{"id":13881016,"url":"https://github.com/forcedotcom/salesforcedx-vscode","last_synced_at":"2026-06-08T00:02:37.695Z","repository":{"id":37493297,"uuid":"95021029","full_name":"forcedotcom/salesforcedx-vscode","owner":"forcedotcom","description":"Salesforce Extensions for VS Code","archived":false,"fork":false,"pushed_at":"2026-04-10T01:46:41.000Z","size":907246,"stargazers_count":999,"open_issues_count":73,"forks_count":443,"subscribers_count":91,"default_branch":"develop","last_synced_at":"2026-04-10T03:19:00.779Z","etag":null,"topics":["apex","lightning","salesforce","salesforcedx","typescript","vscode-debugger","vscode-extension","vscode-language"],"latest_commit_sha":null,"homepage":"https://developer.salesforce.com/tools/vscode","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/forcedotcom.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.txt","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-06-21T15:53:45.000Z","updated_at":"2026-04-10T01:46:49.000Z","dependencies_parsed_at":"2026-03-12T21:05:38.081Z","dependency_job_id":"7a5af0fc-3233-4b4a-a21e-88e3da8cd94e","html_url":"https://github.com/forcedotcom/salesforcedx-vscode","commit_stats":{"total_commits":3807,"total_committers":146,"mean_commits":"26.075342465753426","dds":0.9062253743104807,"last_synced_commit":"492ed3c42d122dde119c968c6326e68c98d3ba78"},"previous_names":[],"tags_count":394,"template":false,"template_full_name":null,"purl":"pkg:github/forcedotcom/salesforcedx-vscode","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forcedotcom%2Fsalesforcedx-vscode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forcedotcom%2Fsalesforcedx-vscode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forcedotcom%2Fsalesforcedx-vscode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forcedotcom%2Fsalesforcedx-vscode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/forcedotcom","download_url":"https://codeload.github.com/forcedotcom/salesforcedx-vscode/tar.gz/refs/heads/develop","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/forcedotcom%2Fsalesforcedx-vscode/sbom","scorecard":{"id":406709,"data":{"date":"2025-08-11","repo":{"name":"github.com/forcedotcom/salesforcedx-vscode","commit":"fd83634f779de69613ccf6bb62acbf86ba9eae68"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4,"checks":[{"name":"Code-Review","score":2,"reason":"Found 6/25 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":1,"reason":"binaries present in source code","details":["Warn: binary detected: packages/salesforcedx-vscode-apex/jars/apex-jorje-lsp.jar:1","Warn: binary detected: yourkit-distro/bin/linux-arm-32/libyjpagent.so:1","Warn: binary detected: yourkit-distro/bin/linux-arm-64/libyjpagent.so:1","Warn: binary detected: yourkit-distro/bin/linux-x86-32/libyjpagent.so:1","Warn: binary detected: yourkit-distro/bin/linux-x86-64/libyjpagent.so:1","Warn: binary detected: yourkit-distro/bin/mac/libyjpagent.dylib:1","Warn: binary detected: yourkit-distro/bin/windows-arm-64/yjpagent.dll:1","Warn: binary detected: yourkit-distro/bin/windows-x86-32/yjpagent.dll:1","Warn: binary detected: yourkit-distro/bin/windows-x86-64/yjpagent.dll:1"],"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/apexE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/approveAndPublishBeta.yml:1","Warn: no topLevel permission defined: .github/workflows/buildAll.yml:1","Warn: no topLevel permission defined: .github/workflows/buildAndTest.yml:1","Warn: no topLevel permission defined: .github/workflows/cleanupDeletedScratchOrgs.yml:1","Warn: no topLevel permission defined: .github/workflows/coreE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/createAndTestBetaReleaseBranch.yml:1","Warn: no topLevel permission defined: .github/workflows/createReleaseBranch.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-auto-merge.yml:24","Info: topLevel 'checks' permission set to 'read': .github/workflows/dependabot-auto-merge.yml:26","Info: topLevel 'actions' permission set to 'read': .github/workflows/dependabot-auto-merge.yml:27","Warn: no topLevel permission defined: .github/workflows/deployRetrieveE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/e2e.yml:1","Warn: no topLevel permission defined: .github/workflows/generateChangelog.yml:1","Warn: no topLevel permission defined: .github/workflows/integrationTests.yml:1","Warn: no topLevel permission defined: .github/workflows/integrationTestsWindows.yml:1","Warn: no topLevel permission defined: .github/workflows/lspE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/lwcE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/mergeReleaseBranch.yml:1","Warn: no topLevel permission defined: .github/workflows/nightlyBuildDevelop.yml:1","Warn: no topLevel permission defined: .github/workflows/nightlyBuildMain.yml:1","Warn: no topLevel permission defined: .github/workflows/prerelease.yml:1","Warn: no topLevel permission defined: .github/workflows/publishBeta.yml:1","Warn: no topLevel permission defined: .github/workflows/publishBetaRelease.yml:1","Warn: no topLevel permission defined: .github/workflows/publishOpenVSX.yml:1","Warn: no topLevel permission defined: .github/workflows/publishVSCode.yml:1","Warn: no topLevel permission defined: .github/workflows/release.yml:1","Warn: no topLevel permission defined: .github/workflows/reportInstalls.yml:1","Warn: no topLevel permission defined: .github/workflows/runE2ETest.yml:1","Warn: no topLevel permission defined: .github/workflows/slackNotification.yml:1","Warn: no topLevel permission defined: .github/workflows/soqlE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/tagAndRelease.yml:1","Warn: no topLevel permission defined: .github/workflows/templatesE2E.yml:1","Warn: no topLevel permission defined: .github/workflows/testBuildAndRelease.yml:1","Warn: no topLevel permission defined: .github/workflows/testCommitExceptMain.yml:1","Warn: no topLevel permission defined: .github/workflows/triggerE2EForCommit.yml:1","Warn: no topLevel permission defined: .github/workflows/unitTests.yml:1","Warn: no topLevel permission defined: .github/workflows/unitTestsLinux.yml:1","Warn: no topLevel permission defined: .github/workflows/unitTestsWindows.yml:1","Warn: no topLevel permission defined: .github/workflows/validateNewIssues.yml:1","Warn: no topLevel permission defined: .github/workflows/validatePR.yml:1","Warn: no topLevel permission defined: .github/workflows/validateUpdatedIssues.