High) Recommended, Security, JavaScript
3 LibraryWithKnownMediumSeverityVulnerability retire-js 3 (Moderate) Recommended, Security, JavaScript
4 LibraryWithKnownLowSeverityVulnerability retire-js 4 (Low) Recommended, Security, JavaScript
5 NoTrailingWhitespace regex 5 (Info) Recommended, CodeStyle, Apex
6 AvoidTermsWithImplicitBias regex 5 (Info) Recommended, BestPractices
7 AvoidOldSalesforceApiVersions regex 2 (High) Recommended, Security, XML
8 AvoidGetHeapSizeInLoop regex 2 (High) Recommended, Performance, Apex
9 MinVersionForAbstractVirtualClassesWithPrivateMethod regex 2 (High) Recommended, BestPractices, Apex
10 @lwc/lwc-platform/no-aura eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
11 @lwc/lwc-platform/no-aura-libs eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
12 @lwc/lwc-platform/no-community-import eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
13 @lwc/lwc-platform/no-create-context-provider eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
14 @lwc/lwc-platform/no-deprecated-module-import eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
15 @lwc/lwc-platform/no-dynamic-import-identifier eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
16 @lwc/lwc-platform/no-inline-disable eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
17 @lwc/lwc-platform/no-interop eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
18 @lwc/lwc-platform/no-interop-create eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
19 @lwc/lwc-platform/no-interop-dispatch eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
20 @lwc/lwc-platform/no-interop-execute eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
21 @lwc/lwc-platform/no-interop-execute-controller-with-client-def eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
22 @lwc/lwc-platform/no-interop-execute-privileged eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
23 @lwc/lwc-platform/no-interop-execute-raw-response eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
24 @lwc/lwc-platform/no-interop-execute-with-callback eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
25 @lwc/lwc-platform/no-interop-get-event eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
26 @lwc/lwc-platform/no-interop-get-module eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
27 @lwc/lwc-platform/no-interop-is-external-definition eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
28 @lwc/lwc-platform/no-interop-load-definitions eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
29 @lwc/lwc-platform/no-interop-module-instrumentation eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
30 @lwc/lwc-platform/no-interop-module-storage eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
31 @lwc/lwc-platform/no-interop-register eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
32 @lwc/lwc-platform/no-interop-render eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
33 @lwc/lwc-platform/no-interop-sanitize eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
34 @lwc/lwc-platform/no-lds-aura-controller-method eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
35 @lwc/lwc-platform/no-process-env eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
36 @lwc/lwc-platform/no-restricted-namespaces eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
37 @lwc/lwc-platform/no-site-import eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
38 @lwc/lwc-platform/no-wire-service eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
39 @lwc/lwc-platform/valid-dynamic-import-hint eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
40 @lwc/lwc/newer-version-available eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
41 @lwc/lwc/no-api-reassignments eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
42 @lwc/lwc/no-async-operation eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
43 @lwc/lwc/no-attributes-during-construction eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
44 @lwc/lwc/no-deprecated eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
45 @lwc/lwc/no-disallowed-lwc-imports eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
46 @lwc/lwc/no-document-query eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
47 @lwc/lwc/no-inner-html eslint 2 (High) Recommended, LWC, Security, JavaScript
48 @lwc/lwc/no-leading-uppercase-api-name eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
49 @lwc/lwc/no-template-children eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
