Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@ryverapp/electron-packager
Advanced tools
Customize and package your Electron app with OS-specific bundles (.app, .exe, etc.) via JS or CLI
Package your Electron app into OS-specific bundles (.app
, .exe
, etc.) via JavaScript or the command line.
Supported Platforms | Installation | Usage | API | Contributing | Support | Related Apps/Libraries | FAQ | Release Notes
Electron Packager is a command line tool and Node.js library that bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution.
For creating distributables like installers and Linux packages, consider using either Electron Forge (which uses Electron Packager internally), or one of the related Electron tools, which utilizes Electron Packager-created folders as a basis.
Note that packaged Electron applications can be relatively large. A zipped, minimal Electron
application is approximately the same size as the zipped prebuilt binary for a given target
platform, target arch, and Electron version
(files named electron-v${version}-${platform}-${arch}.zip
).
Individuals making significant and valuable contributions are given commit-access to the project to contribute as they see fit. This project is more like an open wiki than a standard guarded open source project.
See CONTRIBUTING.md and openopensource.org for more details.
Electron Packager is known to run on the following host platforms:
It generates executables/bundles for the following target platforms:
win32
, for both 32/64 bit)darwin
) / Mac App Store (also known as mas
)** Note for OS X / MAS target bundles: the .app
bundle can only be signed when building on a host OS X platform.
This module requires Node.js 4.0 or higher to run.
# for use in npm scripts
npm install electron-packager --save-dev
# for use from cli
npm install electron-packager -g
Building an Electron app for the Windows target platform requires editing the Electron.exe
file.
Currently, Electron Packager uses node-rcedit to accomplish
this. A Windows executable is bundled in that Node package and needs to be run in order for this
functionality to work, so on non-Windows host platforms, Wine 1.6 or
later needs to be installed. On OS X, it is installable via Homebrew.
JavaScript API usage can be found in the API documentation.
Running electron-packager from the command line has this basic form:
electron-packager <sourcedir> <appname> --platform=<platform> --arch=<arch> [optional flags...]
This will:
<out>/<appname>-<platform>-<arch>
(this can be customized via an optional flag)--platform
and --arch
can be omitted, in two cases:
--all
instead, bundles for all valid combinations of target
platforms/architectures will be created.For an overview of the other optional flags, run electron-packager --help
or see
usage.txt. For
detailed descriptions, see the API documentation.
If appname
is omitted, this will use the name specified by "productName" or "name" in the nearest package.json.
Characters in the Electron app name which are not allowed in all target platforms' filenames
(e.g., /
), will be replaced by hyphens (-
).
You should be able to launch the app on the platform you built for. If not, check your settings and try again.
Be careful not to include node_modules
you don't want into your final app. If you put them in
the devDependencies
section of package.json
, by default none of the modules related to those
dependencies will be copied in the app bundles. (This behavior can be turned off with the
--no-prune
flag.) In addition, folders like .git
and node_modules/.bin
will be ignored by
default. You can use --ignore
to ignore files and folders via a regular expression (not a
glob pattern). Examples include
--ignore=\.gitignore
or --ignore="\.git(ignore|modules)"
.
Let's assume that you have made an app based on the electron-quick-start repository on a OS X host platform with the following file structure:
foobar
├── package.json
├── index.html
├── […other files, like LICENSE…]
└── script.js
…and that the following is true:
electron-packager
is installed globallyproductName
in package.json
has been set to Foo Bar
electron
module is in the devDependencies
section of package.json
, and set to the exact version of 1.4.15
.npm install
for the Foo Bar
app has been run at least onceWhen one runs the following command for the first time in the foobar
directory:
electron-packager .
electron-packager
will do the following:
sourcedir
appname
from the productName
in package.json
appVersion
from the version
in package.json
platform
and arch
from the host, in this example, darwin
platform and x64
arch.~/.electron
)Foo Bar.app
Foo Bar.app
in foobar/Foo Bar-darwin-x64/
(since an out
directory was not specified, it used the current working directory)The file structure now looks like:
foobar
├── Foo Bar-darwin-x64
│ ├── Foo Bar.app
│ │ └── […Mac app contents…]
│ ├── LICENSE
│ └── version
├── […other application bundles, like "Foo Bar-win32-x64" (sans quotes)…]
├── package.json
├── index.html
├── […other files, like LICENSE…]
└── script.js
The Foo Bar.app
folder generated can be executed by a system running OS X, which will start the packaged Electron app. This is also true of the Windows x64 build on a system running a new enough version of Windows for a 64-bit system (via Foo Bar-win32-x64/Foo Bar.exe
), and so on.
Windows:
OS X:
Linux:
These Node modules utilize Electron Packager API hooks:
FAQs
Customize and package your Electron app with OS-specific bundles (.app, .exe, etc.) via JS or CLI
We found that @ryverapp/electron-packager demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.