Gathering detailed insights and metrics for electron
Gathering detailed insights and metrics for electron
Gathering detailed insights and metrics for electron
Gathering detailed insights and metrics for electron
electron-to-chromium
Provides a list of electron-to-chromium version mappings
@electron/get
Utility for downloading artifacts from different versions of Electron
@electron/universal
Utility for creating Universal macOS applications from two x64 and arm64 Electron applications
electron-builder
A complete solution to package and build a ready for distribution Electron app for MacOS, Windows and Linux with “auto update” support out of the box
:electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS Build cross-platform desktop apps with JavaScript, HTML, and CSS
npm install electron
Typescript
Module System
Min. Node Version
Node Version
NPM Version
63.1
Supply Chain
98.6
Quality
95.6
Maintenance
100
Vulnerability
99.6
License
electron v31.7.6
Published on 05 Dec 2024
electron v34.0.0-beta.9
Published on 05 Dec 2024
electron v32.2.7
Published on 05 Dec 2024
electron v33.3.0
Published on 05 Dec 2024
electron v34.0.0-beta.8
Published on 02 Dec 2024
electron v34.0.0-beta.7
Published on 28 Nov 2024
Total
165,354,106
Last Day
35,373
Last Week
792,529
Last Month
3,432,923
Last Year
35,987,597
114,658 Stars
28,832 Commits
15,538 Forks
2,833 Watching
229 Branches
1,282 Contributors
Updated on 08 Dec 2024
C++ (56.35%)
TypeScript (32.3%)
Objective-C++ (6.06%)
JavaScript (2.26%)
Python (1.96%)
Objective-C (0.67%)
HTML (0.18%)
Shell (0.11%)
C (0.04%)
CSS (0.04%)
Batchfile (0.04%)
Cumulative downloads
Total Downloads
Last day
-4%
35,373
Compared to previous day
Last week
3.5%
792,529
Compared to previous week
Last month
0.5%
3,432,923
Compared to previous month
Last year
4.3%
35,987,597
Compared to previous year
3
:memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.
Follow @electronjs on Twitter for important announcements.
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.
To install prebuilt Electron binaries, use npm
.
The preferred method is to install Electron as a development dependency in your
app:
1npm install electron --save-dev
For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.
Each Electron release provides binaries for macOS, Windows, and Linux.
ia32
(x86
), x64
(amd64
), and arm64
binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.Use Electron Fiddle
to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and
to try out different versions of Electron. It's designed to make the start of your journey with
Electron easier.
Alternatively, clone and run the electron/electron-quick-start repository to see a minimal Electron app in action:
1git clone https://github.com/electron/electron-quick-start 2cd electron-quick-start 3npm install 4npm start
Most people use Electron from the command line, but if you require electron
inside
your Node app (not your Electron app) it will return the file path to the
binary. Use this to spawn Electron from Node scripts:
1const electron = require('electron') 2const proc = require('node:child_process') 3 4// will print something similar to /Users/maf/.../Electron 5console.log(electron) 6 7// spawn Electron 8const child = proc.spawn(electron)
See the Advanced Installation Instructions to learn how to use a custom mirror.
We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.
If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.
Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.
When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.
Stable Version
3
9.8/10
Summary
Chromium Remote Code Execution in electron
Affected Versions
>= 1.7.0, < 1.7.8
Patched Versions
1.7.8
9.8/10
Summary
Chromium Remote Code Execution in electron
Affected Versions
< 1.6.14
Patched Versions
1.6.14
9.7/10
Summary
Heap buffer overflow in GPU
Affected Versions
>= 19.0.0, < 19.1.8
Patched Versions
19.1.8
17
7.5/10
Summary
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Affected Versions
>= 23.0.0-alpha.1, < 23.0.0-alpha.2
Patched Versions
23.0.0-alpha.2
8.1/10
Summary
Electron vulnerable to remote command execution
Affected Versions
< 1.6.8
Patched Versions
1.6.8
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 27.0.0-alpha.1, < 27.0.0-beta.8
Patched Versions
27.0.0-beta.8
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 26.0.0, < 26.2.4
Patched Versions
26.2.4
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 25.0.0, < 25.8.4
Patched Versions
25.8.4
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 24.0.0, < 24.8.5
Patched Versions
24.8.5
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
< 22.3.25
Patched Versions
22.3.25
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 27.0.0-beta.1, < 27.0.0-beta.2
Patched Versions
27.0.0-beta.2
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 26.0.0, < 26.2.1
Patched Versions
26.2.1
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 25.0.0, < 25.8.1
Patched Versions
25.8.1
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 24.0.0, < 24.8.3
Patched Versions
24.8.3
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 22.0.0, < 22.3.24