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v64.9.1 not signed: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/239358227","Warn: release artifact v64.8.0 not signed: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/238033137","Warn: release artifact v64.7.1 not signed: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/236107713","Warn: release artifact v64.5.1 not signed: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/232934591","Warn: release artifact v64.3.0 not signed: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/229180670","Warn: release artifact v64.9.1 does not have provenance: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/239358227","Warn: release artifact v64.8.0 does not have provenance: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/238033137","Warn: release artifact v64.7.1 does not have provenance: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/236107713","Warn: release artifact v64.5.1 does not have provenance: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/232934591","Warn: release artifact v64.3.0 does not have provenance: https://api.github.com/repos/forcedotcom/salesforcedx-vscode/releases/229180670"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Pinned-Dependencies","score":1,"reason":"dependency not pinned by hash detected -- score normalized to 1","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildAll.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/buildAll.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildAll.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/buildAll.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/buildAll.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/buildAll.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanupDeletedScratchOrgs.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/cleanupDeletedScratchOrgs.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/cleanupDeletedScratchOrgs.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/cleanupDeletedScratchOrgs.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/closeStaleIssues.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/closeStaleIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/createAndTestBetaReleaseBranch.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/createAndTestBetaReleaseBranch.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/createAndTestBetaReleaseBranch.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/createAndTestBetaReleaseBranch.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/createReleaseBranch.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/createReleaseBranch.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/createReleaseBranch.yml:41: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/createReleaseBranch.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-auto-merge.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/dependabot-auto-merge.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generateChangelog.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/generateChangelog.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/generateChangelog.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/generateChangelog.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTestsWindows.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/integrationTestsWindows.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/integrationTestsWindows.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/integrationTestsWindows.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergeReleaseBranch.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/mergeReleaseBranch.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergeReleaseBranch.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/mergeReleaseBranch.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/mergeReleaseBranch.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/mergeReleaseBranch.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/prerelease.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/prerelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBeta.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBeta.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBeta.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBeta.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBetaRelease.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBetaRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBetaRelease.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBetaRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBetaRelease.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBetaRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBetaRelease.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBetaRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBetaRelease.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBetaRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishBetaRelease.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishBetaRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishOpenVSX.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishOpenVSX.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publishOpenVSX.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishOpenVSX.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishOpenVSX.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishOpenVSX.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishOpenVSX.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishOpenVSX.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publishOpenVSX.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishOpenVSX.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publishOpenVSX.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishOpenVSX.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishVSCode.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishVSCode.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publishVSCode.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishVSCode.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishVSCode.