re-enable flow scanner

[RubenHalman]

Hi @nvuillam and @llaville ,

First off, I'd really love the opportunity to contribute to MegaLinter, but its turning out to be a bit of a challenge for me!
After deprecating parts of the Lightning Flow Scanner Org and unpublishing the original sfdx version on NPM, I have continued to deliver v5.8, a more secure version. Id love to integrate this more robust version in Mega Linter, as the functionality remains the same. Thank you for your consideration and support.

---

Note

Replaces deprecated lightning-flow-scanner with lightning-flow-scanner-cli, re-enables it across build, descriptors, flavors, tests, and docs with updated versioning and metadata.

• Salesforce Flow Scanner
  • Replace lightning-flow-scanner with lightning-flow-scanner-cli and re-enable the linter.
  • Add installation in root Dockerfile and the linter Dockerfile; introduce LIGHTNING_FLOW_SCANNER_VERSION=5.8.0.
• Descriptors & Config
  • Update salesforce.megalinter-descriptor.yml (name, URLs, version regex, install snippets, VS Code link) and remove disabled status.
  • Add SALESFORCE_LIGHTNING_FLOW_SCANNER to flavors/salesforce/flavor.json and megalinter/descriptors/all_flavors.json.
  • Include salesforce_lightning_flow_scanner in linters_matrix.json.
• Docs
  • Update mkdocs.yml nav entry to lightning-flow-scanner-cli and path.
• Tests
  • Rename test linter to lightning-flow-scanner-cli.
• Automation metadata
  • Rename keys and entries in generated files (linter-helps.json, linter-licenses.json, linter-links-previews.json, linter-versions.json) to lightning-flow-scanner-cli with updated titles/info.

^{Written by Cursor Bugbot for commit 8012a3f. This will update automatically on new commits. Configure here.}

[echoix]

You mention above that you worked on publishing v5.8 (up from some v4.3x something), but I only see 5.1.0 in a repo, and 5.2.0 in another.
The organization seemed to have changed, and it’s the first release (at least since a while) from a new author. Not seeing the v5.0.0 published, and not seeing the notices that show how and why the repo isn’t archived anymore, I can’t do anything but be cautious and want to understand a bit more. (You seem to be part of the history for a couple years, unless rebases have been made, so I don’t think it’s a repo hijacking, but still want to check)

[echoix]

Couple things, and you might know more on the nature of the changes needed. Most of the work only needs to be done in the descriptor file, the rest is generated from there

[RubenHalman]

You mention above that you worked on publishing v5.8 (up from some v4.3x something), but I only see 5.1.0 in a repo, and 5.2.0 in another. The organization seemed to have changed, and it’s the first release (at least since a while) from a new author. Not seeing the v5.0.0 published, and not seeing the notices that show how and why the repo isn’t archived anymore, I can’t do anything but be cautious and want to understand a bit more. (You seem to be part of the history for a couple years, unless rebases have been made, so I don’t think it’s a repo hijacking, but still want to check)

@echoix Thank you so much for your prompt reply and support. I would like to clarify:

Version 5.2 was the latest on NPM before being unpublished due to an RCE vulnerability, as explained in the core package. The original Lightning Flow Scanner SFDX repo has been relocated, previous references still work and functionality for MegaLinter remains unaffected. The NPM package is now patched and scoped under the NPM organization flow-scanner, but published by me personally(user rhalman). The new version is 1.5.0 at www.npmjs.com/package/@flow-scanner/lightning-flow-scanner-cli

Based on your feedback, I tried to keep the current naming intact and decided to only update the install scripts and documentation. Could you advise on the steps needed to test the scope and naming changes correctly?

[RubenHalman]

@nvuillam Hi Nicolas, I hope all is well. I'd really appreciate your consideration of the RCE vulnerability, and the rescoped package once you can find some time.