Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
electron
Advanced tools
Electron is a framework for creating native applications with web technologies like JavaScript, HTML, and CSS. It combines the Chromium rendering engine and the Node.js runtime, allowing you to build cross-platform desktop applications.
Creating a Browser Window
This feature allows you to create a new browser window in your Electron application. The code sample demonstrates how to create a window and load a URL into it.
const { app, BrowserWindow } = require('electron');
app.on('ready', () => {
const mainWindow = new BrowserWindow({ width: 800, height: 600 });
mainWindow.loadURL('https://example.com');
});
Inter-Process Communication (IPC)
Electron provides IPC (Inter-Process Communication) to allow communication between the main process and renderer processes. The code sample shows how to send and receive messages asynchronously.
const { ipcMain, ipcRenderer } = require('electron');
// Main process
ipcMain.on('asynchronous-message', (event, arg) => {
console.log(arg); // prints 'ping'
event.reply('asynchronous-reply', 'pong');
});
// Renderer process
ipcRenderer.send('asynchronous-message', 'ping');
ipcRenderer.on('asynchronous-reply', (event, arg) => {
console.log(arg); // prints 'pong'
});
Using Node.js Modules
Electron allows you to use Node.js modules in your application. The code sample demonstrates how to use the 'fs' module to read a file.
const fs = require('fs');
fs.readFile('/path/to/file', (err, data) => {
if (err) throw err;
console.log(data.toString());
});
Packaging the Application
Electron applications can be packaged for distribution using tools like 'electron-packager'. The code sample shows how to package an Electron app for Windows using a child process.
const { exec } = require('child_process');
exec('electron-packager . myApp --platform=win32 --arch=x64', (err, stdout, stderr) => {
if (err) {
console.error(`exec error: ${err}`);
return;
}
console.log(`stdout: ${stdout}`);
console.error(`stderr: ${stderr}`);
});
NW.js (previously known as node-webkit) is another framework for building desktop applications using web technologies. It also combines Node.js and Chromium but offers different APIs and a different approach to application architecture compared to Electron.
Proton Native is a framework for building native desktop applications using React. Unlike Electron, which uses web technologies and Chromium, Proton Native uses native components for rendering, which can result in better performance and a more native look and feel.
:memo: Available Translations: π¨π³ π§π· πͺπΈ π―π΅ π·πΊ π«π· πΊπΈ π©πͺ. View these docs in other languages on our Crowdin project.
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.
Follow @electronjs on Twitter for important announcements.
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.
To install prebuilt Electron binaries, use npm
.
The preferred method is to install Electron as a development dependency in your
app:
npm install electron --save-dev
For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.
Each Electron release provides binaries for macOS, Windows, and Linux.
ia32
(x86
), x64
(amd64
), and arm64
binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.Use Electron Fiddle
to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and
to try out different versions of Electron. It's designed to make the start of your journey with
Electron easier.
Alternatively, clone and run the electron/electron-quick-start repository to see a minimal Electron app in action:
git clone https://github.com/electron/electron-quick-start
cd electron-quick-start
npm install
npm start
Most people use Electron from the command line, but if you require electron
inside
your Node app (not your Electron app) it will return the file path to the
binary. Use this to spawn Electron from Node scripts:
const electron = require('electron')
const proc = require('node:child_process')
// will print something similar to /Users/maf/.../Electron
console.log(electron)
// spawn Electron
const child = proc.spawn(electron)
See the Advanced Installation Instructions to learn how to use a custom mirror.
We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.
If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.
Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.
When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.
FAQs
Build cross platform desktop apps with JavaScript, HTML, and CSS
The npm package electron receives a total of 753,290 weekly downloads. As such, electron popularity was classified as popular.
We found that electron demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.