npmpackage.info

Gathering detailed insights and metrics for electron

Other packages similar to electron

electron-to-chromium

1.5.66

Provides a list of electron-to-chromium version mappings

is-electron

2.2.2

Detect if running in Electron.

electron-publish

25.1.7

Part of [electron-builder](https://github.com/electron-userland/electron-builder).

@electron/asar

3.2.17

Creating Electron app packages

Gathering detailed insights and metrics for electron

electron

:electron: Build cross-platform desktop apps with JavaScript, HTML, and CSS Build cross-platform desktop apps with JavaScript, HTML, and CSS

33.2.1

114,537

MIT

C++

164,147,409 6.9

Installations

npm install electron

Pull Requests

Open

93

Total

23,766

Closed

2,634

Merged

21,039

Issues

Open

882

Total

20,279

Closed

19,397

Releases

1,566

electron v32.2.6

v32.2.6

Published on 27 Nov 2024

electron v33.2.1

v33.2.1

Published on 27 Nov 2024

electron v34.0.0-beta.6

v34.0.0-beta.6

Published on 25 Nov 2024

electron v34.0.0-beta.5

v34.0.0-beta.5

Published on 21 Nov 2024

electron v34.0.0-beta.4

v34.0.0-beta.4

Published on 18 Nov 2024

electron v32.2.5

v32.2.5

Published on 15 Nov 2024

View all 1,566 releases

Developer

electron

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>= 12.20.55

Typescript Support

Yes

Node Version

22.11.0

NPM Version

10.9.0 Statistics

114,537 Stars

28,812 Commits

15,497 Forks

2,834 Watching

236 Branches

1,281 Contributors

Updated on 28 Nov 2024

Languages

C++ (56.37%)

TypeScript (32.26%)

Objective-C++ (6.06%)

JavaScript (2.27%)

Python (1.96%)

Objective-C (0.67%)

HTML (0.18%)

Shell (0.11%)

C (0.04%)

CSS (0.04%)

Batchfile (0.04%)

Total Downloads

Cumulative downloads

Total Downloads

164,147,409

Last day

4.4%

163,887

Compared to previous day

Last week

4.1%

854,287

Compared to previous week

Last month

17.2%

3,578,706

Compared to previous month

Last year

5.6%

36,116,238

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

@types/node extract-zip @electron/get

Versions

:memo: Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.

Follow @electronjs on Twitter for important announcements.

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.

Installation

To install prebuilt Electron binaries, use npm. The preferred method is to install Electron as a development dependency in your app:

1npm install electron --save-dev

For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.

Platform support

Each Electron release provides binaries for macOS, Windows, and Linux.

macOS (Big Sur and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
Windows (Windows 10 and up): Electron provides ia32 (x86), x64 (amd64), and arm64 binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.
Linux: The prebuilt binaries of Electron are built on Ubuntu 20.04. They have also been verified to work on:
- Ubuntu 18.04 and newer
- Fedora 32 and newer
- Debian 10 and newer

Quick start & Electron Fiddle

Use Electron Fiddle to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and to try out different versions of Electron. It's designed to make the start of your journey with Electron easier.

Alternatively, clone and run the electron/electron-quick-start repository to see a minimal Electron app in action:

1git clone https://github.com/electron/electron-quick-start
2cd electron-quick-start
3npm install
4npm start

Resources for learning Electron

electronjs.org/docs - All of Electron's documentation
electron/fiddle - A tool to build, run, and package small Electron experiments
electron/electron-quick-start - A very basic starter Electron app
electronjs.org/community#boilerplates - Sample starter apps created by the community

Programmatic usage

Most people use Electron from the command line, but if you require electron inside your Node app (not your Electron app) it will return the file path to the binary. Use this to spawn Electron from Node scripts:

1const electron = require('electron')
2const proc = require('node:child_process')
3
4// will print something similar to /Users/maf/.../Electron
5console.log(electron)
6
7// spawn Electron
8const child = proc.spawn(electron)

Mirrors

China

See the Advanced Installation Instructions to learn how to use a custom mirror.

Documentation translations

We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.

Contributing

If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.

Community

Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.

License

MIT

When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.

Stable Version

The latest stable version of the package.

