electron-updater
Advanced tools
electron-updater - npm Package Compare versions
Comparing version 0.3.1 to 1.1.0
| { | ||
| "name": "electron-updater", | ||
| "version": "0.3.1", | ||
| "description": "Cross platform auto-updater for electron applications", | ||
| "main": "index.js", | ||
| "author": "Evolve LLC", | ||
| "version": "1.1.0", | ||
| "description": "NSIS Auto Updater", | ||
| "main": "out/main.js", | ||
| "author": "Vladimir Krivosheev", | ||
| "license": "MIT", | ||
| "keywords": [ | ||
| "electron" | ||
| "repository": "electron-userland/electron-builder", | ||
| "bugs": "https://github.com/electron-userland/electron-builder/issues", | ||
| "homepage": "https://github.com/electron-userland/electron-builder", | ||
| "files": [ | ||
| "out" | ||
| ], | ||
| "homepage": "https://github.com/evolvelabs/electron-updater", | ||
| "repository": { | ||
| "type": "git", | ||
| "url": "https://github.com/evolvelabs/electron-updater.git" | ||
| }, | ||
| "bugs": { | ||
| "url": "https://github.com/evolvelabs/electron-updater/issues" | ||
| }, | ||
| "scripts": { | ||
| "test": "mocha", | ||
| "watch": "mocha --watch" | ||
| }, | ||
| "bin": { | ||
| "electron-updater": "./bin/cli", | ||
| "elup": "./bin/cli" | ||
| }, | ||
| "dependencies": { | ||
| "appdirectory": "^0.1.0", | ||
| "async": "^0.9.0", | ||
| "commander": "^2.8.1", | ||
| "glob": "^5.0.14", | ||
| "got": "^4.2.0", | ||
| "minimist": "^1.1.1", | ||
| "semver": "^4.3.3", | ||
| "spin": "0.0.1", | ||
| "tar-stream": "^1.1.4", | ||
| "unzip": "^0.1.11" | ||
| "bluebird-lst-c": "^1.0.6", | ||
| "fs-extra-p": "^3.1.0", | ||
| "js-yaml": "^3.7.0", | ||
| "semver": "^5.3.0", | ||
| "source-map-support": "^0.4.10", | ||
| "electron-builder-http": "11.5.0" | ||
| }, | ||
| "bundledDependencies": [ | ||
| "appdirectory", | ||
| "async", | ||
| "glob", | ||
| "got", | ||
| "minimist", | ||
| "semver", | ||
| "spin", | ||
| "tar-stream", | ||
| "unzip" | ||
| ], | ||
| "devDependencies": { | ||
| "chai": "^2.3.0", | ||
| "mocha": "^2.2.4", | ||
| "proxyquire": "^1.4.0", | ||
| "sinon": "^1.14.1" | ||
| } | ||
| "typings": "./out/electron-auto-updater.d.ts" | ||
| } |
148
README.md
@@ -1,147 +0,3 @@ | ||
| # electron-updater | ||
| Cross platform auto-updater for electron apps | ||
| # electron-auto-updater | ||
| [](https://travis-ci.org/EvolveLabs/electron-updater) | ||
| # NOTE | ||
| This project is in maintainance only mode. It is recommended that you use the `electron-packager` and `electron-builder` projects to generate complete installable versions of your applications and use either the OS specific stores or some other mechanism for distributing your installers. | ||
| # Install | ||
| There are three main packages that make up the `electron-updater`. | ||
| $ npm install electron-updater --save | ||
| $ npm install electron-plugins --save | ||
| $ npm install electron-updater-tools -g | ||
| > **NOTE:** Requires electron version `>=0.33.3`. | ||
| The [electron-updater](htps://npmjs.org/package/electron-updater) package itself runs in your app's main process and does the actual updating. The [electron-plugins](https://npmjs.org/package/electron-plugins) project specifically loads the plugins downloaded by the updater in the render process. The third project, [electron-updater-tools](https://npmjs.org/package/electron-updater-tools) contains various scripts useful for building native electron addons as well as linking plugins during development time. | ||
| # Usage | ||
| Integrate the electron-updater into your electron main process. Below is a simplified example of the [Electron Quick Start](http://electron.atom.io/docs/latest/tutorial/quick-start/#write-your-first-electron-app) code with the `electron-updater` mixed in. | ||
| ## Example main.js | ||