50 @lwc/lwc/no-unexpected-wire-adapter-usages eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
51 @lwc/lwc/no-unknown-wire-adapters eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
52 @lwc/lwc/prefer-custom-event eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
53 @lwc/lwc/valid-api eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
54 @lwc/lwc/valid-graphql-wire-adapter-callback-parameters eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
55 @lwc/lwc/valid-track eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
56 @lwc/lwc/valid-wire eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
57 @salesforce-ux/slds/enforce-bem-usage eslint 4 (Low) Recommended, SLDS, BestPractices, HTML
58 @salesforce-ux/slds/enforce-component-hook-naming-convention eslint 4 (Low) Recommended, SLDS, CodeStyle, CSS
59 @salesforce-ux/slds/enforce-sds-to-slds-hooks eslint 4 (Low) Recommended, SLDS, Design, CSS
60 @salesforce-ux/slds/lwc-token-to-slds-hook eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
61 @salesforce-ux/slds/modal-close-button-issue eslint 3 (Moderate) Recommended, SLDS, ErrorProne, HTML
62 @salesforce-ux/slds/no-deprecated-classes-slds2 eslint 3 (Moderate) Recommended, SLDS, ErrorProne, HTML
63 @salesforce-ux/slds/no-deprecated-slds-classes eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
64 @salesforce-ux/slds/no-hardcoded-values-slds2 eslint 4 (Low) Recommended, SLDS, Design, CSS
65 @salesforce-ux/slds/no-slds-class-overrides eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
66 @salesforce-ux/slds/no-slds-namespace-for-custom-hooks eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
67 @salesforce-ux/slds/no-slds-private-var eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
68 @salesforce-ux/slds/no-slds-var-without-fallback eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
69 @salesforce-ux/slds/no-sldshook-fallback-for-lwctoken eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
70 @salesforce-ux/slds/no-unsupported-hooks-slds2 eslint 3 (Moderate) Recommended, SLDS, ErrorProne, CSS
71 @salesforce-ux/slds/reduce-annotations eslint 4 (Low) Recommended, SLDS, BestPractices, CSS
72 @salesforce/lightning/valid-apex-method-invocation eslint 3 (Moderate) Recommended, LWC, ErrorProne, JavaScript
73 @typescript-eslint/ban-ts-comment eslint 2 (High) Recommended, ErrorProne, TypeScript
74 @typescript-eslint/no-array-constructor eslint 3 (Moderate) Recommended, BestPractices, TypeScript
75 @typescript-eslint/no-duplicate-enum-values eslint 2 (High) Recommended, ErrorProne, TypeScript
76 @typescript-eslint/no-empty-object-type eslint 3 (Moderate) Recommended, BestPractices, TypeScript
77 @typescript-eslint/no-explicit-any eslint 3 (Moderate) Recommended, BestPractices, TypeScript
78 @typescript-eslint/no-extra-non-null-assertion eslint 2 (High) Recommended, ErrorProne, TypeScript
79 @typescript-eslint/no-misused-new eslint 2 (High) Recommended, ErrorProne, TypeScript
80 @typescript-eslint/no-namespace eslint 3 (Moderate) Recommended, BestPractices, TypeScript
81 @typescript-eslint/no-non-null-asserted-optional-chain eslint 2 (High) Recommended, ErrorProne, TypeScript
82 @typescript-eslint/no-require-imports eslint 2 (High) Recommended, ErrorProne, TypeScript
83 @typescript-eslint/no-this-alias eslint 3 (Moderate) Recommended, BestPractices, TypeScript
84 @typescript-eslint/no-unnecessary-type-constraint eslint 3 (Moderate) Recommended, BestPractices, TypeScript
85 @typescript-eslint/no-unsafe-declaration-merging eslint 2 (High) Recommended, ErrorProne, TypeScript
86 @typescript-eslint/no-unsafe-function-type eslint 2 (High) Recommended, ErrorProne, TypeScript
87 @typescript-eslint/no-unused-expressions eslint 3 (Moderate) Recommended, BestPractices, TypeScript
88 @typescript-eslint/no-unused-vars eslint 2 (High) Recommended, ErrorProne, TypeScript
89 @typescript-eslint/no-wrapper-object-types eslint 2 (High) Recommended, ErrorProne, TypeScript
90 @typescript-eslint/prefer-as-const eslint 3 (Moderate) Recommended, BestPractices, TypeScript
91 @typescript-eslint/prefer-namespace-keyword eslint 3 (Moderate) Recommended, BestPractices, TypeScript
92 @typescript-eslint/triple-slash-reference eslint 3 (Moderate) Recommended, BestPractices, TypeScript
93 constructor-super eslint 2 (High) Recommended, ErrorProne, JavaScript
94 for-direction eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
95 getter-return eslint 2 (High) Recommended, ErrorProne, JavaScript