Stable Version

33.2.1

CRITICAL

9.8/10

Summary

Chromium Remote Code Execution in electron

Affected Versions

>= 1.7.0, < 1.7.8

Patched Versions

1.7.8

CRITICAL

9.8/10

Summary

Chromium Remote Code Execution in electron

Affected Versions

< 1.6.14

Patched Versions

1.6.14

CRITICAL

9.7/10

Summary

Heap buffer overflow in GPU

Affected Versions

>= 19.0.0, < 19.1.8

Patched Versions

19.1.8

HIGH

7.5/10

Summary

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Affected Versions

>= 23.0.0-alpha.1, < 23.0.0-alpha.2

Patched Versions

23.0.0-alpha.2

HIGH

8.1/10

Summary

Electron vulnerable to remote command execution

Affected Versions

< 1.6.8

Patched Versions

1.6.8

HIGH

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 27.0.0-alpha.1, < 27.0.0-beta.8

Patched Versions

27.0.0-beta.8

HIGH

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 26.0.0, < 26.2.4

Patched Versions

26.2.4

HIGH

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 25.0.0, < 25.8.4

Patched Versions

25.8.4

HIGH

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

>= 24.0.0, < 24.8.5

Patched Versions

24.8.5

HIGH

8.8/10

Summary

Electron affected by libvpx's heap buffer overflow in vp8 encoding

Affected Versions

< 22.3.25

Patched Versions

22.3.25

HIGH

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 27.0.0-beta.1, < 27.0.0-beta.2

Patched Versions

27.0.0-beta.2

HIGH

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 26.0.0, < 26.2.1

Patched Versions

26.2.1

HIGH

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 25.0.0, < 25.8.1

Patched Versions

25.8.1

HIGH

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 24.0.0, < 24.8.3

Patched Versions

24.8.3

HIGH

8.8/10

Summary

libwebp: OOB write in BuildHuffmanTable

Affected Versions

>= 22.0.0, < 22.3.24

Patched Versions

22.3.24

HIGH

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 1.8.0, < 1.8.4

Patched Versions

1.8.4

HIGH

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 1.7.0, < 1.7.13

Patched Versions

1.7.13

HIGH

8.1/10

Summary

Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

Affected Versions

>= 2.0.0-beta.1, < 2.0.0-beta.5

Patched Versions

2.0.0-beta.5

HIGH

7.5/10

Summary

Electron's Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled

Affected Versions

>= 22.0.0-beta.1, < 22.0.1

Patched Versions

22.0.1

HIGH

8.1/10

Summary

Electron webPreferences vulnerability can be used to perform remote code execution

Affected Versions

>= 3.0.0-beta.1, < 3.0.0-beta.7

Patched Versions

3.0.0-beta.7

MODERATE

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 23.0.0-alpha.1, <= 23.3.13

Patched Versions

MODERATE

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 27.0.0-alpha.1, < 27.0.0-alpha.7

Patched Versions

27.0.0-alpha.7

MODERATE

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 26.0.0-alpha.1, < 26.2.1

Patched Versions

26.2.1

MODERATE

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 25.0.0-alpha.1, < 25.8.1

Patched Versions

25.8.1

MODERATE

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

>= 24.0.0-alpha.1, < 24.8.3

Patched Versions

24.8.3

MODERATE

6.1/10

Summary

ASAR Integrity bypass via filetype confusion in electron

Affected Versions

< 22.3.24

Patched Versions

22.3.24

MODERATE

4.3/10

Summary

Electron vulnerable to URL spoofing via PDFium

Affected Versions

>= 1.7.0, < 1.7.6

Patched Versions

1.7.6

MODERATE

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 26.0.0-alpha.1, < 26.0.0-beta.13

Patched Versions

26.0.0-beta.13

MODERATE

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 25.0.0-alpha.1, < 25.5.0

Patched Versions

25.5.0

MODERATE

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 24.0.0-alpha.1, < 24.7.1

Patched Versions

24.7.1

MODERATE

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

>= 23.0.0-alpha.1, < 23.3.13

Patched Versions

23.3.13

MODERATE

6.1/10

Summary

Electron vulnerable to out-of-package code execution when launched with arbitrary cwd

Affected Versions

< 22.3.19

Patched Versions

22.3.19

MODERATE

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 25.0.0-alpha.1, < 25.0.0-alpha.2

