Detect unsafe contexts, queries in loops, hardcoded IDs, and more to optimize Salesforce Flows
Lightning Flow Scanner CLI is plug-and-play. Open any project with flows and use our side bar or the Command Palette and type flowscanner to see the list of all available commands.
Configure Flow Scanner- Set up rules in.flow-scanner.yml(see scanner documentation)Scan Flows- Analyze a directory or selected flow filesFix Flows- Automatically apply available fixesFlow Scanner Documentation- Open the rules reference guide
Privacy: Zero user data collected. All processing is client-side. → See Data Handling in our Security Policy.
It is recommended to set up a .flow-scanner.yml and define:
- The rules to be executed.
- The severity of violating any specific rule.
- Rule properties such as REGEX expressions.
- Any known exceptions that should be ignored during scanning.
{
"rules": {
// Your rules here
},
"exceptions": {
// Your exceptions here
},
"betamode": false // Enable beta rules
}Using the rules section of your configurations, you can specify the list of rules to be run. Furthermore, you can define the severity and configure expressions of rules. Below is a breakdown of the available attributes of rule configuration:
{
"rules": {
"<RuleName>": {
"severity": "<Severity>",
"expression": "<Expression>"
}
}
}Note: if you prefer JSON format, you can create a .flow-scanner.json file using the same format. For a more on configurations, review the scanner documentation.
| Extension Settings | Description | Default Value |
|---|---|---|
flowscanner.SpecifyFiles |
Set to true to select .Flow file paths instead of a root directory. | false |
lightning-flow-scanner-vsx is available on:
| Visual Studio Marketplace | Open VSX Registry |
|---|---|
 |
 |
To install via CLI (VS Code)
code --install-extension ForceConfigControl.lightning-flow-scanner-vsxThis project optionally uses Volta to manage Node.js versions. Install Volta with:
curl https://get.volta.sh | bashVolta will automatically use the Node.js version defined in
package.json.
- Clone the repository
git clone https://github.com/Flow-Scanner/lightning-flow-scanner-vsx.git- Install Dependencies
npm install- Build the Project
npm run build- Watch for Changes
npm run watch- Run End-to-End Tests
npm run test- Linking Core Module (Optional)
If you’re developing or testing updates to the core module, you can link it locally:
- In the core module directory, run:
npm run link
- In this CLI project directory, run:
npm link @flow-scanner/lightning-flow-scanner-core
The lightning-flow-scanner-vsce package was unpublished from the Visual Studio and Open VSX Marketplaces due to a vulnerability stemming from unsafe rule loading. The issue was addressed in core v5. This fork, created on 22/09/2025, emphasizes security and maintainability.
Want to help improve Lightning Flow Scanner? See our Contributing Guidelines