npmpackage.info

Gathering detailed insights and metrics for electron

Other packages similar to electron

electron-to-chromium

1.5.187

Provides a list of electron-to-chromium version mappings

@electron/get

4.0.2

Utility for downloading artifacts from different versions of Electron

@electron/universal

3.0.0

Utility for creating Universal macOS applications from two x64 and arm64 Electron applications

electron-builder

26.0.12

A complete solution to package and build a ready for distribution Electron app for MacOS, Windows and Linux with “auto update” support out of the box

Gathering detailed insights and metrics for electron

electron - 37.2.3 | npmpackage.info

electron

:electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS Build cross-platform desktop apps with JavaScript, HTML, and CSS

37.2.3

117,512

MIT

C++

1.02 MB

6.5

Installations

npm install electron

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>= 12.20.55

Node Version

22.17.0

NPM Version

10.9.2 Score

84.8

Supply Chain

98.6

Quality

95.6

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

115

Total

25,981

Closed

2,820

Merged

23,046

Issues

Open

752

Total

20,972

Closed

20,220

Releases

1,716

electron v38.0.0-alpha.7

v38.0.0-alpha.7

Updated on Jul 17, 2025

electron v37.2.3

v37.2.3

Updated on Jul 16, 2025

electron v37.2.2

v37.2.2

Updated on Jul 15, 2025

electron v35.7.2

v35.7.2

Updated on Jul 15, 2025

electron v38.0.0-alpha.6

v38.0.0-alpha.6

Updated on Jul 14, 2025

electron v36.7.1

v36.7.1

Updated on Jul 11, 2025

View All 1,716 releases

Languages

C++

TypeScript

Objective-C++

JavaScript

Python

Objective-C

HTML

Shell

CSS

Starlark

C++ (56.86%)

TypeScript (32.44%)

Objective-C++ (5.74%)

JavaScript (2.16%)

Python (1.82%)

Objective-C (0.6%)

HTML (0.17%)

Shell (0.12%)

C (0.04%)

CSS (0.03%)

Starlark (0.01%)

Developer

electron

Download Statistics

Total Downloads

Last Day

Last Week

Last Month

Last Year

GitHub Statistics

MIT License

117,512 Stars

29,489 Commits

16,221 Forks

2,810 Watchers

298 Branches

1,295 Contributors

Updated on Jul 19, 2025

Maintainers

View All 1,295 Contributors

Package Meta Information

Latest Version

37.2.3

Package Id

electron@37.2.3

Unpacked Size

1.02 MB

Size

173.20 kB

File Count

NPM Version

10.9.2

Node Version

22.17.0

Published on

Jul 16, 2025

Total Downloads

Cumulative downloads

Total Downloads

NaN

Last Day

NaN

Compared to previous day

Last Week

NaN

Compared to previous week

Last Month

NaN

Compared to previous month

Last Year

NaN

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@types/node extract-zip @electron/get

:memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.

Follow @electronjs on Twitter for important announcements.

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.

Installation

To install prebuilt Electron binaries, use npm. The preferred method is to install Electron as a development dependency in your app:

1npm install electron --save-dev

For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.

Platform support

Each Electron release provides binaries for macOS, Windows, and Linux.

macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
Windows (Windows 10 and up): Electron provides ia32 (x86), x64 (amd64), and arm64 binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.
Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
- Ubuntu 18.04 and newer
- Fedora 32 and newer
- Debian 10 and newer

Electron Fiddle

Use Electron Fiddle to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and to try out different versions of Electron. It's designed to make the start of your journey with Electron easier.

Resources for learning Electron

electronjs.org/docs - All of Electron's documentation
electron/fiddle - A tool to build, run, and package small Electron experiments
electronjs.org/community#boilerplates - Sample starter apps created by the community

Programmatic usage

Most people use Electron from the command line, but if you require electron inside your Node app (not your Electron app) it will return the file path to the binary. Use this to spawn Electron from Node scripts:

1const electron = require('electron')
2const proc = require('node:child_process')
3
4// will print something similar to /Users/maf/.../Electron
5console.log(electron)
6
7// spawn Electron
8const child = proc.spawn(electron)

Mirrors

China

See the Advanced Installation Instructions to learn how to use a custom mirror.