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishVSCode.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publishVSCode.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishVSCode.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publishVSCode.yml:80: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishVSCode.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/publishVSCode.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/publishVSCode.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/release.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reportInstalls.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/reportInstalls.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/reportInstalls.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/reportInstalls.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:160: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:237: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:308: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:315: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:350: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:393: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/runE2ETest.yml:398: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/runE2ETest.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/slackNotification.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/slackNotification.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/slackNotification.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/slackNotification.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/slackNotification.yml:84: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/slackNotification.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/slackNotification.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/slackNotification.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:76: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tagAndRelease.yml:93: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/tagAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/testBuildAndRelease.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/testBuildAndRelease.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitTestsLinux.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/unitTestsLinux.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitTestsLinux.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/unitTestsLinux.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitTestsLinux.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/unitTestsLinux.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitTestsWindows.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/unitTestsWindows.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unitTestsWindows.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/unitTestsWindows.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateNewIssues.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateNewIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateNewIssues.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateNewIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateNewIssues.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateNewIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateNewIssues.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateNewIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateNewIssues.yml:59: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateNewIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateNewIssues.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateNewIssues.yml/develop?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/validatePR.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validatePR.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validatePR.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validatePR.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validatePR.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validatePR.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:87: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/validateUpdatedIssues.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/forcedotcom/salesforcedx-vscode/validateUpdatedIssues.yml/develop?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/cleanupDeletedScratchOrgs.yml:27","Warn: npmCommand not pinned by hash: .github/workflows/createAndTestBetaReleaseBranch.yml:40","Warn: npmCommand not pinned by hash: .github/workflows/createAndTestBetaReleaseBranch.yml:41","Warn: npmCommand not pinned by hash: .github/workflows/createAndTestBetaReleaseBranch.yml:42","Warn: npmCommand not pinned by hash: .github/workflows/createReleaseBranch.yml:49","Warn: npmCommand not pinned by hash: .github/workflows/createReleaseBranch.yml:51","Warn: npmCommand not pinned by hash: .github/workflows/publishBetaRelease.yml:19","Warn: npmCommand not pinned by hash: .github/workflows/publishBetaRelease.yml:20","Warn: npmCommand not pinned by hash: .github/workflows/reportInstalls.yml:20","Warn: npmCommand not pinned by hash: .github/workflows/validateNewIssues.yml:27","Warn: npmCommand not pinned by hash: .github/workflows/validateNewIssues.yml:44","Warn: npmCommand not pinned by hash: .github/workflows/validateNewIssues.yml:65","Warn: npmCommand not pinned by hash: .github/workflows/validateUpdatedIssues.yml:35","Warn: npmCommand not pinned by hash: .github/workflows/validateUpdatedIssues.yml:51","Warn: npmCommand not pinned by hash: .github/workflows/validateUpdatedIssues.yml:69","Warn: npmCommand not pinned by hash: .github/workflows/validateUpdatedIssues.yml:92","Info:   0 out of  69 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of  17 third-party GitHubAction dependencies pinned","Info:   8 out of  24 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 11 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-776f-qx25-q3cc"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T21:28:31.188Z","repository_id":37493297,"created_at":"2025-08-18T21:28:31.188Z","updated_at":"2025-08-18T21:28:31.188Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31865078,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-15T15:24:51.572Z","status":"ssl_error","status_checked_at":"2026-04-15T15:24:39.138Z","response_time":63,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apex","lightning","salesforce","salesforcedx","typescript","vscode-debugger","vscode-extension","vscode-language"],"created_at":"2024-08-06T08:03:47.268Z","updated_at":"2026-04-16T00:01:22.196Z","avatar_url":"https://github.com/forcedotcom.png","language":"TypeScript","funding_links":[],"categories":["TypeScript","typescript","Table of Contents"],"sub_categories":["Plugins for Salesforce"],"readme":"# Salesforce Extensions for VS Code\n\n[![Dev Dependencies](https://img.shields.io/librariesio/github/forcedotcom/salesforcedx-vscode)](contributing/dependencies.md)\n[![Commitizen friendly](https://img.shields.io/badge/commitizen-friendly-brightgreen.svg)](http://commitizen.github.io/cz-cli/)\n\n## Introduction\n\nThis repository contains the source code for Salesforce Extensions for VS Code: the Visual Studio Code (VS Code) extensions for Salesforce DX.