Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@bithighlander/electron-builder-notarize
Advanced tools
Notarize Electron applications using electron-builder
Notarize Electron applications using electron-builder
For more details regarding the options and functionality: https://github.com/electron/electron-notarize
# npm
npm i electron-builder-notarize --save-dev
# yarn
yarn add electron-builder-notarize --dev
In your electron-builder config:
{
...
"afterSign": "electron-builder-notarize",
"mac": {
...
"hardenedRuntime": true,
"entitlements": "./node_modules/electron-builder-notarize/entitlements.mac.inherit.plist",
}
}
You can replace the entitlements file with your own, as long as those properties are included as well.
You will also need to authenticate yourself, either with your Apple ID or using an API key. This is done by setting the corresponding environment variables.
If for some reason the script can't locate your project's appId
, you can specify it using the APP_ID
environment variable.
notarytool
In order to use notarytool
for notarization, XCode 13 or later is required
Authentication methods:
APPLE_ID
String - The username of your apple developer accountAPPLE_ID_PASSWORD
String - The app-specific password (not your Apple ID password).APPLE_TEAM_ID
String - The team ID you want to notarize under.APPLE_API_KEY
String - Required for JWT authentication. See Note on JWT authentication below.APPLE_API_KEY_ID
String - Required for JWT authentication. See Note on JWT authentication below.APPLE_API_KEY_ISSUER
String - Issuer ID. Required if APPLE_API_KEY
is specified.APPLE_KEYCHAIN
String - The name of the keychain or path to the keychain you stored notarization credentials in.APPLE_KEYCHAIN_PROFILE
String - The name of the profile you provided when storing notarization credentials.General options:
TEAM_SHORT_NAME
String - Your Team Short Name.Authentication methods:
APPLE_ID
String - The username of your apple developer accountAPPLE_ID_PASSWORD
String - The app-specific password (not your Apple ID password).APPLE_API_KEY
String - Required for JWT authentication. See Note on JWT authentication below.APPLE_API_KEY_ISSUER
String - Issuer ID. Required if APPLE_API_KEY
is specified.If your developer account is a member of multiple teams or organizations, you might see an error. In this case, you need to provide your Team Short Name as an environment variable:
export TEAM_SHORT_NAME=XXXXXXXXX
This package is inspired by this article
The library used for notarization: https://github.com/electron/electron-notarize
MIT
FAQs
Notarize Electron applications using electron-builder
The npm package @bithighlander/electron-builder-notarize receives a total of 14 weekly downloads. As such, @bithighlander/electron-builder-notarize popularity was classified as not popular.
We found that @bithighlander/electron-builder-notarize demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.