Documentation translations

We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.

Contributing

If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.

Community

Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.

License

MIT

When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.

Critical

9.8/10

Summary

Chromium Remote Code Execution in electron

Affected Versions

>= 1.7.0, < 1.7.8

Patched Versions

1.7.8

Critical

9.8/10

Summary

Chromium Remote Code Execution in electron

Affected Versions

< 1.6.14

Patched Versions

1.6.14

Critical

9.7/10

Summary

Heap buffer overflow in GPU

Affected Versions

>= 19.0.0, < 19.1.8

Patched Versions

19.1.8

High

7.8/10

Summary

electron ASAR Integrity bypass by just modifying the content

Affected Versions

>= 31.0.0-alpha.1, < 31.0.0-beta.1

Patched Versions

31.0.0-beta.1

High

7.8/10

Summary

electron ASAR Integrity bypass by just modifying the content

Affected Versions

>= 30.0.0-alpha.1, < 30.0.5

Patched Versions

30.0.5

High

7.5/10

Summary

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Affected Versions

>= 23.0.0-alpha.1, < 23.0.0-alpha.2

Patched Versions

23.0.0-alpha.2

High

8.1/10

Summary

Electron vulnerable to remote command execution

Affected Versions

< 1.6.8

Patched Versions

1.6.8

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 27.0.0-alpha.1, < 27.0.0-beta.8

Patched Versions

27.0.0-beta.8

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 26.0.0, < 26.2.4

Patched Versions

26.2.4

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 25.0.0, < 25.8.4

Patched Versions

25.8.4

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 24.0.0, < 24.8.5

Patched Versions

24.8.5

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

< 22.3.25

Patched Versions

22.3.25

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 27.0.0-beta.1, < 27.0.0-beta.2

Patched Versions

27.0.0-beta.2

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 26.0.0, < 26.2.1

Patched Versions

26.2.1

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 25.0.0, < 25.8.1

Patched Versions

25.8.1

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 24.0.0, < 24.8.3

Patched Versions

24.8.3

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 22.0.0, < 22.3.24

Patched Versions

22.3.24

High

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 1.8.0, < 1.8.4

Patched Versions

1.8.4

High

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 1.7.0, < 1.7.13

Patched Versions

1.7.13

High

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 2.0.0-beta.1, < 2.0.0-beta.5

Patched Versions

2.0.0-beta.5

High

7.5/10

Summary

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Affected Versions

>= 22.0.0-beta.1, < 22.0.1

Patched Versions

22.0.1

High

8.1/10

Summary

Electron webPreferences vulnerability can be used to perform remote code execution

Affected Versions

>= 3.0.0-beta.1, < 3.0.0-beta.7

Patched Versions

3.0.0-beta.7

Moderate

0/10

Summary

Electron vulnerable to Heap Buffer Overflow in NativeImage

Affected Versions

>= 30.0.0-alpha.1, < 30.0.3

Patched Versions

30.0.3

Moderate

0/10

Summary

Electron vulnerable to Heap Buffer Overflow in NativeImage

Affected Versions

>= 29.0.0-alpha.1, < 29.3.3

Patched Versions

29.3.3

Moderate

0/10

Summary

Electron vulnerable to Heap Buffer Overflow in NativeImage

Affected Versions

< 28.3.2

Patched Versions

28.3.2

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 23.0.0-alpha.1, <= 23.3.13

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 27.0.0-alpha.1, < 27.0.0-alpha.7

Patched Versions

27.0.0-alpha.7

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 26.0.0-alpha.1, < 26.2.1

Patched Versions

26.2.1

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 25.0.0-alpha.1, < 25.8.1

Patched Versions

25.8.1

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 24.0.0-alpha.1, < 24.8.3

Patched Versions

24.8.3

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

< 22.3.24

Patched Versions

22.3.24

Moderate

4.3/10

Summary

Electron vulnerable to URL spoofing via PDFium

Affected Versions

>= 1.7.0, < 1.7.6

Patched Versions

1.7.6

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 26.0.0-alpha.1, < 26.0.0-beta.13