96 import/default eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
97 import/export eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
98 import/named eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
99 import/namespace eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
100 jest/expect-expect eslint 5 (Info) Recommended, LWC, BestPractices, JavaScript
101 jest/no-alias-methods eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
102 jest/no-commented-out-tests eslint 5 (Info) Recommended, LWC, BestPractices, JavaScript
103 jest/no-conditional-expect eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
104 jest/no-disabled-tests eslint 5 (Info) Recommended, LWC, BestPractices, JavaScript
105 jest/no-done-callback eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
106 jest/no-export eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
107 jest/no-focused-tests eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
108 jest/no-identical-title eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
109 jest/no-interpolation-in-snapshots eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
110 jest/no-jasmine-globals eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
111 jest/no-mocks-import eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
112 jest/no-standalone-expect eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
113 jest/no-test-prefixes eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
114 jest/valid-describe-callback eslint 2 (High) Recommended, LWC, ErrorProne, JavaScript
115 jest/valid-expect eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
116 jest/valid-expect-in-promise eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
117 jest/valid-title eslint 3 (Moderate) Recommended, LWC, BestPractices, JavaScript
118 no-async-promise-executor eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
119 no-case-declarations eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
120 no-class-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
121 no-compare-neg-zero eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
122 no-cond-assign eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
123 no-const-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
124 no-constant-condition eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
125 no-control-regex eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
126 no-debugger eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
127 no-delete-var eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
128 no-dupe-args eslint 2 (High) Recommended, ErrorProne, JavaScript
129 no-dupe-class-members eslint 2 (High) Recommended, ErrorProne, JavaScript
130 no-dupe-else-if eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
131 no-dupe-keys eslint 2 (High) Recommended, ErrorProne, JavaScript
132 no-duplicate-case eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
133 no-empty eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
134 no-empty-character-class eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
135 no-empty-pattern eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
136 no-ex-assign eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
137 no-extra-boolean-cast eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
138 no-fallthrough eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
139 no-func-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
140 no-global-assign eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
141 no-import-assign eslint 2 (High) Recommended, ErrorProne, JavaScript
142 no-inner-declarations eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
143 no-invalid-regexp eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
144 no-irregular-whitespace eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
145 no-loss-of-precision eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
146 no-misleading-character-class eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
147 no-nonoctal-decimal-escape eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
148 no-obj-calls eslint 2 (High) Recommended, ErrorProne, JavaScript
149 no-octal eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
150 no-prototype-builtins eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
151 no-redeclare eslint 3 (Moderate) Recommended, BestPractices, JavaScript
152 no-regex-spaces eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
