electron-updater
Advanced tools
Comparing version 0.3.1 to 1.1.0
{ | ||
"name": "electron-updater", | ||
"version": "0.3.1", | ||
"description": "Cross platform auto-updater for electron applications", | ||
"main": "index.js", | ||
"author": "Evolve LLC", | ||
"version": "1.1.0", | ||
"description": "NSIS Auto Updater", | ||
"main": "out/main.js", | ||
"author": "Vladimir Krivosheev", | ||
"license": "MIT", | ||
"keywords": [ | ||
"electron" | ||
"repository": "electron-userland/electron-builder", | ||
"bugs": "https://github.com/electron-userland/electron-builder/issues", | ||
"homepage": "https://github.com/electron-userland/electron-builder", | ||
"files": [ | ||
"out" | ||
], | ||
"homepage": "https://github.com/evolvelabs/electron-updater", | ||
"repository": { | ||
"type": "git", | ||
"url": "https://github.com/evolvelabs/electron-updater.git" | ||
}, | ||
"bugs": { | ||
"url": "https://github.com/evolvelabs/electron-updater/issues" | ||
}, | ||
"scripts": { | ||
"test": "mocha", | ||
"watch": "mocha --watch" | ||
}, | ||
"bin": { | ||
"electron-updater": "./bin/cli", | ||
"elup": "./bin/cli" | ||
}, | ||
"dependencies": { | ||
"appdirectory": "^0.1.0", | ||
"async": "^0.9.0", | ||
"commander": "^2.8.1", | ||
"glob": "^5.0.14", | ||
"got": "^4.2.0", | ||
"minimist": "^1.1.1", | ||
"semver": "^4.3.3", | ||
"spin": "0.0.1", | ||
"tar-stream": "^1.1.4", | ||
"unzip": "^0.1.11" | ||
"bluebird-lst-c": "^1.0.6", | ||
"fs-extra-p": "^3.1.0", | ||
"js-yaml": "^3.7.0", | ||
"semver": "^5.3.0", | ||
"source-map-support": "^0.4.10", | ||
"electron-builder-http": "11.5.0" | ||
}, | ||
"bundledDependencies": [ | ||
"appdirectory", | ||
"async", | ||
"glob", | ||
"got", | ||
"minimist", | ||
"semver", | ||
"spin", | ||
"tar-stream", | ||
"unzip" | ||
], | ||
"devDependencies": { | ||
"chai": "^2.3.0", | ||
"mocha": "^2.2.4", | ||
"proxyquire": "^1.4.0", | ||
"sinon": "^1.14.1" | ||
} | ||
"typings": "./out/electron-auto-updater.d.ts" | ||
} |
148
README.md
@@ -1,147 +0,3 @@ | ||
# electron-updater | ||
Cross platform auto-updater for electron apps | ||
# electron-auto-updater | ||
[![Build Status](https://travis-ci.org/EvolveLabs/electron-updater.svg?branch=master)](https://travis-ci.org/EvolveLabs/electron-updater) | ||
# NOTE | ||
This project is in maintainance only mode. It is recommended that you use the `electron-packager` and `electron-builder` projects to generate complete installable versions of your applications and use either the OS specific stores or some other mechanism for distributing your installers. | ||
# Install | ||
There are three main packages that make up the `electron-updater`. | ||
$ npm install electron-updater --save | ||
$ npm install electron-plugins --save | ||
$ npm install electron-updater-tools -g | ||
> **NOTE:** Requires electron version `>=0.33.3`. | ||
The [electron-updater](htps://npmjs.org/package/electron-updater) package itself runs in your app's main process and does the actual updating. The [electron-plugins](https://npmjs.org/package/electron-plugins) project specifically loads the plugins downloaded by the updater in the render process. The third project, [electron-updater-tools](https://npmjs.org/package/electron-updater-tools) contains various scripts useful for building native electron addons as well as linking plugins during development time. | ||
# Usage | ||
Integrate the electron-updater into your electron main process. Below is a simplified example of the [Electron Quick Start](http://electron.atom.io/docs/latest/tutorial/quick-start/#write-your-first-electron-app) code with the `electron-updater` mixed in. | ||
## Example main.js | ||
```JavaScript | ||
var app = require('app'), | ||
BrowserWindow = require('browser-window'), | ||
updater = require('electron-updater') | ||
var mainWindow = null | ||
app.on('ready', function() { | ||
updater.on('ready', function () { | ||
mainWindow = new BrowserWindow({width: 800, height: 600}) | ||
mainWindow.loadURL('file://' + __dirname + '/index.html') | ||
mainWindow.openDevTools({detach:true}) | ||
mainWindow.on('closed', function() { | ||
mainWindow = null; | ||
}) | ||
}) | ||
updater.on('updateRequired', function () { | ||
app.quit(); | ||
}) | ||
updater.on('updateAvailable', function () { | ||
mainWindow.webContents.send('update-available'); | ||
}) | ||
updater.start() | ||
}) | ||
``` | ||
## Example index.js (running in render process) | ||
```JavaScript | ||
var plugins = require('electron-plugins'), | ||
electron = require('electron'), | ||
ipc = electron.ipcRenderer | ||
document.addEventListener('DOMContentLoaded', function () { | ||
var context = { document: document } | ||
plugins.load(context, function (err, loaded) { | ||
if(err) return console.error(err) | ||
console.log('Plugins loaded successfully.') | ||
}) | ||
}) | ||
ipc.on('update-available', function () { | ||
console.log('there is an update available for download') | ||
}) | ||
``` | ||
