npmpackage.info

Gathering detailed insights and metrics for electron

Other packages similar to electron

electron-to-chromium

1.5.123

Provides a list of electron-to-chromium version mappings

@electron/get

4.0.0

Utility for downloading artifacts from different versions of Electron

@electron/universal

2.0.2

Utility for creating Universal macOS applications from two x64 and arm64 Electron applications

electron-builder

25.1.8

A complete solution to package and build a ready for distribution Electron app for MacOS, Windows and Linux with “auto update” support out of the box

Gathering detailed insights and metrics for electron

electron - 35.0.3 | npmpackage.info

electron

:electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS Build cross-platform desktop apps with JavaScript, HTML, and CSS

35.0.3

115,993

MIT

C++

192.00 B

178,123,874 6.5

Installations

npm install electron

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>= 12.20.55

Node Version

22.14.0

NPM Version

10.9.2 Score

84.8

Supply Chain

98.6

Quality

95.6

Maintenance

100

Vulnerability

99.6

License

Pull Requests

Open

109

Total

24,684

Closed

2,714

Merged

21,861

Issues

Open

861

Total

20,646

Closed

19,785

Releases

1,631

electron v36.0.0-alpha.4

v36.0.0-alpha.4

Updated on Mar 20, 2025

electron v33.4.6

v33.4.6

Updated on Mar 20, 2025

electron v35.0.3

v35.0.3

Updated on Mar 20, 2025

electron v34.3.4

v34.3.4

Updated on Mar 20, 2025

electron v36.0.0-alpha.3

v36.0.0-alpha.3

Updated on Mar 17, 2025

electron v35.0.2

v35.0.2

Updated on Mar 15, 2025

View All 1,631 releases

Contributors

1,291

Unable to fetch Contributors

View All 1,291 Contributors

Languages

C++

TypeScript

Objective-C++

JavaScript

Python

Objective-C

HTML

Shell

CSS

C++ (56.74%)

TypeScript (32.51%)

Objective-C++ (5.72%)

JavaScript (2.12%)

Python (1.92%)

Objective-C (0.61%)

HTML (0.18%)

Shell (0.13%)

C (0.04%)

CSS (0.03%)

Developer

electron

Download Statistics

Total Downloads

178,123,874

Last Day

213,208

Last Week

1,120,381

Last Month

4,528,861

Last Year

39,034,944

GitHub Statistics

MIT License

115,993 Stars

29,106 Commits

15,906 Forks

2,824 Watchers

261 Branches

1,291 Contributors

Updated on Mar 22, 2025

Bundle Size

222.00 B

Minified

192.00 B

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

35.0.3

Package Id

electron@35.0.3

Unpacked Size

1.00 MB

Size

170.86 kB

File Count

NPM Version

10.9.2

Node Version

22.14.0

Published on

Mar 20, 2025

Total Downloads

Cumulative downloads

Total Downloads

178,123,874

Last Day

18.6%

213,208

Compared to previous day

Last Week

1.6%

1,120,381

Compared to previous week

Last Month

13%

4,528,861

Compared to previous month

Last Year

8.9%

39,034,944

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@types/node extract-zip @electron/get

:memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.

Follow @electronjs on Twitter for important announcements.

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.

Installation

To install prebuilt Electron binaries, use npm. The preferred method is to install Electron as a development dependency in your app:

1npm install electron --save-dev

For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.

Platform support

Each Electron release provides binaries for macOS, Windows, and Linux.

macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
Windows (Windows 10 and up): Electron provides ia32 (x86), x64 (amd64), and arm64 binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.
Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
- Ubuntu 18.04 and newer
- Fedora 32 and newer
- Debian 10 and newer

Quick start & Electron Fiddle

Use Electron Fiddle to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and to try out different versions of Electron. It's designed to make the start of your journey with Electron easier.