153 no-self-assign eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
154 no-setter-return eslint 2 (High) Recommended, ErrorProne, JavaScript
155 no-shadow-restricted-names eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
156 no-sparse-arrays eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
157 no-this-before-super eslint 2 (High) Recommended, ErrorProne, JavaScript
158 no-undef eslint 2 (High) Recommended, ErrorProne, JavaScript
159 no-unexpected-multiline eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
160 no-unreachable eslint 2 (High) Recommended, ErrorProne, JavaScript
161 no-unsafe-finally eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
162 no-unsafe-negation eslint 2 (High) Recommended, ErrorProne, JavaScript
163 no-unsafe-optional-chaining eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
164 no-unused-labels eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
165 no-unused-vars eslint 2 (High) Recommended, ErrorProne, JavaScript
166 no-useless-backreference eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
167 no-useless-catch eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
168 no-useless-escape eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
169 no-var eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
170 no-with eslint 3 (Moderate) Recommended, BestPractices, JavaScript
171 prefer-const eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
172 prefer-rest-params eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
173 prefer-spread eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
174 require-yield eslint 3 (Moderate) Recommended, BestPractices, JavaScript, TypeScript
175 use-isnan eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
176 valid-typeof eslint 2 (High) Recommended, ErrorProne, JavaScript, TypeScript
177 CyclicSubflow flow 1 (Critical) Recommended, Performance, XML
178 DbInLoop flow 2 (High) Recommended, Performance, XML
179 DefaultCopy flow 3 (Moderate) Recommended, CodeStyle, XML
180 HardcodedId flow 3 (Moderate) Recommended, BestPractices, XML
181 MissingNextValueConnector flow 1 (Critical) Recommended, BestPractices, XML
182 PreventPassingUserDataIntoElementWithoutSharing flow 2 (High) Recommended, Security, XML
183 PreventPassingUserDataIntoElementWithSharing flow 4 (Low) Recommended, Security, XML
184 SameRecordUpdate flow 3 (Moderate) Recommended, Security, XML
185 TriggerCallout flow 2 (High) Recommended, Performance, XML
186 TriggerEntryCriteria flow 2 (High) Recommended, Performance, XML
187 TriggerWaitEvent flow 2 (High) Recommended, Performance, XML
188 AnnotationsNamingConventions pmd 4 (Low) Recommended, CodeStyle, Apex
189 ApexBadCrypto pmd 2 (High) Recommended, Security, Apex
190 ApexCRUDViolation pmd 2 (High) Recommended, Security, Apex
191 ApexCSRF pmd 1 (Critical) Recommended, Security, Apex
192 ApexDangerousMethods pmd 3 (Moderate) Recommended, Security, Apex
193 ApexDoc pmd 4 (Low) Recommended, Documentation, Apex
194 ApexInsecureEndpoint pmd 2 (High) Recommended, Security, Apex
195 ApexOpenRedirect pmd 2 (High) Recommended, Security, Apex
196 ApexSharingViolations pmd 3 (Moderate) Recommended, Security, Apex
197 ApexSOQLInjection pmd 2 (High) Recommended, Security, Apex
198 ApexSuggestUsingNamedCred pmd 2 (High) Recommended, Security, Apex
199 ApexUnitTestClassShouldHaveAsserts pmd 3 (Moderate) Recommended, BestPractices, Apex
200 ApexUnitTestClassShouldHaveRunAs pmd 4 (Low) Recommended, BestPractices, Apex
201 ApexUnitTestMethodShouldHaveIsTestAnnotation pmd 2 (High) Recommended, BestPractices, Apex
202 ApexUnitTestShouldNotUseSeeAllDataTrue pmd 2 (High) Recommended, BestPractices, Apex
203 ApexXSSFromEscapeFalse pmd 2 (High) Recommended, Security, Apex
204 ApexXSSFromURLParam pmd 2 (High) Recommended, Security, Apex
205 AvoidBooleanMethodParameters pmd 3 (Moderate) Recommended, Design, Apex
206 AvoidDebugStatements pmd 4 (Low) Recommended, Performance, Apex
207 AvoidDeeplyNestedIfStmts pmd 3 (Moderate) Recommended, Design, Apex
208 AvoidDirectAccessTriggerMap pmd 3 (Moderate) Recommended, ErrorProne, Apex
209 AvoidGlobalModifier pmd 3 (Moderate) Recommended, BestPractices, Apex
210 AvoidHardcodingId pmd 3 (Moderate) Recommended, ErrorProne, Apex
211 AvoidLogicInTrigger pmd 3 (Moderate) Recommended, BestPractices, Apex
212 AvoidNonExistentAnnotations pmd 4 (Low) Recommended, ErrorProne, Apex
213 AvoidNonRestrictiveQueries pmd 4 (Low) Recommended, Performance, Apex
