Generated on May 3, 2024 via pnpm

Npm

salesforce-alm 54.8.5

This package contains tools, and APIs, for an improved salesforce.com developer experience.

force.com

salesforce

salesforce-dx

Package summary

issues

licenses

Package created

7 Dec 2016

Version published

4 Jan 2023

Maintainers

Total deps

421

Direct deps

License

BSD-3-Clause

Issues

4 critical severity issues

critical

vm2@3.9.19

vm2 Sandbox Escape vulnerability

Recommendation: None

via: @salesforce/source-deploy-retrieve@7.15.1 & others

vm2@3.9.19

vm2 Sandbox Escape vulnerability

Recommendation: None

via: @salesforce/source-deploy-retrieve@7.15.1 & others

buffers@0.1.1

Package has no specified license

Recommendation: Check the package code and files for license information

via: @salesforce/source-deploy-retrieve@7.15.1 & others

dtrace-provider@0.6.0

Package has no specified license

Recommendation: Check the package code and files for license information

via: @salesforce/bunyan@2.0.0 & others

Collapse

Expand

5 high severity issues

high

chainsaw@0.1.0

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: @salesforce/source-deploy-retrieve@7.15.1 & others

traverse@0.3.9

Package uses an invalid SPDX license ("MIT/X11")

Recommendation: Validate that the package complies with your license policy

via: @salesforce/source-deploy-retrieve@7.15.1 & others

core-js-pure@3.37.0

Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""

via: @salesforce/command@5.3.9 & others

core-js@3.37.0

Package uses postinstall script: "node -e "try{require('./postinstall')}catch(e){}""

via: @salesforce/command@5.3.9 & others

dtrace-provider@0.6.0

Package uses install script: "node scripts/install.js"

via: @salesforce/bunyan@2.0.0 & others

Collapse

Expand

3 moderate severity issues

moderate

fast-xml-parser@3.21.1

fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name

Recommendation: Upgrade to version 4.1.2 or later

via: fast-xml-parser@3.21.1

xml2js@0.4.19

xml2js is vulnerable to prototype pollution

Recommendation: Upgrade to version 0.5.0 or later

via: xml2js@0.4.19

salesforce-alm@54.8.5

Package has no specified source code repository

via: salesforce-alm@54.8.5

Collapse

Expand

2 low severity issues

low

chainsaw@0.1.0

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: @salesforce/source-deploy-retrieve@7.15.1 & others

traverse@0.3.9

Package uses a license that is not OSI approved ("MIT/X11")

