Gathering detailed insights and metrics for electron
Gathering detailed insights and metrics for electron
:electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS Build cross-platform desktop apps with JavaScript, HTML, and CSS
Installations
npm install electronDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>= 12.20.55
Node Version
22.15.0
NPM Version
10.9.2
Releases
1,711
electron v36.7.1
v36.7.1
Updated on Jul 11, 2025
electron v38.0.0-alpha.5
v38.0.0-alpha.5
Updated on Jul 10, 2025
electron v37.2.1
v37.2.1
Updated on Jul 09, 2025
electron v38.0.0-alpha.4
v38.0.0-alpha.4
Updated on Jul 07, 2025
electron v36.7.0
v36.7.0
Updated on Jul 02, 2025
electron v35.7.0
v35.7.0
Updated on Jul 02, 2025
Languages
11
C++
TypeScript
Objective-C++
JavaScript
Python
Objective-C
HTML
Shell
C
CSS
Starlark
C++ (56.81%)
TypeScript (32.47%)
Objective-C++ (5.75%)
JavaScript (2.17%)
Python (1.82%)
Objective-C (0.6%)
HTML (0.17%)
Shell (0.12%)
C (0.04%)
CSS (0.03%)
Starlark (0.01%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
117,402 Stars
29,464 Commits
16,205 Forks
2,809 Watchers
306 Branches
1,294 Contributors
Updated on Jul 12, 2025
Maintainers
2
Package Meta Information
Latest Version
37.2.1
Package Id
electron@37.2.1
Unpacked Size
1.02 MB
Size
173.21 kB
File Count
8
NPM Version
10.9.2
Node Version
22.15.0
Published on
Jul 10, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
:memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.
Follow @electronjs on Twitter for important announcements.
This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.
Installation
To install prebuilt Electron binaries, use npm.
The preferred method is to install Electron as a development dependency in your
app:
1npm install electron --save-dev
For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.
Platform support
Each Electron release provides binaries for macOS, Windows, and Linux.
- macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
- Windows (Windows 10 and up): Electron provides
ia32(x86),x64(amd64), andarm64binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy. - Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
- Ubuntu 18.04 and newer
- Fedora 32 and newer
- Debian 10 and newer
Electron Fiddle
Use Electron Fiddle
to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and
to try out different versions of Electron. It's designed to make the start of your journey with
Electron easier.
Resources for learning Electron
- electronjs.org/docs - All of Electron's documentation
- electron/fiddle - A tool to build, run, and package small Electron experiments
- electronjs.org/community#boilerplates - Sample starter apps created by the community
Programmatic usage
Most people use Electron from the command line, but if you require electron inside
your Node app (not your Electron app) it will return the file path to the
binary. Use this to spawn Electron from Node scripts:
1const electron = require('electron') 2const proc = require('node:child_process') 3 4// will print something similar to /Users/maf/.../Electron 5console.log(electron) 6 7// spawn Electron 8const child = proc.spawn(electron)
Mirrors
See the Advanced Installation Instructions to learn how to use a custom mirror.
Documentation translations
We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.
Contributing
If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.
Community
Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.
License
When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.