| ```JavaScript | ||
| var app = require('app'), | ||
| BrowserWindow = require('browser-window'), | ||
| updater = require('electron-updater') | ||
| var mainWindow = null | ||
| app.on('ready', function() { | ||
| updater.on('ready', function () { | ||
| mainWindow = new BrowserWindow({width: 800, height: 600}) | ||
| mainWindow.loadURL('file://' + __dirname + '/index.html') | ||
| mainWindow.openDevTools({detach:true}) | ||
| mainWindow.on('closed', function() { | ||
| mainWindow = null; | ||
| }) | ||
| }) | ||
| updater.on('updateRequired', function () { | ||
| app.quit(); | ||
| }) | ||
| updater.on('updateAvailable', function () { | ||
| mainWindow.webContents.send('update-available'); | ||
| }) | ||
| updater.start() | ||
| }) | ||
| ``` | ||
| ## Example index.js (running in render process) | ||
| ```JavaScript | ||
| var plugins = require('electron-plugins'), | ||
| electron = require('electron'), | ||
| ipc = electron.ipcRenderer | ||
| document.addEventListener('DOMContentLoaded', function () { | ||
| var context = { document: document } | ||
| plugins.load(context, function (err, loaded) { | ||
| if(err) return console.error(err) | ||
| console.log('Plugins loaded successfully.') | ||
| }) | ||
| }) | ||
| ipc.on('update-available', function () { | ||
| console.log('there is an update available for download') | ||
| }) | ||
| ``` | ||
| # Error handling | ||
| By default errors are logged to both the console and a file. The default log file location is obtained by getting the [AppDirectory.userData()](https://www.npmjs.com/package/appdirectory) folder: `{userData}/logs/updater.log`. Additionally you can replace the default logger or simply handle errors manually with the below optional API's: | ||
| ``` | ||
| updater.on('error', function (err) { | ||
| // todo: manually handle errors here in addition to default logger behavior... | ||
| }); | ||
| // The logger signature is essentially the same as the console. | ||
| var customLogger = { | ||
| log: console.log, | ||
| error: console.error, | ||
| info: console.info, | ||
| warn: console.warn, | ||
| debug: console.debug | ||
| }; | ||
| updater.start(customLogger); | ||
| ``` | ||
| # Publishing Updates | ||
| There are two kinds of updates you can publish: | ||
| * The Application itself | ||
| * Plugins | ||
| Both kinds of updatable packages are distributed through [npm](http://npmjs.org). This means that publishing updates to your application and plugins are essentially done like this: | ||
| ``` | ||
| $ npm pack | ||
| $ npm pub | ||
| ``` | ||
| The application will periodically check npm for updates to any packages and update them when it can. | ||
| ## Hosting your own npm server | ||
| If you are developing a commercial application, or just want to control distribution yourself, you should host your own packages on your own npm server. | ||
| Add a path to your registry in the applications `package.json`: | ||
| ``` | ||
| "registry": "http://npm.mycompany.com:4873", | ||
| ``` | ||
| To tell npm to use this registry also, create a [.npmrc file](https://docs.npmjs.com/files/npmrc) in your application root directory containing: | ||
| ``` | ||
| registry=http://npm.mycompany.com:4873 | ||
| ``` | ||
| Fortunately, hosting your own npm server is very easy to do with [sinopia](http://npmjs.org/packages/sinopia). | ||
| ``` | ||
| $ npm install sinopia -g | ||
| $ sinopia | ||
| ``` | ||
| To run sinopia as a service, you can use [forever](http://npmjs.org/packages/forever). | ||
| ``` | ||
| $ npm install forever -g | ||
| $ forever start sinopia | ||
| ``` | ||
| ## Plugins | ||
| Plugins are different than normal dependencies. To establish a link to a plugin, add a `plugins` entry into your applications `package.json`: | ||
| ``` | ||
| "dependencies": { | ||
