Gathering detailed insights and metrics for electron-updater
A complete solution to package and build a ready for distribution Electron app with “auto update” support out of the box
Installations
npm install electron-updaterDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
18.20.4
NPM Version
10.7.0
Score
96.2
Supply Chain
75.6
Quality
94.2
Maintenance
100
Vulnerability
98.6
License
Releases
885
Contributors
555
Languages
7
TypeScript
NSIS
JavaScript
Shell
Dockerfile
Smarty
CSS
TypeScript (91.19%)
NSIS (6.4%)
JavaScript (1.54%)
Shell (0.48%)
Dockerfile (0.34%)
Smarty (0.03%)
CSS (0.02%)
Love this project? Help keep it running — sponsor us today! 🚀
Developer
Download Statistics
Total Downloads
123,553,249
Last Day
65,476
Last Week
393,462
Last Month
1,394,264
Last Year
16,365,458
GitHub Statistics
MIT License
13,836 Stars
3,288 Commits
1,750 Forks
149 Watchers
48 Branches
555 Contributors
Updated on Feb 14, 2025
Bundle Size
217.17 kB
Minified
68.33 kB
Minified + Gzipped
Maintainers
2
Package Meta Information
Latest Version
6.3.9
Package Id
electron-updater@6.3.9
Unpacked Size
454.74 kB
Size
110.86 kB
File Count
87
NPM Version
10.7.0
Node Version
18.20.4
Published on
Oct 02, 2024
Total Downloads
Cumulative downloads
Total Downloads
123,553,249
Last Day
19.8%
65,476
Compared to previous day
Last Week
36.5%
393,462
Compared to previous week
Last Month
45.6%
1,394,264
Compared to previous month
Last Year
-75.5%
16,365,458
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
electron-builder 
A complete solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux with “auto update” support out of the box. :shipit:
Always looking for community contributions! 👀 Setting up a dev environment is easy to do 🪩
Sponsors
Documentation
See the full documentation on electron.build.
- NPM packages management:
- Native application dependencies compilation (including Yarn support).
- Development dependencies are never included. You don't need to ignore them explicitly.
- Two package.json structure is supported, but you are not forced to use it even if you have native production dependencies.
- Code Signing on a CI server or development machine.
- Auto Update ready application packaging.
- Numerous target formats:
- All platforms:
7z,zip,tar.xz,tar.7z,tar.lz,tar.gz,tar.bz2,dir(unpacked directory). - macOS:
dmg,pkg,mas. - Linux: AppImage, snap, debian package (
deb),rpm,freebsd,pacman,p5p,apk. - Windows:
nsis(Installer),nsis-web(Web installer),portable(portable app without installation), AppX (Windows Store), MSI, Squirrel.Windows.
- All platforms:
- Publishing artifacts to GitHub Releases, Amazon S3, DigitalOcean Spaces and Bintray.
- Advanced building:
- Pack in a distributable format already packaged app.
- Separate build steps.
- Build and publish in parallel, using hard links on CI server to reduce IO and disk space usage.
- electron-compile support (compile for release-time on the fly on build).
- Docker images to build Electron app for Linux or Windows on any platform.
- Proton Native support.
- Downloads all required tools files on demand automatically (e.g. to code sign windows application, to make AppX), no need to setup.
| Question | Answer |
|---|---|
| “I want to configure electron-builder” | See options |
| “I found a bug or I have a question” | Open an issue |
| “I want to support development” | Donate |
Installation
Yarn is strongly recommended instead of npm.
yarn add electron-builder --dev
Note for Yarn 3
Yarn 3 use PnP by default, but electron-builder still need node-modules(ref: yarnpkg/berry#4804). Add configuration in the .yarnrc.yaml as follows:
nodeLinker: "node-modules"
will declare to use node-modules instead of PnP.
Quick Setup Guide
electron-webpack-quick-start is a recommended way to create a new Electron application. See Boilerplates.
-
Specify the standard fields in the application
package.json— name,description,versionand author. -
Specify the build configuration in the
package.jsonas follows:1"build": { 2 "appId": "your.id", 3 "mac": { 4 "category": "your.app.category.type" 5 } 6}See all options. Option files to indicate which files should be packed in the final application, including the entry file, maybe required. You can also use separate configuration files, such as
js,ts,yml, andjson/json5. See read-config-file for supported extensions. JS Example for programmatic API -
Add icons.
-
Add the scripts key to the development
package.json:1"scripts": { 2 "app:dir": "electron-builder --dir", 3 "app:dist": "electron-builder" 4}Then you can run
yarn app:dist(to package in a distributable format (e.g. dmg, windows installer, deb package)) oryarn app:dir(only generates the package directory without really packaging it. This is useful for testing purposes).To ensure your native dependencies are always matched electron version, simply add script
"postinstall": "electron-builder install-app-deps"to yourpackage.json. -
If you have native addons of your own that are part of the application (not as a dependency), set nodeGypRebuild to
true.
Please note that everything is packaged into an asar archive by default.