Critical
9.8/10
Summary
Chromium Remote Code Execution in electron
Affected Versions
>= 1.7.0, < 1.7.8
Patched Versions
1.7.8
Critical
9.8/10
Summary
Chromium Remote Code Execution in electron
Affected Versions
< 1.6.14
Patched Versions
1.6.14
Critical
9.7/10
Summary
Heap buffer overflow in GPU
Affected Versions
>= 19.0.0, < 19.1.8
Patched Versions
19.1.8
High
7.8/10
Summary
electron ASAR Integrity bypass by just modifying the content
Affected Versions
>= 31.0.0-alpha.1, < 31.0.0-beta.1
Patched Versions
31.0.0-beta.1
High
7.8/10
Summary
electron ASAR Integrity bypass by just modifying the content
Affected Versions
>= 30.0.0-alpha.1, < 30.0.5
Patched Versions
30.0.5
High
7.5/10
Summary
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Affected Versions
>= 23.0.0-alpha.1, < 23.0.0-alpha.2
Patched Versions
23.0.0-alpha.2
High
8.1/10
Summary
Electron vulnerable to remote command execution
Affected Versions
< 1.6.8
Patched Versions
1.6.8
High
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 27.0.0-alpha.1, < 27.0.0-beta.8
Patched Versions
27.0.0-beta.8
High
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 26.0.0, < 26.2.4
Patched Versions
26.2.4
High
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 25.0.0, < 25.8.4
Patched Versions
25.8.4
High
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
>= 24.0.0, < 24.8.5
Patched Versions
24.8.5
High
8.8/10
Summary
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Affected Versions
< 22.3.25
Patched Versions
22.3.25
High
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 27.0.0-beta.1, < 27.0.0-beta.2
Patched Versions
27.0.0-beta.2
High
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 26.0.0, < 26.2.1
Patched Versions
26.2.1
High
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 25.0.0, < 25.8.1
Patched Versions
25.8.1
High
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 24.0.0, < 24.8.3
Patched Versions
24.8.3
High
8.8/10
Summary
libwebp: OOB write in BuildHuffmanTable
Affected Versions
>= 22.0.0, < 22.3.24
Patched Versions
22.3.24
High
8.1/10
Summary
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Affected Versions
>= 1.8.0, < 1.8.4
Patched Versions
1.8.4
High
8.1/10
Summary
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Affected Versions
>= 1.7.0, < 1.7.13
Patched Versions
1.7.13
High
8.1/10
Summary
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Affected Versions
>= 2.0.0-beta.1, < 2.0.0-beta.5
Patched Versions
2.0.0-beta.5
High
7.5/10
Summary
Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled
Affected Versions
>= 22.0.0-beta.1, < 22.0.1
Patched Versions
22.0.1
High
8.1/10
Summary
Electron webPreferences vulnerability can be used to perform remote code execution
Affected Versions
>= 3.0.0-beta.1, < 3.0.0-beta.7
Patched Versions
3.0.0-beta.7
Moderate
0/10
Summary
Electron vulnerable to Heap Buffer Overflow in NativeImage
Affected Versions
>= 30.0.0-alpha.1, < 30.0.3
Patched Versions
30.0.3
Moderate
0/10
Summary
Electron vulnerable to Heap Buffer Overflow in NativeImage
Affected Versions
>= 29.0.0-alpha.1, < 29.3.3
Patched Versions
29.3.3
Moderate
0/10
Summary
Electron vulnerable to Heap Buffer Overflow in NativeImage
Affected Versions
< 28.3.2
Patched Versions
28.3.2
Moderate
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 23.0.0-alpha.1, <= 23.3.13
Moderate
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 27.0.0-alpha.1, < 27.0.0-alpha.7
Patched Versions
27.0.0-alpha.7
Moderate
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 26.0.0-alpha.1, < 26.2.1
Patched Versions
26.2.1
Moderate
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 25.0.0-alpha.1, < 25.8.1
Patched Versions
25.8.1
Moderate
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
>= 24.0.0-alpha.1, < 24.8.3
Patched Versions
24.8.3
Moderate
6.1/10
Summary
ASAR Integrity bypass via filetype confusion in electron
Affected Versions
< 22.3.24
Patched Versions
22.3.24
Moderate
4.3/10
Summary
Electron vulnerable to URL spoofing via PDFium
Affected Versions
>= 1.7.0, < 1.7.6
Patched Versions
1.7.6
Moderate
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 26.0.0-alpha.1, < 26.0.0-beta.13
Patched Versions
26.0.0-beta.13
Moderate
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 25.0.0-alpha.1, < 25.5.0
Patched Versions
25.5.0
Moderate
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 24.0.0-alpha.1, < 24.7.1
Patched Versions
24.7.1
Moderate
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
>= 23.0.0-alpha.1, < 23.3.13
Patched Versions
23.3.13
Moderate
6.1/10
Summary
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Affected Versions
< 22.3.19
Patched Versions
22.3.19
Moderate
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
>= 25.0.0-alpha.1, < 25.0.0-alpha.2