Recommendation: Read and validate the license terms

via: @salesforce/source-deploy-retrieve@7.15.1 & others

Collapse

Expand

Licenses

MIT License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

Cannot

hold-liable

Must

include-copyright

include-license

335 Packages, Including:

@babel/runtime-corejs3@7.24.5

@babel/runtime@7.24.5

@cspotcode/source-map-support@0.8.1

@jridgewell/resolve-uri@3.1.2

@jridgewell/sourcemap-codec@1.4.15

@jridgewell/trace-mapping@0.3.9

@nodelib/fs.scandir@2.1.5

@nodelib/fs.stat@2.0.5

@nodelib/fs.walk@1.2.8

@oclif/core@1.26.2

@oclif/core@2.16.0

@oclif/screen@3.0.8

@oclif/test@2.5.6

@salesforce/bunyan@2.0.0

@sindresorhus/is@4.6.0

@szmarczak/http-timer@4.0.6

@tootallnate/once@1.1.2

@tsconfig/node10@1.0.11

@tsconfig/node12@1.0.11

@tsconfig/node14@1.0.3

@tsconfig/node16@1.0.4

@types/cacheable-request@6.0.3

@types/chai@4.3.15

@types/cli-progress@3.11.5

@types/http-cache-semantics@4.0.4

@types/keyv@3.1.4

@types/lodash@4.17.0

@types/node@12.20.55

@types/node@20.12.8

@types/responselike@1.0.3

@types/semver@7.5.8

@types/sinon@17.0.3

@types/sinonjs__fake-timers@8.1.5

@xmldom/xmldom@0.8.10

abort-controller@3.0.0

acorn-walk@8.3.2

acorn@8.11.3

adm-zip@0.5.12

agent-base@6.0.2

ajv@8.13.0

ansi-escapes@4.3.2

ansi-regex@4.1.1

ansi-regex@5.0.1

ansi-styles@3.2.1

ansi-styles@4.3.0

ansicolors@0.3.2

archiver-utils@2.1.0

archiver-utils@3.0.4

archiver@5.3.2

arg@4.1.3

ISC License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

Cannot

hold-liable

Must

include-copyright

include-license

33 Packages, Including:

@oclif/linewrap@1.0.0

@salesforce/schemas@1.7.0

at-least-node@1.0.0

cli-width@3.0.0

fastq@1.17.1

fs.realpath@1.0.0

fstream@1.0.12

glob-parent@5.1.2

glob@6.0.4

glob@7.2.3

graceful-fs@4.2.11

inflight@1.0.6

inherits@2.0.4

isexe@2.0.0

json-stringify-safe@5.0.1

listenercount@1.0.1

lru-cache@5.1.1

lru-cache@6.0.0

make-error@1.3.6

minimatch@3.1.2

minimatch@5.1.6

mute-stream@0.0.8

once@1.4.0

rimraf@2.4.5

rimraf@2.7.1

sax@1.3.0

semver@7.6.0

setprototypeof@1.2.0

signal-exit@3.0.7

which@2.0.2

wrappy@1.0.2

yallist@3.1.1

yallist@4.0.0

Apache License 2.0

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

use-patent-claims

place-warranty

Cannot

hold-liable

use-trademark

Must

include-copyright

include-license

state-changes

include-notice

18 Packages, Including:

clean-git-ref@2.0.1

crc-32@1.2.2

ecdsa-sig-formatter@1.0.11

ejs@3.1.10

faye-websocket@0.11.4

faye@1.4.0

filelist@1.0.4

jake@10.8.7

js2xmlparser@3.0.0

js2xmlparser@4.0.2

readdir-glob@1.1.3

rxjs@6.6.7

tunnel-agent@0.6.0

typescript@5.4.5

websocket-driver@0.7.4

websocket-extensions@0.1.4

xmlcreate@1.0.2

xmlcreate@2.0.4

BSD 3-Clause "New" or "Revised" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

use-trademark

hold-liable

Must

include-copyright

include-license

17 Packages, Including:

@salesforce/command@5.3.9

@salesforce/core@3.36.2

@salesforce/kit@1.9.2

@salesforce/source-deploy-retrieve@7.15.1

@salesforce/source-deploy-retrieve@8.6.0

@salesforce/source-tracking@2.2.28

@salesforce/ts-types@1.7.3

buffer-equal-constant-time@1.0.1

diff@4.0.2

duplexer2@0.1.4

ieee754@1.2.1

salesforce-alm@54.8.5

shelljs@0.8.5

source-map@0.6.1

sprintf-js@1.0.3

sprintf-js@1.1.3

tough-cookie@4.1.4

BSD 2-Clause "Simplified" License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

place-warranty

Cannot

hold-liable

Must

include-copyright

include-license

7 Packages, Including:

escodegen@1.14.3

esprima@4.0.1

estraverse@4.3.0

esutils@2.0.3

http-cache-semantics@4.1.1

uri-js@4.4.1

webidl-conversions@3.0.1

BSD Zero Clause License

Permissive

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

modify

distribute

sublicense

private-use

include-copyright

include-license

include-original

Cannot

hold-liable

Must

3 Packages, Including:

password-prompt@1.1.3

tslib@1.14.1

tslib@2.6.2

N/A

2 Packages, Including:

buffers@0.1.1

dtrace-provider@0.6.0

MIT/X11

Invalid

Not OSI Approved

2 Packages, Including:

chainsaw@0.1.0

traverse@0.3.9

The Unlicense

Public Domain

OSI Approved

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.

Can

commercial-use

private-use

modify

Cannot

include-copyright

hold-liable

Must

1 Packages, Including:

big-integer@1.6.52

(MIT AND Zlib)

Permissive

1 Packages, Including:

pako@1.0.11

(MIT AND BSD-3-Clause)

Permissive

1 Packages, Including:

sha.js@2.4.11

(MIT OR CC0-1.0)

Public Domain

1 Packages, Including:

type-fest@0.21.3

Direct Dependencies

All Dependencies CSV

ⓘ This is a list of salesforce-alm 's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.

Name	Version	Size	License	Type	Vulnerabilities
@oclif/core	1.26.2	73.29 kB	MIT	prod
@salesforce/bunyan	2.0.0	58.72 kB	MIT	prod	1 1
@salesforce/command	5.3.9	47.48 kB	BSD-3-Clause	prod	1 3
@salesforce/core	3.36.2	232.33 kB	BSD-3-Clause	prod	1 3
@salesforce/kit	1.9.2	29.94 kB	BSD-3-Clause	prod
@salesforce/source-deploy-retrieve	7.15.1	142.88 kB	BSD-3-Clause	prod	4 5 2
@salesforce/source-tracking	2.2.28	52.89 kB	BSD-3-Clause	prod	4 5 2
@salesforce/ts-types	1.7.3	24.61 kB	BSD-3-Clause	prod
@xmldom/xmldom	0.8.10	50.64 kB	MIT	prod
adm-zip	0.5.12	101.27 kB	MIT	prod
ansi-styles	3.2.1	3.72 kB	MIT	prod
archiver	5.3.2	13.02 kB	MIT	prod
bluebird	3.7.2	136.03 kB	MIT	prod
chalk	2.4.2	9.63 kB	MIT	prod
debug	3.2.7	16.48 kB	MIT	prod
fast-xml-parser	3.21.1	21.04 kB	MIT	prod	1
fs-extra	4.0.3	34.69 kB	MIT	prod
glob	7.2.3	15.08 kB	ISC	prod
js2xmlparser	3.0.0	13.32 kB	Apache-2.0	prod
jsforce	2.0.0-beta.29	7.52 MB	MIT	prod	2
klaw	2.1.1	4.86 kB	MIT	prod
lodash	4.17.21	311.49 kB	MIT	prod
mime	1.6.0	15.32 kB	MIT	prod
mkdirp	0.5.6	2.95 kB	MIT	prod optional
moment	2.30.1	698.76 kB	MIT	prod
optional-js	1.3.1	14.75 kB	MIT	prod
strip-ansi	5.2.0	2.07 kB	MIT	prod
ts-retry-promise	0.6.2	8.23 kB	MIT	prod
xml2js	0.4.19	12.08 kB	MIT	prod	1