For an app that will be shipped to production, you should sign your application. See Where to buy code signing certificates.
Programmatic Usage
See node_modules/electron-builder/out/index.d.ts. Typings for TypeScript are provided and also can be found here.
Code snippet provided below is also shown "in action" here as well.
1"use strict" 2 3const builder = require("electron-builder") 4const Platform = builder.Platform 5 6// Promise is returned 7builder.build({ 8 targets: Platform.MAC.createTarget(), 9 config: { 10 "//": "build options, see https://goo.gl/QQXmcV" 11 } 12}) 13 .then(() => { 14 // handle result 15 }) 16 .catch((error) => { 17 // handle error 18 })
Boilerplates
- electron-webpack-quick-start — A bare minimum project structure to get started developing with electron-webpack. Recommended.
- electron-react-boilerplate A boilerplate for scalable cross-platform desktop apps.
- electron-react-redux-boilerplate A minimal boilerplate to get started with Electron, React and Redux.
- electron-boilerplate A minimalistic yet comprehensive boilerplate application.
- Vue CLI 3 plugin for Electron A Vue CLI 3 plugin for Electron with no required configuration.
- electron-vue-vite A real simple Electron + Vue3 + Vite5 boilerplate.
- vite-electron-builder Secure boilerplate for Electron app based on Vite. Supports multiple frameworks.
Debug
Set the DEBUG environment variable to debug what electron-builder is doing:
1DEBUG=electron-builder
FPM_DEBUG env to add more details about building linux targets (except snap and appimage).
DEBUG_DMG=true env var to add more debugging/verbosity from hdiutil (macOS).
!!! tip "cmd"
On Windows the environment variable is set using the set command.
bash set DEBUG=electron-builder
!!! tip "PowerShell"
PowerShell uses different syntax to set environment variables.
bash $env:DEBUG=electron-builder
Donate
We do this open source work in our free time. If you'd like us to invest more time on it, please donate.
Stable Version
Stable Version
6.3.9
High
1
High
7.5/10
Summary
electron-updater Code Signing Bypass on Windows
Affected Versions
<= 6.3.0-alpha.5
Patched Versions
6.3.0-alpha.6
Reason
30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
packaging workflow detected
Details
- Info: Project packages its releases by way of GitHub Actions.: .github/workflows/deploy-docker.yml:23
Reason
binaries present in source code
Details
- Warn: binary detected: test/fixtures/test-app-symlink-framework/hello-world/lib/Release/Hello.framework/Versions/A/Hello:1
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:11
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/pr-release.yml:15
- Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/pr-semantic.yml:16
- Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/pr-semantic.yml:17
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-docker.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/deploy-netlify.yml:10
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/deploy-netlify.yml:11
- Info: topLevel 'contents' permission set to 'read': .github/workflows/docker-build.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-labeler.yml:6
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-netlify.yml:10
- Warn: topLevel 'statuses' permission set to 'write': .github/workflows/pr-netlify.yml:11
- Info: found token with 'none' permissions: .github/workflows/pr-release.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/pr-semantic.yml:11
- Warn: no topLevel permission defined: .github/workflows/stale.yml:1
- Info: topLevel 'contents' permission set to 'read': .github/workflows/test.yaml:22
Reason
SAST tool is not run on all commits -- score normalized to 6
Details
- Warn: 18 commits out of 29 are checked with a SAST tool
Reason
Found 11/21 approved changesets -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/pr-release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/electron-userland/electron-builder/pr-release.yml/master?enable=pin
- Warn: containerImage not pinned by hash: docker/base/Dockerfile:3: pin your Docker image by updating buildpack-deps:22.04-curl to buildpack-deps:22.04-curl@sha256:33a46dfd834f4a61b5866da863063dccd1160f248bbfab92581f4ace71be51de
- Warn: containerImage not pinned by hash: docker/node/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine-chrome/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine-mono/Dockerfile:2
- Warn: containerImage not pinned by hash: docker/wine/Dockerfile:2
- Warn: containerImage not pinned by hash: mkdocs-dockerfile:1: pin your Docker image by updating squidfunk/mkdocs-material:9.5 to squidfunk/mkdocs-material:9.5@sha256:41942f7a2f5163aacd0e866e076d95db4f26550b97d76c1594c04250cbb580e9
- Warn: downloadThenRun not pinned by hash: docker/base/Dockerfile:8-22
- Warn: npmCommand not pinned by hash: docker/node/Dockerfile:11
- Warn: pipCommand not pinned by hash: mkdocs-dockerfile:2
- Info: 15 out of 15 GitHub-owned GitHubAction dependencies pinned
- Info: 8 out of 9 third-party GitHubAction dependencies pinned
- Info: 0 out of 6 containerImage dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
- Info: 0 out of 1 pipCommand dependencies pinned
Reason
9 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-p7v2-p9m8-qqg7
- Warn: Project is vulnerable to: GHSA-7x97-j373-85x5
- Warn: Project is vulnerable to: GHSA-7m48-wc93-9g85
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
6.1
/10
Last Scanned on 2025-02-10
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More