Patched Versions

26.0.0-beta.13

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 25.0.0-alpha.1, < 25.5.0

Patched Versions

25.5.0

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 24.0.0-alpha.1, < 24.7.1

Patched Versions

24.7.1

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 23.0.0-alpha.1, < 23.3.13

Patched Versions

23.3.13

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

< 22.3.19

Patched Versions

22.3.19

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 25.0.0-alpha.1, < 25.0.0-alpha.2

Patched Versions

25.0.0-alpha.2

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 24.0.0-alpha.1, < 24.0.1

Patched Versions

24.0.1

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 23.0.0-alpha.1, < 23.2.3

Patched Versions

23.2.3

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

< 22.3.6

Patched Versions

22.3.6

Moderate

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

>= 19.0.0-beta.1, < 19.0.11

Patched Versions

19.0.11

Moderate

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

>= 20.0.0-beta.1, < 20.0.1

Patched Versions

20.0.1

Moderate

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

< 18.3.7

Patched Versions

18.3.7

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 18.0.0-beta.1, <= 18.0.0-beta.5

Patched Versions

18.0.0-beta.6

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 17.0.0, < 17.2.0

Patched Versions

17.2.0

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 16.0.0, < 16.2.0

Patched Versions

16.2.0

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

< 15.5.0

Patched Versions

15.5.0

Low

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 18.0.0-beta.1, <= 18.0.0-beta.5

Patched Versions

18.0.0-beta.6

Low

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 17.0.0, < 17.2.0

Patched Versions

17.2.0

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

Security-Policy

Determines if the project has published a security policy.

10

Maintained

Determines if the project is "actively maintained".

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

9

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

5

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

2

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'contents' permission set to 'read': .github/workflows/audit-branch-ci.yml:16
Info: jobLevel 'contents' permission set to 'read': .github/workflows/branch-created.yml:19
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:217
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:218
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:216
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:253
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:254
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:252
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:272
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:273
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:274
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:333
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:334
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:335
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:313
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:314
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:315
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:234
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:235
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:236
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:293
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:294
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:295
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:352
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:353
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:354
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:373
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:371
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:372
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:45
Info: jobLevel 'contents' permission set to 'read': .github/workflows/non-maintainer-dependency-change.yml:16
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic.yml:16
Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic.yml:17
Warn: no topLevel permission defined: .github/workflows/archaeologist-dig.yml:1
Info: found token with 'none' permissions: .github/workflows/audit-branch-ci.yml:1
Info: found token with 'none' permissions: .github/workflows/branch-created.yml:1
Warn: no topLevel permission defined: .github/workflows/build-git-cache.yml:1
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: no topLevel permission defined: .github/workflows/clean-src-cache.yml:1
Info: found token with 'none' permissions: .github/workflows/issue-commented.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-labeled.yml:8
Info: found token with 'none' permissions: .github/workflows/issue-opened.yml:1
Info: found token with 'none' permissions: .github/workflows/issue-transferred.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-unlabeled.yml:8
Warn: no topLevel permission defined: .github/workflows/linux-publish.yml:1
Warn: no topLevel permission defined: .github/workflows/macos-publish.yml:1
Info: found token with 'none' permissions: .github/workflows/non-maintainer-dependency-change.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-build-and-test-and-nan.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:63
Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:64
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:65
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-docs-only.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-lint.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-build.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-gn-check.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:34
Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:35
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:36
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-node-nan-test.yml:1
Info: found token with 'none' permissions: .github/workflows/pull-request-labeled.yml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11
Info: topLevel 'contents' permission set to 'read': .github/workflows/semantic.yml:11
Info: found token with 'none' permissions: .github/workflows/stable-prep-items.yml:1
Info: found token with 'none' permissions: .github/workflows/stale.yml:1
Warn: no topLevel permission defined: .github/workflows/windows-publish.yml:1

0

Fuzzing

Determines if the project uses fuzzing.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

SAST

Determines if the project uses static code analysis.

Score

6.5

/10

Last Scanned on 2025-07-18T19:18:35Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More