Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@atom/electron-winstaller

Package Overview
Dependencies
Maintainers
13
Versions
1
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@atom/electron-winstaller

Module to generate Windows installers for Electron apps

  • 0.0.1
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
13
Created
Source

Electron Installer

AppVeyor Build status Travis CI Build Status

NPM module that builds Windows installers for Electron apps using Squirrel.

Installing

npm install --save-dev electron-winstaller

Usage

Require the package:

var electronInstaller = require('electron-winstaller');

Then do a build like so..

resultPromise = electronInstaller.createWindowsInstaller({
    appDirectory: '/tmp/build/my-app-64',
    outputDirectory: '/tmp/build/installer64',
    authors: 'My App Inc.',
    exe: 'myapp.exe'
  });

resultPromise.then(() => console.log("It worked!"), (e) => console.log(`No dice: ${e.message}`));

After running you will have an .nupkg, a RELEASES file, and a .exe installer file in the outputDirectory folder for each multi task target given under the config entry.

There are several configuration settings supported:

Config NameRequiredDescription
appDirectoryYesThe folder path of your Electron app
outputDirectoryNoThe folder path to create the .exe installer in. Defaults to the installer folder at the project root.
loadingGifNoThe local path to a .gif file to display during install.
authorsYesThe authors value for the nuget package metadata. Defaults to the author field from your app's package.json file when unspecified.
ownersNoThe owners value for the nuget package metadata. Defaults to the authors field when unspecified.
exeNoThe name of your app's main .exe file. This uses the name field in your app's package.json file with an added .exe extension when unspecified.
descriptionNoThe description value for the nuget package metadata. Defaults to the description field from your app's package.json file when unspecified.
versionNoThe version value for the nuget package metadata. Defaults to the version field from your app's package.json file when unspecified.
titleNoThe title value for the nuget package metadata. Defaults to the productName field and then the name field from your app's package.json file when unspecified.
nameNoWindows Application Model ID (appId). Defaults to the name field in your app's package.json file.
certificateFileNoThe path to an Authenticode Code Signing Certificate
certificatePasswordNoThe password to decrypt the certificate given in certificateFile
signWithParamsNoParams to pass to signtool. Overrides certificateFile and certificatePassword.
iconUrlNoA URL to an ICO file to use as the application icon (displayed in Control Panel > Programs and Features). Defaults to the Atom icon.
setupIconNoThe ICO file to use as the icon for the generated Setup.exe
skipUpdateIconNoDisables setting the icon of Update.exe. This can solve installation errors with the following message: "This application could not be started", when the setup is built on a non-Windows system.
setupExeNoThe name to use for the generated Setup.exe file
setupMsiNoThe name to use for the generated Setup.msi file
noMsiNoShould Squirrel.Windows create an MSI installer?
noDeltaNoShould Squirrel.Windows delta packages? (disable only if necessary, they are a Good Thing)
remoteReleasesNoA URL to your existing updates. If given, these will be downloaded to create delta updates
remoteTokenNoAuthentication token for remote updates
frameworkVersionNoSet the required .NET framework version, e.g. net461

Sign your installer or else bad things will happen

For development / internal use, creating installers without a signature is okay, but for a production app you need to sign your application. Internet Explorer's SmartScreen filter will block your app from being downloaded, and many anti-virus vendors will consider your app as malware unless you obtain a valid cert.

Any certificate valid for "Authenticode Code Signing" will work here, but if you get the right kind of code certificate, you can also opt-in to Windows Error Reporting. This MSDN page has the latest links on where to get a WER-compatible certificate. The "Standard Code Signing" certificate is sufficient for this purpose.

Handling Squirrel Events

Squirrel will spawn your app with command line flags on first run, updates, and uninstalls. it is very important that your app handle these events as early as possible, and quit immediately after handling them. Squirrel will give your app a short amount of time (~15sec) to apply these operations and quit.

The electron-squirrel-startup module will handle the most common events for you, such as managing desktop shortcuts. Just add the following to the top of your main.js and you're good to go:

if (require('electron-squirrel-startup')) return;

You should handle these events in your app's main entry point with something such as:

const app = require('app');

// this should be placed at top of main.js to handle setup events quickly
if (handleSquirrelEvent()) {
  // squirrel event handled and app will exit in 1000ms, so don't do anything else
  return;
}

function handleSquirrelEvent() {
  if (process.argv.length === 1) {
    return false;
  }

  const ChildProcess = require('child_process');
  const path = require('path');

  const appFolder = path.resolve(process.execPath, '..');
  const rootAtomFolder = path.resolve(appFolder, '..');
  const updateDotExe = path.resolve(path.join(rootAtomFolder, 'Update.exe'));
  const exeName = path.basename(process.execPath);

  const spawn = function(command, args) {
    let spawnedProcess, error;

    try {
      spawnedProcess = ChildProcess.spawn(command, args, {detached: true});
    } catch (error) {}

    return spawnedProcess;
  };

  const spawnUpdate = function(args) {
    return spawn(updateDotExe, args);
  };

  const squirrelEvent = process.argv[1];
  switch (squirrelEvent) {
    case '--squirrel-install':
    case '--squirrel-updated':
      // Optionally do things such as:
      // - Add your .exe to the PATH
      // - Write to the registry for things like file associations and
      //   explorer context menus

      // Install desktop and start menu shortcuts
      spawnUpdate(['--createShortcut', exeName]);

      setTimeout(app.quit, 1000);
      return true;

    case '--squirrel-uninstall':
      // Undo anything you did in the --squirrel-install and
      // --squirrel-updated handlers

      // Remove desktop and start menu shortcuts
      spawnUpdate(['--removeShortcut', exeName]);

      setTimeout(app.quit, 1000);
      return true;

    case '--squirrel-obsolete':
      // This is called on the outgoing version of your app before
      // we update to the new version - it's the opposite of
      // --squirrel-updated

      app.quit();
      return true;
  }
};

Notice that the first time the installer launches your app, your app will see a --squirrel-firstrun flag. This allows you to do things like showing up a splash screen or presenting a settings UI. Another thing to be aware of is that, since the app is spawned by squirrel and squirrel acquires a file lock during installation, you won't be able to successfully check for app updates till a few seconds later when squirrel releases the lock.

Debugging this package

You can get debug messages from this package by running with the environment variable DEBUG=electron-windows-installer:main e.g.

DEBUG=electron-windows-installer:main node tasks/electron-winstaller.js

FAQs

Package last updated on 19 Jun 2019

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc