Gathering detailed insights and metrics for builder-util-runtime
Gathering detailed insights and metrics for builder-util-runtime
A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
Installations
npm install builder-util-runtimeReleases
867
v26.0.0-alpha.6
v26.0.0-alpha.6
Published on 07 Nov 2024
v26.0.0-alpha.5
v26.0.0-alpha.5
Published on 01 Nov 2024
v26.0.0-alpha.4
v26.0.0-alpha.4
Published on 28 Oct 2024
electron-updater@6.4.0-alpha.1
electron-updater@6.4.0-alpha.1
Published on 28 Oct 2024
v26.0.0-alpha.3
v26.0.0-alpha.3
Published on 16 Oct 2024
v26.0.0-alpha.2
v26.0.0-alpha.2
Published on 13 Oct 2024
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>=12.0.0
Typescript Support
Yes
Node Version
18.20.4
NPM Version
10.7.0
Statistics
13,718 Stars
3,217 Commits
1,741 Forks
149 Watching
40 Branches
544 Contributors
Updated on 28 Nov 2024
Languages
TypeScript (90.6%)
NSIS (6.81%)
JavaScript (1.64%)
Shell (0.63%)
Dockerfile (0.27%)
Smarty (0.03%)
CSS (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
178,884,629
Last day
-2.3%
107,141
Compared to previous day
Last week
4.1%
578,868
Compared to previous week
Last month
11.8%
2,481,563
Compared to previous month
Last year
-46.9%
38,529,684
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
2
Versions
electron-builder 
A complete solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux with “auto update” support out of the box. :shipit:
Always looking for community contributions! 👀 Setting up a dev environment is easy to do 🪩
Sponsors
Documentation
See the full documentation on electron.build.
- NPM packages management:
- Native application dependencies compilation (including Yarn support).
- Development dependencies are never included. You don't need to ignore them explicitly.
- Two package.json structure is supported, but you are not forced to use it even if you have native production dependencies.
- Code Signing on a CI server or development machine.
- Auto Update ready application packaging.
- Numerous target formats:
- All platforms:
7z,zip,tar.xz,tar.7z,tar.lz,tar.gz,tar.bz2,dir(unpacked directory). - macOS:
dmg,pkg,mas. - Linux: AppImage, snap, debian package (
deb),rpm,freebsd,pacman,p5p,apk. - Windows:
nsis(Installer),nsis-web(Web installer),portable(portable app without installation), AppX (Windows Store), MSI, Squirrel.Windows.
- All platforms:
- Publishing artifacts to GitHub Releases, Amazon S3, DigitalOcean Spaces and Bintray.
- Advanced building:
- Pack in a distributable format already packaged app.
- Separate build steps.
- Build and publish in parallel, using hard links on CI server to reduce IO and disk space usage.
- electron-compile support (compile for release-time on the fly on build).
- Docker images to build Electron app for Linux or Windows on any platform.
- Proton Native support.
- Downloads all required tools files on demand automatically (e.g. to code sign windows application, to make AppX), no need to setup.
| Question | Answer |
|---|---|
| “I want to configure electron-builder” | See options |
| “I found a bug or I have a question” | Open an issue |
| “I want to support development” | Donate |
Installation
Yarn is strongly recommended instead of npm.
yarn add electron-builder --dev
Note for PNPM
In order to use with pnpm, you'll need to adjust your .npmrc to use any one the following approaches in order for your dependencies to be bundled correctly (ref: #6389):
node-linker=hoisted
public-hoist-pattern=*
shamefully-hoist=true
Note: Setting shamefully-hoist to true is the same as setting public-hoist-pattern to *.
Note for Yarn 3
Yarn 3 use PnP by default, but electron-builder still need node-modules(ref: yarnpkg/berry#4804). Add configuration in the .yarnrc.yaml as follows:
nodeLinker: "node-modules"
will declare to use node-modules instead of PnP.
Quick Setup Guide
electron-webpack-quick-start is a recommended way to create a new Electron application. See Boilerplates.
-
Specify the standard fields in the application
package.json— name,description,versionand author. -
Specify the build configuration in the
package.jsonas follows:1"build": { 2 "appId": "your.id", 3 "mac": { 4 "category": "your.app.category.type" 5 } 6}See all options. Option files to indicate which files should be packed in the final application, including the entry file, maybe required. You can also use separate configuration files, such as
js,ts,yml, andjson/json5. See read-config-file for supported extensions. JS Example for programmatic API -
Add icons.