| # ... | ||
| }, | ||
| "plugins": { | ||
| "electron-updater-example-plugin": "~0.1.0" | ||
| }, | ||
| ``` | ||
| When your application runs it will download and install these plugins into your users [AppDirectory.userData()](https://www.npmjs.com/package/appdirectory) folder. The main benefits of plugins is: | ||
| * Gauranteed user directory, does not require elevation to update. | ||
| * Supports side-by-side installation, so they can be updated while the app is running. | ||
| * Application can be refreshed instead of restarted to apply updates. | ||
| * Load arbitrary plugins using [electron-plugins](https://npmjs.org/packages/electron-plugins), instead of having fixed dependencies only. | ||
| In the `userData` folder there is also a `.current` file created, which is used to maintain the list of currently installed plugins. You can add items to that file to install non-default plugins. | ||
| # Distributing binaries | ||
| Until there is better documentation on this, see these issues for answers: | ||
| * https://github.com/EvolveLabs/electron-updater/issues/21 | ||
| * https://github.com/EvolveLabs/electron-updater/issues/10 | ||
| ### Related | ||
| See the [`electron-builder`](https://www.npmjs.com/package/electron-builder) project for creating installers for | ||
| various platforms. | ||
| [Auto Update](https://github.com/electron-userland/electron-builder/wiki/Auto-Update). |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 3 instances in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Uses eval
Supply chain riskPackage uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.
Found 2 instances in 1 package
Debug access
Supply chain riskUses debug, reflection and dynamic code execution features.
Found 2 instances in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 12 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 2 instances in 1 package
High entropy strings
Supply chain riskContains high entropy strings. This could be a sign of encrypted data, leaked secrets or obfuscated code.
Found 1 instance in 1 package
Mixed license
License(Experimental) Package contains multiple licenses.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-40%
6
- Dev dependency count
- decreased by-100%
0
- Number of low license alerts
- decreased by-100%
0
- Number of low quality alerts
- decreased by-100%
0
- Number of low supply chain risk alerts
- decreased by-97.5%
4
- Number of medium supply chain risk alerts
- decreased by-85%
3
Worsened metrics
- Total package byte prevSize
- decreased by-97.83%
87955
- Number of package files
- decreased by-97.54%
21
- Lines of code
- decreased by-98.72%
939
- Number of low maintenance alerts
- increased byInfinity%
1
- Number of lines in readme file
- decreased by-97.97%
3
Dependency changes
+ Addedbluebird-lst-c@^1.0.6
+ Addedelectron-builder-http@11.5.0
+ Addedfs-extra-p@^3.1.0
+ Addedjs-yaml@^3.7.0
+ Addedsource-map-support@^0.4.10
+ Addedargparse@1.0.10(transitive)
+ Addedbluebird@3.7.2(transitive)
+ Addedbluebird-lst-c@1.0.6(transitive)
+ Addeddebug@2.6.0(transitive)
+ Addedelectron-builder-http@11.5.0(transitive)
+ Addedesprima@4.0.1(transitive)
+ Addedfs-extra@2.1.2(transitive)
+ Addedfs-extra-p@3.1.0(transitive)
+ Addedgraceful-fs@4.2.11(transitive)
+ Addedjs-yaml@3.14.1(transitive)
+ Addedjsonfile@2.4.0(transitive)
+ Addedms@0.7.2(transitive)
+ Addedsemver@5.7.2(transitive)
+ Addedsource-map@0.5.7(transitive)
+ Addedsource-map-support@0.4.18(transitive)
+ Addedsprintf-js@1.0.3(transitive)
- Removedappdirectory@^0.1.0
- Removedasync@^0.9.0
- Removedcommander@^2.8.1
- Removedglob@^5.0.14
- Removedgot@^4.2.0
- Removedminimist@^1.1.1
- Removedspin@0.0.1
- Removedtar-stream@^1.1.4
- Removedunzip@^0.1.11
- Removedcommander@2.20.3(transitive)
Updatedsemver@^5.3.0