FAQ-001341 - Package Design and Architecture Security / Package Migration and Dependencies

Current Status:SUGGESTS_CASEErrorUnable to AnswerSuggests Case

← Back to List View Prompt Template

Current FAQ

Question
What are the key considerations and security aspects when managing inter-package dependencies during migration from first-generation to second-generation packaging?
Answer
When managing inter-package dependencies during migration from first-generation (1GP) to second-generation packaging (2GP), consider these key aspects: **Dependency Management During Migration:** - Design the app and interfaces between packages carefully to avoid breaking dependencies - Ensure that if an extension package calls an Apex class in the base package, the Apex class is set to global - Plan for the entire application lifecycle to ensure updates to the base package do not disrupt dependent packages - If migrating from custom objects to protected custom metadata, thoroughly test the migration process and address any errors encountered **2GP Migration Considerations:** - **Namespace Sharing**: 2GP allows namespace sharing across packages, simplifying dependency management and improving modularity - **Versioning and Dependencies**: Specify the ancestor package version when creating a new package version in 2GP and clearly define and ensure compatibility of dependencies - **Security Review**: If your 1GP package has passed a security review, confirm whether the 2GP package inherits this readiness or requires a new review - **Metadata Management**: Adapt metadata components to align with 2GP requirements, ensuring proper configuration of Apex classes, custom objects, and other elements - **Environment Hub**: Use the Environment Hub to manage orgs effectively during migration, streamlining development, testing, and deployment **Security Considerations for 2GP Migration:** - **Namespace Accessibility**: Use the @namespaceAccessible annotation for classes shared across sub-packages within the same namespace - treat these classes as global but ensure controlled access - **Data Sanitization**: Perform sanitization close to the sink to mitigate security risks effectively - **Individual Security Reviews**: Each sub-package tied to the parent package must undergo an individual security review to ensure compliance and security - **Key Management**: For public/private key pairs, ensure each subscriber organization has a unique key pair to maintain security - **Lightning Message Service (LMS)**: If using LMS channels, ensure they are private to the package and avoid exposing publish/handle message methods in components **Additional Considerations:** - Use dynamic Apex to support multiple editions and ensure compatibility with available features - Thoroughly test the migrated package and its dependencies to ensure functionality and performance, especially scenarios involving dependency interactions - Update team training and documentation to reflect changes in packaging and dependency management - For packages with dependencies, you can submit up to four packages (one base and three extension packages) with the same namespace in a single security review submission If you encounter specific challenges during migration, consider raising a case with Salesforce for additional guidance.

Enhancing FAQ with AI recommendations...

AI Recommended Enhancement

Related Security Rules (click to view)
AvoidHardcodedCredentialsInFieldDeclsAvoidHardcodedCredentialsInVarDeclsAvoidHardcodedCredentialsInVarAssignAvoidHardcodedCredentialsInHttpHeaderApexBadCrypto
Question
What are the key considerations and security aspects when managing inter-package dependencies during migration from first-generation to second-generation packaging?
Recommended Answer Update
When managing inter-package dependencies during migration from first-generation (1GP) to second-generation packaging (2GP), consider these key aspects: **Dependency Management During Migration:** - Design the app and interfaces between packages carefully to avoid breaking dependencies - Ensure that if an extension package calls an Apex class in the base package, the Apex class is set to global - Plan for the entire application lifecycle to ensure updates to the base package don't disrupt dependent packages - If migrating from custom objects to protected custom metadata, thoroughly test the migration process and address any errors encountered **2GP Migration Considerations:** - **Namespace Sharing**: 2GP allows namespace sharing across packages, simplifying dependency management and improving modularity - **Versioning and Dependencies**: Specify the ancestor package version when creating a new package version in 2GP and clearly define and ensure compatibility of dependencies - **Security Review**: If your 1GP package has passed a security review, confirm whether the 2GP package inherits this readiness or requires a new review - **Metadata Management**: Adapt metadata components to align with 2GP requirements, ensuring proper configuration of Apex classes, custom objects, and other elements - **Environment Hub**: Use the Environment Hub to manage orgs effectively during migration, streamlining development, testing, and deployment **Security Considerations for 2GP Migration:** - **Namespace Accessibility**: Use the @namespaceAccessible annotation for classes shared across sub-packages within the same namespace - treat these classes as global but ensure controlled access - **Data Sanitization**: Perform sanitization close to the sink to mitigate security risks effectively - **Individual Security Reviews**: Each sub-package tied to the parent package must undergo an individual security review to ensure compliance and security - **Key Management**: For public/private key pairs, ensure each subscriber organization has a unique key pair to maintain security - **Lightning Message Service (LMS)**: If using LMS channels, ensure they're private to the package and avoid exposing publish/handle message methods in components **Additional Considerations:** - Use dynamic Apex to support multiple editions and ensure compatibility with available features - Thoroughly test the migrated package and its dependencies to ensure functionality and performance, especially scenarios involving dependency interactions - Update team training and documentation to reflect changes in packaging and dependency management - For packages with dependencies, you can submit up to four packages (one base and three extension packages) with the same namespace in a single security review submission If you encounter specific challenges during migration, consider raising a case with Salesforce for additional guidance.
Reasoning
The FAQ content is comprehensive and accurate. I made minimal changes to improve clarity and tone consistency: changed 'do not disrupt' to 'don't disrupt' and 'they are private' to 'they're private' for a more conversational tone as per the brand guidelines. The content appropriately addresses security considerations during 1GP to 2GP migration. Regarding security rules selected: - **AvoidHardcodedCredentialsInFieldDecls, AvoidHardcodedCredentialsInVarDecls, AvoidHardcodedCredentialsInVarAssign, AvoidHardcodedCredentialsInHttpHeader**: These rules relate to the FAQ's discussion of "Key Management" where it mentions ensuring each subscriber organization has unique key pairs, as hardcoded credentials are a common risk during package migration. - **ApexBadCrypto**: This rule relates to the FAQ's emphasis on "Key Management" and ensuring proper security of public/private key pairs during migration, as cryptographic implementation is crucial for maintaining security across package boundaries.
Reasoning References