Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@swiftmr/electron-builder
Advanced tools
Readme
A complete solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux with “auto update” support out of the box.
See documentation on electron.build.
7z
, zip
, tar.xz
, tar.7z
, tar.lz
, tar.gz
, tar.bz2
, dir
(unpacked directory).dmg
, pkg
, mas
.deb
), rpm
, freebsd
, pacman
, p5p
, apk
.nsis
(Installer), nsis-web
(Web installer), portable
(portable app without installation), AppX (Windows Store), MSI, Squirrel.Windows.Question | Answer |
---|---|
“I want to configure electron-builder” | See options |
“I have a question” | Join the discussions |
“I found a bug” | Open an issue |
“I want to support development” | Donate |
Yarn is strongly recommended instead of npm.
yarn add @swiftmr/electron-builder --dev
electron-webpack-quick-start is a recommended way to create a new Electron application. See Boilerplates.
Specify the standard fields in the application package.json
— name, description
, version
and author.
Specify the build configuration in the package.json
as follows:
"build": {
"appId": "your.id",
"mac": {
"category": "your.app.category.type"
}
}
See all options. Option files to indicate which files should be packed in the final application, including the entry file, maybe required.
Add icons.
Add the scripts key to the development package.json
:
"scripts": {
"pack": "electron-builder --dir",
"dist": "electron-builder"
}
Then you can run yarn dist
(to package in a distributable format (e.g. dmg, windows installer, deb package)) or yarn run pack
(only generates the package directory without really packaging it. This is useful for testing purposes).
To ensure your native dependencies are always matched electron version, simply add script "postinstall": "electron-builder install-app-deps"
to your package.json
.
If you have native addons of your own that are part of the application (not as a dependency), set nodeGypRebuild to true
.
Please note that everything is packaged into an asar archive by default.
For an app that will be shipped to production, you should sign your application. See Where to buy code signing certificates.
We do this open source work in our free time. If you'd like us to invest more time on it, please donate. Donation can be used to increase some issue priority.
FAQs
Unknown package
We found that @swiftmr/electron-builder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.