Alternatively, clone and run the electron/electron-quick-start repository to see a minimal Electron app in action:

1git clone https://github.com/electron/electron-quick-start
2cd electron-quick-start
3npm install
4npm start

Resources for learning Electron

electronjs.org/docs - All of Electron's documentation
electron/fiddle - A tool to build, run, and package small Electron experiments
electron/electron-quick-start - A very basic starter Electron app
electronjs.org/community#boilerplates - Sample starter apps created by the community

Programmatic usage

Most people use Electron from the command line, but if you require electron inside your Node app (not your Electron app) it will return the file path to the binary. Use this to spawn Electron from Node scripts:

1const electron = require('electron')
2const proc = require('node:child_process')
3
4// will print something similar to /Users/maf/.../Electron
5console.log(electron)
6
7// spawn Electron
8const child = proc.spawn(electron)

Mirrors

China

See the Advanced Installation Instructions to learn how to use a custom mirror.

Documentation translations

We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.

Contributing

If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.

Community

Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.

License

MIT

When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.

Critical

9.8/10

Summary

Chromium Remote Code Execution in electron

Affected Versions

>= 1.7.0, < 1.7.8

Patched Versions

1.7.8

Critical

9.8/10

Summary

Chromium Remote Code Execution in electron

Affected Versions

< 1.6.14

Patched Versions

1.6.14

Critical

9.7/10

Summary

Heap buffer overflow in GPU

Affected Versions

>= 19.0.0, < 19.1.8

Patched Versions

19.1.8

High

7.5/10

Summary

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Affected Versions

>= 23.0.0-alpha.1, < 23.0.0-alpha.2

Patched Versions

23.0.0-alpha.2

High

8.1/10

Summary

Electron vulnerable to remote command execution

Affected Versions

< 1.6.8

Patched Versions

1.6.8

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 27.0.0-alpha.1, < 27.0.0-beta.8

Patched Versions

27.0.0-beta.8

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 26.0.0, < 26.2.4

Patched Versions

26.2.4

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 25.0.0, < 25.8.4

Patched Versions

25.8.4

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 24.0.0, < 24.8.5

Patched Versions

24.8.5

High

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

< 22.3.25

Patched Versions

22.3.25

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 27.0.0-beta.1, < 27.0.0-beta.2

Patched Versions

27.0.0-beta.2

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 26.0.0, < 26.2.1

Patched Versions

26.2.1

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 25.0.0, < 25.8.1

Patched Versions

25.8.1

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 24.0.0, < 24.8.3

Patched Versions

24.8.3

High

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 22.0.0, < 22.3.24

Patched Versions

22.3.24

High

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 1.8.0, < 1.8.4

Patched Versions

1.8.4

High

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 1.7.0, < 1.7.13

Patched Versions

1.7.13

High

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 2.0.0-beta.1, < 2.0.0-beta.5

Patched Versions

2.0.0-beta.5

High

7.5/10

Summary

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Affected Versions

>= 22.0.0-beta.1, < 22.0.1

Patched Versions

22.0.1

High

8.1/10

Summary

Electron webPreferences vulnerability can be used to perform remote code execution

Affected Versions

>= 3.0.0-beta.1, < 3.0.0-beta.7

Patched Versions

3.0.0-beta.7

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 23.0.0-alpha.1, <= 23.3.13

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 27.0.0-alpha.1, < 27.0.0-alpha.7

Patched Versions

27.0.0-alpha.7

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 26.0.0-alpha.1, < 26.2.1

Patched Versions

26.2.1

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 25.0.0-alpha.1, < 25.8.1

Patched Versions

25.8.1

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 24.0.0-alpha.1, < 24.8.3

Patched Versions

24.8.3

Moderate

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

< 22.3.24

Patched Versions

22.3.24

Moderate

4.3/10

Summary

Electron vulnerable to URL spoofing via PDFium

Affected Versions

>= 1.7.0, < 1.7.6

Patched Versions

1.7.6

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 26.0.0-alpha.1, < 26.0.0-beta.13

Patched Versions

26.0.0-beta.13

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 25.0.0-alpha.1, < 25.5.0

Patched Versions

25.5.0

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 24.0.0-alpha.1, < 24.7.1

Patched Versions

24.7.1

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 23.0.0-alpha.1, < 23.3.13

Patched Versions

23.3.13

Moderate

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

< 22.3.19

Patched Versions

22.3.19

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 25.0.0-alpha.1, < 25.0.0-alpha.2

