Maintain Your Plugin

You decide how to maintain your plugin, and even what it means to maintain your plugin. However, we have a few recommendations to get you started, based on what the Salesforce CLI developer team does.

It's important to keep your dependency tree up to date. We use the dependabot Github integration, which automatically creates PRs to bump package dependency versions.

Here's an example of how we configure dependabot on our top-level @salesforce/cli repo: https://github.com/salesforcecli/cli/blob/main/.github/dependabot.yml

We use the snyk code checker to scan pull requests for security and quality issues.