Patched Versions
22.3.24
8.1/10
Summary
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Affected Versions
>= 1.8.0, < 1.8.4
Patched Versions
1.8.4
8.1/10
Summary
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Affected Versions
>= 1.7.0, < 1.7.13
Patched Versions
1.7.13
8.1/10
Summary
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Affected Versions
>= 2.0.0-beta.1, < 2.0.0-beta.5
Patched Versions
2.0.0-beta.5
7.5/10
Summary
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Affected Versions
>= 22.0.0-beta.1, < 22.0.1
Patched Versions
22.0.1
8.1/10
Summary
Electron webPreferences vulnerability can be used to perform remote code execution
Affected Versions
>= 3.0.0-beta.1, < 3.0.0-beta.7
Patched Versions
3.0.0-beta.7
23
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 23.0.0-alpha.1, <= 23.3.13
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 27.0.0-alpha.1, < 27.0.0-alpha.7
Patched Versions
27.0.0-alpha.7
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 26.0.0-alpha.1, < 26.2.1
Patched Versions
26.2.1
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 25.0.0-alpha.1, < 25.8.1
Patched Versions
25.8.1
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 24.0.0-alpha.1, < 24.8.3
Patched Versions
24.8.3
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
< 22.3.24
Patched Versions
22.3.24
4.3/10
Summary
Electron vulnerable to URL spoofing via PDFium
Affected Versions
>= 1.7.0, < 1.7.6
Patched Versions
1.7.6
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 26.0.0-alpha.1, < 26.0.0-beta.13
Patched Versions
26.0.0-beta.13
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 25.0.0-alpha.1, < 25.5.0
Patched Versions
25.5.0
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 24.0.0-alpha.1, < 24.7.1
Patched Versions
24.7.1
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 23.0.0-alpha.1, < 23.3.13
Patched Versions
23.3.13
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
< 22.3.19
Patched Versions
22.3.19
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
>= 25.0.0-alpha.1, < 25.0.0-alpha.2
Patched Versions
25.0.0-alpha.2
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
>= 24.0.0-alpha.1, < 24.0.1
Patched Versions
24.0.1
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
>= 23.0.0-alpha.1, < 23.2.3
Patched Versions
23.2.3
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
< 22.3.6
Patched Versions
22.3.6
5.4/10
Summary
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Affected Versions
>= 19.0.0-beta.1, < 19.0.11
Patched Versions
19.0.11
5.4/10
Summary
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Affected Versions
>= 20.0.0-beta.1, < 20.0.1
Patched Versions
20.0.1
5.4/10
Summary
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Affected Versions
< 18.3.7
Patched Versions
18.3.7
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
>= 18.0.0-beta.1, <= 18.0.0-beta.5
Patched Versions
18.0.0-beta.6
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
>= 17.0.0, < 17.2.0
Patched Versions
17.2.0
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
>= 16.0.0, < 16.2.0
Patched Versions
16.2.0
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
< 15.5.0
Patched Versions
15.5.0
7
2.2/10
Summary
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Affected Versions
>= 18.0.0-beta.1, <= 18.0.0-beta.5
Patched Versions
18.0.0-beta.6
2.2/10
Summary
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Affected Versions
>= 17.0.0, < 17.2.0
Patched Versions
17.2.0
2.2/10
Summary
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Affected Versions
>= 16.0.0, < 16.2.6
Patched Versions
16.2.6
2.2/10
Summary
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Affected Versions
< 15.5.5
Patched Versions
15.5.5
3.4/10
Summary
Renderers can obtain access to random bluetooth device without permission in Electron
Affected Versions
>= 17.0.0-alpha.1, <= 17.0.0-alpha.5
Patched Versions
17.0.0-alpha.6
3.4/10
Summary
Renderers can obtain access to random bluetooth device without permission in Electron
Affected Versions
>= 16.0.0-beta.1, < 16.0.6
Patched Versions
16.0.6
3.4/10
Summary
Renderers can obtain access to random bluetooth device without permission in Electron
Affected Versions
>= 15.0.0-beta.1, < 15.3.5
Patched Versions
15.3.5
Reason
no binaries found in the repo
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
all changesets reviewed
Reason
project has 90 contributing companies or organizations
Details
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
Reason
license file detected
Details
Reason
30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10
Reason
security policy file detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
Reason
3 existing vulnerabilities detected
Details
Reason
badge detected: Passing
Reason
project is not fuzzed
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
Project has not signed or included provenance with any releases.
Details
Reason
detected GitHub workflow tokens with excessive permissions
Details
Score
Last Scanned on 2024-12-06T08:55:14Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More