Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@electron/rebuild
Advanced tools
Electron supporting package to rebuild native node modules against the currently installed electron
@electron/rebuild is a tool designed to help developers rebuild native Node.js modules against the current Electron version. This is particularly useful when working with native modules that need to be compatible with Electron's version of Node.js.
Rebuild Native Modules
This feature allows you to rebuild native Node.js modules to be compatible with a specific version of Electron. The code sample demonstrates how to use the `rebuild` function to rebuild modules in the current directory for Electron version 13.1.7.
const { rebuild } = require('@electron/rebuild');
rebuild({
buildPath: __dirname,
electronVersion: '13.1.7'
}).then(() => {
console.log('Rebuild complete!');
}).catch((err) => {
console.error('Rebuild failed:', err);
});
CLI Usage
You can also use @electron/rebuild from the command line to rebuild native modules. This command rebuilds the modules for Electron version 13.1.7.
npx electron-rebuild -v 13.1.7
Rebuild Specific Modules
This feature allows you to rebuild specific native modules rather than all modules in the project. The code sample demonstrates how to rebuild only the 'native-module' for Electron version 13.1.7.
const { rebuild } = require('@electron/rebuild');
rebuild({
buildPath: __dirname,
electronVersion: '13.1.7',
onlyModules: ['native-module']
}).then(() => {
console.log('Rebuild complete!');
}).catch((err) => {
console.error('Rebuild failed:', err);
});
electron-builder is a complete solution to package and build a ready-for-distribution Electron app. It includes support for rebuilding native modules, but also offers a wide range of other features such as auto-updates, code signing, and multi-platform builds. Compared to @electron/rebuild, electron-builder is more comprehensive but also more complex.
node-gyp is a cross-platform command-line tool written in Node.js for compiling native addon modules for Node.js. While it can be used to rebuild native modules, it does not specifically target Electron and lacks the convenience features of @electron/rebuild. It requires more manual configuration and is generally used as a lower-level tool.
This executable rebuilds native Node.js modules against the version of Node.js that your Electron project is using. This allows you to use native Node.js modules in Electron apps without your system version of Node.js matching exactly (which is often not the case, and sometimes not even possible).
Install the package with --save-dev
:
npm install --save-dev @electron/rebuild
Then, whenever you install a new npm package, rerun electron-rebuild:
$(npm bin)/electron-rebuild
Or if you're on Windows:
.\node_modules\.bin\electron-rebuild.cmd
If you have a good node-gyp config but you see an error about a missing element on Windows like Could not load the Visual C++ component "VCBuild.exe"
, try to launch electron-rebuild in an npm script:
"scripts": {
"rebuild": "electron-rebuild -f -w yourmodule"
}
and then
npm run rebuild
Node v12.13.0 or higher is required. Building native modules from source uses
node-gyp
, refer to the link for its
installation/runtime requirements.
Usage: electron-rebuild --version [version] --module-dir [path]
Options:
-v, --version The version of Electron to build against [string]
-f, --force Force rebuilding modules, even if we would skip
it otherwise [boolean]
-a, --arch Override the target architecture to something
other than your system's [string]
-m, --module-dir The path to the node_modules directory to rebuild
[string]
-w, --which-module A specific module to build, or comma separated
list of modules. Modules will only be rebuilt if
they also match the types of dependencies being
rebuilt (see --types). [string]
-o, --only Only build specified module, or comma separated
list of modules. All others are ignored. [string]
-e, --electron-prebuilt-dir The path to the prebuilt electron module [string]
-d, --dist-url Custom header tarball URL [string]
-t, --types The types of dependencies to rebuild. Comma
separated list of "prod", "dev" and "optional".
Default is "prod,optional" [string]
-p, --parallel Rebuild in parallel, this is enabled by default
on macOS and Linux [boolean]
-s, --sequential Rebuild modules sequentially, this is enabled by
default on Windows [boolean]
-b, --debug Build debug version of modules [boolean]
--prebuild-tag-prefix GitHub tag prefix passed to prebuild-install.
Default is "v" [string]
--force-abi Override the ABI version for the version of
Electron you are targeting. Only use when
targeting Nightly releases. [number]
--use-electron-clang Use the clang executable that Electron used when
building its binary. This will guarantee compiler
compatibility [boolean]
--disable-pre-gyp-copy Disables the pre-gyp copy step [boolean]
--build-from-source Skips prebuild download and rebuilds module from
source. [boolean]
-h, --help Show help [boolean]
This package is automatically used with Electron Forge when packaging an Electron app.
electron-rebuild provides a function compatible with the afterCopy
hook
for Electron Packager. For example:
import packager from '@electron/packager';
import rebuild from '@electron/rebuild';
packager({
// … other options
afterCopy: [(buildPath, electronVersion, platform, arch, callback) => {
rebuild({ buildPath, electronVersion, arch })
.then(() => callback())
.catch((error) => callback(error));
}],
// … other options
});
If your module uses prebuild for creating prebuilt binaries,
it also uses prebuild-install to download them. If
this is the case, then electron-rebuild
will run prebuild-install
to download the correct
binaries from the project's GitHub Releases instead of rebuilding them.
electron-rebuild is also a library that you can require into your app or build process. It has a very simple API:
import rebuild from '@electron/rebuild';
// Public: Rebuilds a node_modules directory with the given Electron version.
//
// options: Object with the following properties
// buildPath - An absolute path to your app's directory. (The directory that contains your node_modules)
// electronVersion - The version of Electron to rebuild for
// arch (optional) - Default: process.arch - The arch to rebuild for
// extraModules (optional) - Default: [] - An array of modules to rebuild as well as the detected modules
// onlyModules (optional) - Default: null - An array of modules to rebuild, ONLY these module names will be rebuilt.
// The "types" property will be ignored if this option is set.
// force (optional) - Default: false - Force a rebuild of modules regardless of their current build state
// headerURL (optional) - Default: https://www.electronjs.org/headers - The URL to download Electron header files from
// types (optional) - Default: ['prod', 'optional'] - The types of modules to rebuild
// mode (optional) - The rebuild mode, either 'sequential' or 'parallel' - Default varies per platform (probably shouldn't mess with this one)
// useElectronClang (optional) - Whether to use the clang executable that Electron used when building its binary. This will guarantee compiler compatibility
// Returns a Promise indicating whether the operation succeeded or not
A full build process might look something like:
const childProcess = require('child_process');
const pathToElectron = require('electron');
rebuild({
buildPath: __dirname,
electronVersion: '1.4.12'
})
.then(() => console.info('Rebuild Successful'))
.catch((e) => {
console.error("Building modules didn't work!");
console.error(e);
});
FAQs
Electron supporting package to rebuild native node modules against the currently installed electron
The npm package @electron/rebuild receives a total of 223,507 weekly downloads. As such, @electron/rebuild popularity was classified as popular.
We found that @electron/rebuild demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.