Patched Versions

25.0.0-alpha.2

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 24.0.0-alpha.1, < 24.0.1

Patched Versions

24.0.1

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 23.0.0-alpha.1, < 23.2.3

Patched Versions

23.2.3

Moderate

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

< 22.3.6

Patched Versions

22.3.6

Moderate

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

>= 19.0.0-beta.1, < 19.0.11

Patched Versions

19.0.11

Moderate

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

>= 20.0.0-beta.1, < 20.0.1

Patched Versions

20.0.1

Moderate

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

< 18.3.7

Patched Versions

18.3.7

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 18.0.0-beta.1, <= 18.0.0-beta.5

Patched Versions

18.0.0-beta.6

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 17.0.0, < 17.2.0

Patched Versions

17.2.0

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 16.0.0, < 16.2.0

Patched Versions

16.2.0

Moderate

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

< 15.5.0

Patched Versions

15.5.0

Low

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 18.0.0-beta.1, <= 18.0.0-beta.5

Patched Versions

18.0.0-beta.6

Low

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 17.0.0, < 17.2.0

Patched Versions

17.2.0

Low

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 16.0.0, < 16.2.6

Patched Versions

16.2.6

Low

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

< 15.5.5

Patched Versions

15.5.5

Low

3.4/10

Summary

Renderers can obtain access to random bluetooth device without permission in Electron

Affected Versions

>= 17.0.0-alpha.1, <= 17.0.0-alpha.5

Patched Versions

17.0.0-alpha.6

Low

3.4/10

Summary

Renderers can obtain access to random bluetooth device without permission in Electron

Affected Versions

>= 16.0.0-beta.1, < 16.0.6

Patched Versions

16.0.6

Low

3.4/10

Summary

Renderers can obtain access to random bluetooth device without permission in Electron

Affected Versions

>= 15.0.0-beta.1, < 15.3.5

Patched Versions

15.3.5

10

Maintained

Determines if the project is "actively maintained".

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Security-Policy

Determines if the project has published a security policy.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

9

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

5

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

2

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'contents' permission set to 'read': .github/workflows/branch-created.yml:19
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:213
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:214
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:215
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:332
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:330
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:331
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:231
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:232
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:233
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:45
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:249
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:250
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:251
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:269
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:270
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:271
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:290
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:291
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:292
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:310
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:311
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:312
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:349
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:350
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:351
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:368
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:369
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:370
Info: jobLevel 'contents' permission set to 'read': .github/workflows/non-maintainer-dependency-change.yml:16
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic.yml:16
Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic.yml:17
Warn: no topLevel permission defined: .github/workflows/archaeologist-dig.yml:1
Info: found token with 'none' permissions: .github/workflows/branch-created.yml:1
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: no topLevel permission defined: .github/workflows/clean-src-cache.yml:1
Info: found token with 'none' permissions: .github/workflows/issue-commented.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-labeled.yml:8
Info: found token with 'none' permissions: .github/workflows/issue-opened.yml:1
Info: found token with 'none' permissions: .github/workflows/issue-transferred.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-unlabeled.yml:8
Warn: no topLevel permission defined: .github/workflows/linux-publish.yml:1
Warn: no topLevel permission defined: .github/workflows/macos-publish.yml:1
Info: found token with 'none' permissions: .github/workflows/non-maintainer-dependency-change.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-build-and-test-and-nan.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:63
Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:64
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:65
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-docs-only.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-lint.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-build.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-gn-check.yml:1
Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:35
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:36
Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:34
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-node-nan-test.yml:1
Info: found token with 'none' permissions: .github/workflows/pull-request-labeled.yml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11
Info: topLevel 'contents' permission set to 'read': .github/workflows/semantic.yml:11
Info: found token with 'none' permissions: .github/workflows/stable-prep-items.yml:1
Info: found token with 'none' permissions: .github/workflows/stale.yml:1
Warn: no topLevel permission defined: .github/workflows/windows-publish.yml:1

0

Fuzzing

Determines if the project uses fuzzing.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

SAST

Determines if the project uses static code analysis.

Score

6.5

/10

Last Scanned on 2025-03-21T21:15:52Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More