Patched Versions
25.0.0-alpha.2
Moderate
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
>= 24.0.0-alpha.1, < 24.0.1
Patched Versions
24.0.1
Moderate
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
>= 23.0.0-alpha.1, < 23.2.3
Patched Versions
23.2.3
Moderate
6/10
Summary
Electron context isolation bypass via nested unserializable return value
Affected Versions
< 22.3.6
Patched Versions
22.3.6
Moderate
5.4/10
Summary
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Affected Versions
>= 19.0.0-beta.1, < 19.0.11
Patched Versions
19.0.11
Moderate
5.4/10
Summary
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Affected Versions
>= 20.0.0-beta.1, < 20.0.1
Patched Versions
20.0.1
Moderate
5.4/10
Summary
Exfiltration of hashed SMB credentials on Windows via file:// redirect
Affected Versions
< 18.3.7
Patched Versions
18.3.7
Moderate
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
>= 18.0.0-beta.1, <= 18.0.0-beta.5
Patched Versions
18.0.0-beta.6
Moderate
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
>= 17.0.0, < 17.2.0
Patched Versions
17.2.0
Moderate
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
>= 16.0.0, < 16.2.0
Patched Versions
16.2.0
Moderate
6.6/10
Summary
AutoUpdater module fails to validate certain nested components of the bundle
Affected Versions
< 15.5.0
Patched Versions
15.5.0
Low
2.2/10
Summary
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Affected Versions
>= 18.0.0-beta.1, <= 18.0.0-beta.5
Patched Versions
18.0.0-beta.6
Low
2.2/10
Summary
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Affected Versions
>= 17.0.0, < 17.2.0
Patched Versions
17.2.0
Reason
30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Reason
update tool detected
Details
- Info: detected update tool: Dependabot: .github/dependabot.yml:1
Reason
all changesets reviewed
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
project has 92 contributing companies or organizations
Details
- Info: found contributions from: 415bike, Abacus, AtomLinter, CatalystDefCon, EpicGames, GPMDP, HospitalRun, ProgRx, ScienceHackDayPDX, TryGhost, WhitestormJS, akavache, anthropic, anthropics, apple, apple-opensource-mirror, browserify, bucketplace, clibs, codeforamerica, colorjs, continuousauth, conventional-changelog, conventional-commits, crimethinc, crowdin-node, csv, csvconf, cyberwizardinstitute, d-w3c, dancejs, dashrlabs, dataprotocols, delta, electron, electron-forge, electron-userland, fellows, gamedevmcgill, github, gmusic-utils, government, greenheartgames, hackmcgill, harp-boilerplates, helsbk, hypermodules, jsfest, jsonlines, jus, legacy-buildpacks, libgit2, microsoft, moose-team, mozilla, ncsoft, nice-registry, nko4, node-forward, nodeconf, nodejs, npm-dom, npm-flickr, npmhub, openjs-foundation, play, polyglotweekly, prebuild, queerjs, rainmeter, reactiveui, release-notifier, replicate, salesforce, scrum-gang, share, slackhq, sports, stackgl, sudoroom, tc39, the-collab-lab, tinyspeck, transmission, unemployed, unity8-team, update-readme, voxel, voxeljs, words, wwcodeportland, yue
Reason
dependency not pinned by hash detected -- score normalized to 9
Details
- Warn: npmCommand not pinned by hash: .github/workflows/audit-branch-ci.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/issue-opened.yml:39
- Info: 40 out of 40 GitHub-owned GitHubAction dependencies pinned
- Info: 30 out of 30 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
badge detected: Passing
Reason
8 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
- Warn: Project is vulnerable to: GHSA-x4c5-c7rf-jjgv
- Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q
- Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38
- Warn: Project is vulnerable to: GHSA-xx4v-prfh-6cgc
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/audit-branch-ci.yml:16
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/branch-created.yml:19
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:272
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:273
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:274
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:335
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:333
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:334
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:352
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:353
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:354
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:314
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:315
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:313
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:45
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:218
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:216
