Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
electron-download
Advanced tools
Readme
Downloads an Electron release zip from GitHub.
Used by electron-prebuilt and electron-packager
Note: Requires Node >= 4.0 to run.
$ npm install --global electron-download
$ electron-download --version=0.31.1
const download = require('electron-download')
download({
version: '0.25.1',
arch: 'ia32',
platform: 'win32',
cache: './zips'
}, function (err, zipPath) {
// zipPath will be the path of the zip that it downloaded.
// If the zip was already cached it will skip
// downloading and call the cb with the cached zip path.
// If it wasn't cached it will download the zip and save
// it in the cache path.
})
If you don't specify arch
or platform
args it will use the built-in os
module to get the values from the current OS. Specifying version
is mandatory. If there is a SHASUMS256.txt
file available for the version
, the file downloaded will be validated against its checksum to ensure that it was downloaded without errors.
You can also use electron-download
to download the chromedriver
, ffmpeg
,
mksnapshot
, and symbols assets for a specific Electron release. This can be
configured by setting the chromedriver
, ffmpeg
, mksnapshot
, or
symbols
property to true
in the specified options object. Only one of
these options may be specified per download call.
You can force a re-download of the asset and the SHASUM
file by setting the
force
option to true
.
If you would like to override the mirror location, three options are available. The mirror URL is composed as url = ELECTRON_MIRROR + ELECTRON_CUSTOM_DIR + '/' + ELECTRON_CUSTOM_FILENAME
.
You can set the ELECTRON_MIRROR
or NPM_CONFIG_ELECTRON_MIRROR
environment variable or mirror
opt variable to use a custom base URL for grabbing Electron zips. The same pattern applies to ELECTRON_CUSTOM_DIR
and ELECTRON_CUSTOM_FILENAME
:
## Electron Mirror of China
ELECTRON_MIRROR="https://npm.taobao.org/mirrors/electron/"
## or for a local mirror
ELECTRON_MIRROR="https://10.1.2.105/"
ELECTRON_CUSTOM_DIR="our/internal/filePath"
ELECTRON_CUSTOM_FILENAME="electron.zip"
You can set ELECTRON_MIRROR in .npmrc
as well, using the lowercase name:
electron_mirror=https://10.1.2.105/
electron_custom_dir="our/internal/filePath"
electron_custom_filename="electron.zip"
You can also set the same variables in your project's package.json:
{
"name" : "my-electron-project",
"config" : {
"electron_mirror": "https://10.1.2.105/",
"electron_custom_dir": "our/internal/filePath",
"electron_custom_filename": "electron.zip"
}
}
The order of precedence is:
process.env.NPM_CONFIG_ELECTRON_*
)process.env.npm_config_electron_*
)process.env.npm_package_config_electron_*
)process.env.ELECTRON_*
)download
You can also disable checksum validation if you really want to (this is in
general a bad idea). Do this by setting disableChecksumSafetyCheck
to true
in the options object. Use this only when testing local build of Electron,
if you have internal builds of Electron you should generate the SHASUMS file
yourself and let electron-download
still perform its hash validations.
The location of the cache depends on the operating system, the defaults are:
$XDG_CACHE_HOME
or ~/.cache/electron/
~/Library/Caches/electron/
$LOCALAPPDATA/electron/Cache
or ~/AppData/Local/electron/Cache/
You can set the ELECTRON_CACHE
environment variable to set cache location explicitly.
FAQs
download electron prebuilt binary zips from github releases
The npm package electron-download receives a total of 50,622 weekly downloads. As such, electron-download popularity was classified as popular.
We found that electron-download demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.