214 AvoidStatefulDatabaseResult pmd 3 (Moderate) Recommended, ErrorProne, Apex
215 ClassNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
216 CognitiveComplexity pmd 3 (Moderate) Recommended, Design, Apex
217 CyclomaticComplexity pmd 3 (Moderate) Recommended, Design, Apex
218 DebugsShouldUseLoggingLevel pmd 4 (Low) Recommended, BestPractices, Apex
219 EagerlyLoadedDescribeSObjectResult pmd 2 (High) Recommended, Performance, Apex
220 EmptyCatchBlock pmd 2 (High) Recommended, ErrorProne, Apex
221 EmptyIfStmt pmd 3 (Moderate) Recommended, ErrorProne, Apex
222 EmptyStatementBlock pmd 3 (Moderate) Recommended, ErrorProne, Apex
223 EmptyTryOrFinallyBlock pmd 3 (Moderate) Recommended, ErrorProne, Apex
224 EmptyWhileStmt pmd 3 (Moderate) Recommended, ErrorProne, Apex
225 ExcessiveClassLength pmd 3 (Moderate) Recommended, Design, Apex
226 ExcessiveParameterList pmd 3 (Moderate) Recommended, Design, Apex
227 ExcessivePublicCount pmd 3 (Moderate) Recommended, Design, Apex
228 FieldDeclarationsShouldBeAtStart pmd 3 (Moderate) Recommended, CodeStyle, Apex
229 FieldNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
230 ForLoopsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
231 FormalParameterNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
232 IfElseStmtsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
233 IfStmtsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
234 InaccessibleAuraEnabledGetter pmd 3 (Moderate) Recommended, ErrorProne, Apex
235 LocalVariableNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
236 MethodNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
237 MethodWithSameNameAsEnclosingClass pmd 3 (Moderate) Recommended, ErrorProne, Apex
238 NcssConstructorCount pmd 4 (Low) Recommended, Design, Apex
239 NcssMethodCount pmd 4 (Low) Recommended, Design, Apex
240 OneDeclarationPerLine pmd 3 (Moderate) Recommended, CodeStyle, Apex
241 OperationWithHighCostInLoop pmd 3 (Moderate) Recommended, Performance, Apex
242 OperationWithLimitsInLoop pmd 3 (Moderate) Recommended, Performance, Apex
243 OverrideBothEqualsAndHashcode pmd 2 (High) Recommended, ErrorProne, Apex
244 PropertyNamingConventions pmd 3 (Moderate) Recommended, CodeStyle, Apex
245 QueueableWithoutFinalizer pmd 4 (Low) Recommended, BestPractices, Apex
246 TestMethodsMustBeInTestClasses pmd 3 (Moderate) Recommended, ErrorProne, Apex
247 TooManyFields pmd 3 (Moderate) Recommended, Design, Apex
248 TypeShadowsBuiltInNamespace pmd 2 (High) Recommended, ErrorProne, Apex
249 UnusedLocalVariable pmd 3 (Moderate) Recommended, BestPractices, Apex
250 UnusedMethod pmd 3 (Moderate) Recommended, Design, Apex
251 VfCsrf pmd 2 (High) Recommended, Security, Visualforce
252 VfHtmlStyleTagXss pmd 2 (High) Recommended, Security, Visualforce
253 VfUnescapeEl pmd 2 (High) Recommended, Security, Visualforce
254 WhileLoopsMustUseBraces pmd 3 (Moderate) Recommended, CodeStyle, Apex
255 DetectCopyPasteForApex cpd 5 (Info) Recommended, Design, Apex
256 DetectCopyPasteForJavascript cpd 5 (Info) Recommended, Design, Javascript
257 DetectCopyPasteForTypescript cpd 5 (Info) Recommended, Design, Typescript
258 DetectCopyPasteForVisualforce cpd 5 (Info) Recommended, Design, Visualforce
=== Summary
Found 258 rule(s) from 6 engine(s):
4 retire-js rule(s) found.
5 regex rule(s) found.
167 eslint rule(s) found.
11 flow rule(s) found.
67 pmd rule(s) found.
4 cpd rule(s) found.
Additional log information written to:
/tmp/sfca-2025_12_15_01_08_16_973.log
Installation on mega-linter Docker image
- Dockerfile commands :
# Parent descriptor install
# renovate: datasource=npm depName=@salesforce/cli
ARG NPM_SALESFORCE_CLI_VERSION=2.115.15
# renovate: datasource=npm depName=@salesforce/plugin-packaging
ARG NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION=2.24.0
# renovate: datasource=npm depName=sfdx-hardis
ARG SFDX_HARDIS_VERSION=6.15.1
ENV JAVA_HOME=/usr/lib/jvm/java-21-openjdk
ENV PATH="$JAVA_HOME/bin:${PATH}"
RUN sf plugins install @salesforce/plugin-packaging@${NPM_SALESFORCE_PLUGIN_PACKAGING_VERSION} \
&& echo y|sf plugins install sfdx-hardis@${SFDX_HARDIS_VERSION} \
&& (npm cache clean --force || true) \
&& rm -rf /root/.npm/_cacache
ENV SF_AUTOUPDATE_DISABLE=true SF_CLI_DISABLE_AUTOUPDATE=true
# Linter install
# renovate: datasource=npm depName=@salesforce/plugin-code-analyzer
ARG SALESFORCE_CODE_ANALYZER_VERSION=5.7.1
RUN sf plugins install code-analyzer@${SALESFORCE_CODE_ANALYZER_VERSION} \
&& (npm cache clean --force || true) \
&& rm -rf /root/.npm/_cacache