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:217
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:252
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:253
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:254
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:293
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:294
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:295
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:371
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:372
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:373
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:234
- Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:235
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:236
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/non-maintainer-dependency-change.yml:16
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic.yml:17
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic.yml:16
- Warn: no topLevel permission defined: .github/workflows/archaeologist-dig.yml:1
- Info: found token with 'none' permissions: .github/workflows/audit-branch-ci.yml:1
- Info: found token with 'none' permissions: .github/workflows/branch-created.yml:1
- Warn: no topLevel permission defined: .github/workflows/build-git-cache.yml:1
- Warn: no topLevel permission defined: .github/workflows/build.yml:1
- Warn: no topLevel permission defined: .github/workflows/clean-src-cache.yml:1
- Info: found token with 'none' permissions: .github/workflows/issue-commented.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-labeled.yml:8
- Info: found token with 'none' permissions: .github/workflows/issue-opened.yml:1
- Info: found token with 'none' permissions: .github/workflows/issue-transferred.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-unlabeled.yml:8
- Warn: no topLevel permission defined: .github/workflows/linux-publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/macos-publish.yml:1
- Info: found token with 'none' permissions: .github/workflows/non-maintainer-dependency-change.yml:1
- Warn: no topLevel permission defined: .github/workflows/pipeline-electron-build-and-test-and-nan.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:63
- Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:64
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:65
- Warn: no topLevel permission defined: .github/workflows/pipeline-electron-docs-only.yml:1
- Warn: no topLevel permission defined: .github/workflows/pipeline-electron-lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-build.yml:1
- Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-gn-check.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:34
- Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:35
- Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:36
- Warn: no topLevel permission defined: .github/workflows/pipeline-segment-node-nan-test.yml:1
- Info: found token with 'none' permissions: .github/workflows/pull-request-labeled.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/semantic.yml:11
- Info: found token with 'none' permissions: .github/workflows/stable-prep-items.yml:1
- Info: found token with 'none' permissions: .github/workflows/stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/windows-publish.yml:1
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact v38.0.0-alpha.5 not signed: https://api.github.com/repos/electron/electron/releases/231471005
- Warn: release artifact v37.2.1 not signed: https://api.github.com/repos/electron/electron/releases/231206703
- Warn: release artifact v35.7.1 not signed: https://api.github.com/repos/electron/electron/releases/231207059
- Warn: release artifact v38.0.0-alpha.4 not signed: https://api.github.com/repos/electron/electron/releases/230477888
- Warn: release artifact v37.2.0 not signed: https://api.github.com/repos/electron/electron/releases/229455778
- Warn: release artifact v38.0.0-alpha.5 does not have provenance: https://api.github.com/repos/electron/electron/releases/231471005
- Warn: release artifact v37.2.1 does not have provenance: https://api.github.com/repos/electron/electron/releases/231206703
- Warn: release artifact v35.7.1 does not have provenance: https://api.github.com/repos/electron/electron/releases/231207059
- Warn: release artifact v38.0.0-alpha.4 does not have provenance: https://api.github.com/repos/electron/electron/releases/230477888
- Warn: release artifact v37.2.0 does not have provenance: https://api.github.com/repos/electron/electron/releases/229455778
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 30 are checked with a SAST tool
Score
6.5
/10
Last Scanned on 2025-07-11T20:13:40Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More