\n\nCurrently, we have the following extensions:\n\n- [salesforcedx-vscode](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode)\n  A top-level [extension pack](https://code.visualstudio.com/docs/extensionAPI/extension-manifest#_extension-packs) that automatically installs the following extensions for you.\n- [salesforcedx-vscode-core](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-core)\n  This extension interacts with the Salesforce CLI to provide basic Salesforce DX functionality.\n- [salesforcedx-vscode-apex](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-apex)\n  This extension uses the Apex Language Server to provide features such as syntax highlighting and code completion.\n- [salesforcedx-vscode-apex-replay-debugger](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-apex-replay-debugger)\n  This extension enables VS Code to replay Apex execution from Apex debug logs.\n- [salesforcedx-vscode-lightning](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-lightning)\n  This extension supports Aura component bundles. It uses the HTML language server from VS Code.\n- [salesforcedx-vscode-visualforce](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-visualforce)\n  This extension supports Visualforce pages and components. It uses the HTML language server from VS Code.\n- [salesforcedx-vscode-soql](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-soql)\n  This extension enables you to interactively build a SOQL query via a form-based visual editor, view the query as you build, and save query results to a .csv or .json file. If the query is not a file on disk, export prompts for a name and folder like **SFDX: Create Query in SOQL Builder**.\n- [salesforcedx-vscode-slds](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforce-vscode-slds) This extension simplifies working with the Salesforce Lightning Design System (SLDS). It provides code completion, syntax highlighting, and validation with recommended tokens and utility classes.\n- [salesforcedx-einstein-gpt](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-einstein-gpt) This extension uses generative AI to make Salesforce development in Visual Studio Code richer with features such as a Dev Assistant that helps with writing, documenting, and understanding code. It also provides inline autocompletion, and test case generation for Apex and LWC code.\n- [sfdx-code-analyzer-vscode](https://marketplace.visualstudio.com/items?itemName=salesforce.sfdx-code-analyzer-vscode) This extension scans your code using multiple rule engines to produce lists of violations that you can use to improve your code. v5 also includes all the functionality of the ESLint and Apex PMD extensions. Now, the Salesforce Code Analyzer extension statically analyzes both your Apex and JavaScript code to quickly find problems.\n- [salesforcedx-vscode-ui-preview](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-vscode-ui-preview) This extension enables you to preview Lightning Web Components directly within VS Code with automatic updates on save, allowing you to iterate quickly without deploying code.\n- [salesforcedx-metadata-visualizer-vscode](https://marketplace.visualstudio.com/items?itemName=salesforce.salesforcedx-metadata-visualizer-vscode) This extension creates visual diagrams of Salesforce metadata in real-time, making it easier to understand its structure and relationships compared to reviewing raw metadata files. You can visualize metadata generated by AI using Agentforce Vibes or from your SFDX project enabling you to easily understand and analyze code.\n\n## Be an Efficient Salesforce Developer with VS Code\n\nDreamforce 2018 session on how to use Visual Studio Code and Salesforce Extensions for VS Code:\n\n[![Be An Efficient Salesforce Developer with VS Code](imgs/DF18_VSCode_Session_thumbnail.jpg)](https://www.youtube.com/watch?v=hw9LBvjo4PQ)\n\n### Getting Started\n\nIf you are interested in contributing, please take a look at the [CONTRIBUTING](CONTRIBUTING.md) guide.\n\nIf you are interested in building the extensions locally, please take a look at the developing [doc](contributing/developing.md).\n\nYou can find more information about using the Salesforce Extensions for VS Code in the [public documentation](https://developer.salesforce.com/docs/platform/sfvscode-extensions/guide). If the docs don't cover what you are looking for, please feel free to open an issue.\n\nFor information about using the extensions, consult the README.md file for each package.\n\n### TypeScript Support for Lightning Web Components\n\nSalesforce Extensions now fully support creating and developing Lightning Web Components using TypeScript. For details, see the [TypeScript LWC Support Guide](docs/TYPESCRIPT_LWC_SUPPORT.md).\n\n## Project Governance \u0026 Support\n\n- [License (BSD-3-Clause)](LICENSE.txt)\n- [Code of Conduct](CODE_OF_CONDUCT.md)\n- [Contributing Guide](CONTRIBUTING.md)\n- [Security Policy](SECURITY.md)\n- [How to License](how_to_license.md)\n\nFor questions, issues, or support, please open an issue in this repository or refer to the documentation above.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforcedotcom%2Fsalesforcedx-vscode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fforcedotcom%2Fsalesforcedx-vscode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fforcedotcom%2Fsalesforcedx-vscode/lists"}