# Error handling | ||
By default errors are logged to both the console and a file. The default log file location is obtained by getting the [AppDirectory.userData()](https://www.npmjs.com/package/appdirectory) folder: `{userData}/logs/updater.log`. Additionally you can replace the default logger or simply handle errors manually with the below optional API's: | ||
``` | ||
updater.on('error', function (err) { | ||
// todo: manually handle errors here in addition to default logger behavior... | ||
}); | ||
// The logger signature is essentially the same as the console. | ||
var customLogger = { | ||
log: console.log, | ||
error: console.error, | ||
info: console.info, | ||
warn: console.warn, | ||
debug: console.debug | ||
}; | ||
updater.start(customLogger); | ||
``` | ||
# Publishing Updates | ||
There are two kinds of updates you can publish: | ||
* The Application itself | ||
* Plugins | ||
Both kinds of updatable packages are distributed through [npm](http://npmjs.org). This means that publishing updates to your application and plugins are essentially done like this: | ||
``` | ||
$ npm pack | ||
$ npm pub | ||
``` | ||
The application will periodically check npm for updates to any packages and update them when it can. | ||
## Hosting your own npm server | ||
If you are developing a commercial application, or just want to control distribution yourself, you should host your own packages on your own npm server. | ||
Add a path to your registry in the applications `package.json`: | ||
``` | ||
"registry": "http://npm.mycompany.com:4873", | ||
``` | ||
To tell npm to use this registry also, create a [.npmrc file](https://docs.npmjs.com/files/npmrc) in your application root directory containing: | ||
``` | ||
registry=http://npm.mycompany.com:4873 | ||
``` | ||
Fortunately, hosting your own npm server is very easy to do with [sinopia](http://npmjs.org/packages/sinopia). | ||
``` | ||
$ npm install sinopia -g | ||
$ sinopia | ||
``` | ||
To run sinopia as a service, you can use [forever](http://npmjs.org/packages/forever). | ||
``` | ||
$ npm install forever -g | ||
$ forever start sinopia | ||
``` | ||
## Plugins | ||
Plugins are different than normal dependencies. To establish a link to a plugin, add a `plugins` entry into your applications `package.json`: | ||
``` | ||
"dependencies": { | ||
# ... | ||
}, | ||
"plugins": { | ||
"electron-updater-example-plugin": "~0.1.0" | ||
}, | ||
``` | ||
When your application runs it will download and install these plugins into your users [AppDirectory.userData()](https://www.npmjs.com/package/appdirectory) folder. The main benefits of plugins is: | ||
* Gauranteed user directory, does not require elevation to update. | ||
* Supports side-by-side installation, so they can be updated while the app is running. | ||
* Application can be refreshed instead of restarted to apply updates. | ||
* Load arbitrary plugins using [electron-plugins](https://npmjs.org/packages/electron-plugins), instead of having fixed dependencies only. | ||
In the `userData` folder there is also a `.current` file created, which is used to maintain the list of currently installed plugins. You can add items to that file to install non-default plugins. | ||
# Distributing binaries | ||
Until there is better documentation on this, see these issues for answers: | ||
* https://github.com/EvolveLabs/electron-updater/issues/21 | ||
* https://github.com/EvolveLabs/electron-updater/issues/10 | ||
### Related | ||
See the [`electron-builder`](https://www.npmjs.com/package/electron-builder) project for creating installers for | ||
various platforms. | ||
[Auto Update](https://github.com/electron-userland/electron-builder/wiki/Auto-Update). |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 12 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
High entropy strings
Supply chain riskContains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
6
0
0
0
4
3
87955
21
939
1
3
+ Addedbluebird-lst-c@^1.0.6
+ Addedelectron-builder-http@11.5.0
+ Addedfs-extra-p@^3.1.0
+ Addedjs-yaml@^3.7.0
+ Addedsource-map-support@^0.4.10
+ Addedargparse@1.0.10(transitive)
+ Addedbluebird@3.7.2(transitive)
+ Addedbluebird-lst-c@1.0.6(transitive)
+ Addeddebug@2.6.0(transitive)
+ Addedelectron-builder-http@11.5.0(transitive)
+ Addedesprima@4.0.1(transitive)
+ Addedfs-extra@2.1.2(transitive)
+ Addedfs-extra-p@3.1.0(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedjs-yaml@3.14.1(transitive)
+ Addedjsonfile@2.4.0(transitive)
+ Addedms@0.7.2(transitive)
+ Addedsemver@5.7.2(transitive)
+ Addedsource-map@0.5.7(transitive)
+ Addedsource-map-support@0.4.18(transitive)
+ Addedsprintf-js@1.0.3(transitive)
- Removedappdirectory@^0.1.0
- Removedasync@^0.9.0
- Removedcommander@^2.8.1
- Removedglob@^5.0.14
- Removedgot@^4.2.0
- Removedminimist@^1.1.1
- Removedspin@0.0.1
- Removedtar-stream@^1.1.4
- Removedunzip@^0.1.11
- Removedcommander@2.20.3(transitive)
Updatedsemver@^5.3.0