-
Add the scripts key to the development
package.json:1"scripts": { 2 "app:dir": "electron-builder --dir", 3 "app:dist": "electron-builder" 4}Then you can run
yarn app:dist(to package in a distributable format (e.g. dmg, windows installer, deb package)) oryarn app:dir(only generates the package directory without really packaging it. This is useful for testing purposes).To ensure your native dependencies are always matched electron version, simply add script
"postinstall": "electron-builder install-app-deps"to yourpackage.json. -
If you have native addons of your own that are part of the application (not as a dependency), set nodeGypRebuild to
true.
Please note that everything is packaged into an asar archive by default.
For an app that will be shipped to production, you should sign your application. See Where to buy code signing certificates.
Programmatic Usage
See node_modules/electron-builder/out/index.d.ts. Typings for TypeScript are provided and also can be found here.
Code snippet provided below is also shown "in action" here as well.
1"use strict" 2 3const builder = require("electron-builder") 4const Platform = builder.Platform 5 6// Promise is returned 7builder.build({ 8 targets: Platform.MAC.createTarget(), 9 config: { 10 "//": "build options, see https://goo.gl/QQXmcV" 11 } 12}) 13 .then(() => { 14 // handle result 15 }) 16 .catch((error) => { 17 // handle error 18 })
Boilerplates
- electron-webpack-quick-start — A bare minimum project structure to get started developing with electron-webpack. Recommended.
- electron-react-boilerplate A boilerplate for scalable cross-platform desktop apps.
- electron-react-redux-boilerplate A minimal boilerplate to get started with Electron, React and Redux.
- electron-boilerplate A minimalistic yet comprehensive boilerplate application.
- Vue CLI 3 plugin for Electron A Vue CLI 3 plugin for Electron with no required configuration.
- electron-vue-vite A real simple Electron + Vue3 + Vite5 boilerplate.
- vite-electron-builder Secure boilerplate for Electron app based on Vite. Supports multiple frameworks.
Debug
Set the DEBUG environment variable to debug what electron-builder is doing:
1DEBUG=electron-builder
FPM_DEBUG env to add more details about building linux targets (except snap and appimage).
DEBUG_DMG=true env var to add more debugging/verbosity from hdiutil (macOS).
!!! tip "cmd"
On Windows the environment variable is set using the set command.
bash set DEBUG=electron-builder
!!! tip "PowerShell"
PowerShell uses different syntax to set environment variables.
bash $env:DEBUG=electron-builder
Donate
We do this open source work in our free time. If you'd like us to invest more time on it, please donate.
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
binaries present in source code
Details
- Warn: binary detected: test/fixtures/test-app-symlink-framework/hello-world/lib/Release/Hello.framework/Versions/A/Hello:1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:11
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-release.yml:15
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr-semantic.yml:16
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/pr-semantic.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-docker.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-netlify.yml:10
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/deploy-netlify.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-netlify.yml:10
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/pr-netlify.yml:11
- Info: found token with 'none' permissions: .github/workflows/pr-release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-semantic.yml:11
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:13
Reason
SAST tool is not run on all commits -- score normalized to 6
Details
- Warn: 20 commits out of 29 are checked with a SAST tool
Reason
Found 9/25 approved changesets -- score normalized to 3
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-netlify.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/deploy-netlify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/deploy-netlify.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/deploy-netlify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-netlify.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/pr-netlify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-netlify.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/pr-netlify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-netlify.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/pr-netlify.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/pr-release.yml/master?enable=pin
- Warn: containerImage not pinned by hash: docker/base/Dockerfile:1: pin your Docker image by updating buildpack-deps:focal-curl to buildpack-deps:focal-curl@sha256:4da6b2ff6ddf2c4364d0236b0a6fee455f768788ece240518c756ff7d4b06a8c
- Warn: containerImage not pinned by hash: docker/node/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine-chrome/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine-mono/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine/Dockerfile:2
- Warn: containerImage not pinned by hash: mkdocs-dockerfile:1: pin your Docker image by updating squidfunk/mkdocs-material:9.5 to squidfunk/mkdocs-material:9.5@sha256:d063d8460d449d5094da4b58c6e9b2aa8da869bb3a113a21401e0fe00bb8a628
- Warn: downloadThenRun not pinned by hash: docker/base/Dockerfile:6-20
- Warn: npmCommand not pinned by hash: docker/node/Dockerfile:11
- Warn: pipCommand not pinned by hash: mkdocs-dockerfile:2
- Warn: pipCommand not pinned by hash: netlify-docs.sh:2
- Info: 10 out of 10 GitHub-owned GitHubAction dependencies pinned
- Info: 3 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 6 containerImage dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 2 pipCommand dependencies pinned
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-7q7g-4xm8-89cq
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7
- Warn: Project is vulnerable to: GHSA-7x97-j373-85x5
- Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
5.5
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More