Patched Versions

25.0.0-alpha.2

MODERATE

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 24.0.0-alpha.1, < 24.0.1

Patched Versions

24.0.1

MODERATE

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

>= 23.0.0-alpha.1, < 23.2.3

Patched Versions

23.2.3

MODERATE

6/10

Summary

Electron context isolation bypass via nested unserializable return value

Affected Versions

< 22.3.6

Patched Versions

22.3.6

MODERATE

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

>= 19.0.0-beta.1, < 19.0.11

Patched Versions

19.0.11

MODERATE

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

>= 20.0.0-beta.1, < 20.0.1

Patched Versions

20.0.1

MODERATE

5.4/10

Summary

Exfiltration of hashed SMB credentials on Windows via file:// redirect

Affected Versions

< 18.3.7

Patched Versions

18.3.7

MODERATE

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 18.0.0-beta.1, <= 18.0.0-beta.5

Patched Versions

18.0.0-beta.6

MODERATE

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 17.0.0, < 17.2.0

Patched Versions

17.2.0

MODERATE

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

>= 16.0.0, < 16.2.0

Patched Versions

16.2.0

MODERATE

6.6/10

Summary

AutoUpdater module fails to validate certain nested components of the bundle

Affected Versions

< 15.5.0

Patched Versions

15.5.0

LOW

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 18.0.0-beta.1, <= 18.0.0-beta.5

Patched Versions

18.0.0-beta.6

LOW

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 17.0.0, < 17.2.0

Patched Versions

17.2.0

LOW

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

>= 16.0.0, < 16.2.6

Patched Versions

16.2.6

LOW

2.2/10

Summary

Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled

Affected Versions

< 15.5.5

Patched Versions

15.5.5

LOW

3.4/10

Summary

Renderers can obtain access to random bluetooth device without permission in Electron

Affected Versions

>= 17.0.0-alpha.1, <= 17.0.0-alpha.5

Patched Versions

17.0.0-alpha.6

LOW

3.4/10

Summary

Renderers can obtain access to random bluetooth device without permission in Electron

Affected Versions

>= 16.0.0-beta.1, < 16.0.6

Patched Versions

16.0.6

LOW

3.4/10

Summary

Renderers can obtain access to random bluetooth device without permission in Electron

Affected Versions

>= 15.0.0-beta.1, < 15.3.5

Patched Versions

15.3.5

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

Reason

project has 90 contributing companies or organizations

Details

Info: electron-userland contributor org/company found, queerjs contributor org/company found, prebuild contributor org/company found, conventional-commits contributor org/company found, apple contributor org/company found, the-collab-lab contributor org/company found, jsonlines contributor org/company found, GPMDP contributor org/company found, release-notifier contributor org/company found, voxeljs contributor org/company found, gmusic-utils contributor org/company found, conventional-changelog contributor org/company found, colorjs contributor org/company found, 415bike contributor org/company found, harp-boilerplates contributor org/company found, government contributor org/company found, csvconf contributor org/company found, gamedevmcgill contributor org/company found, continuousauth contributor org/company found, tinyspeck contributor org/company found, crowdin-node contributor org/company found, TryGhost contributor org/company found, browserify contributor org/company found, fellows contributor org/company found, stackgl contributor org/company found, jsfest contributor org/company found, ScienceHackDayPDX contributor org/company found, sports contributor org/company found, polyglotweekly contributor org/company found, HospitalRun contributor org/company found, codeforamerica contributor org/company found, rainmeter contributor org/company found, helsbk contributor org/company found, clibs contributor org/company found, npm-flickr contributor org/company found, node-forward contributor org/company found, hypermodules contributor org/company found, update-readme contributor org/company found, anthropic contributor org/company found, csv contributor org/company found, cyberwizardinstitute contributor org/company found, nodeconf contributor org/company found, delta contributor org/company found, dancejs contributor org/company found, nice-registry contributor org/company found, CatalystDefCon contributor org/company found, reactiveui contributor org/company found, wwcodeportland contributor org/company found, Abacus contributor org/company found, sudoroom contributor org/company found, d-w3c contributor org/company found, ncsoft contributor org/company found, play contributor org/company found, github contributor org/company found, nodejs contributor org/company found, npm-dom contributor org/company found, npmhub contributor org/company found, bucketplace contributor org/company found, nko4 contributor org/company found, scrum-gang contributor org/company found, electron-forge contributor org/company found, voxel contributor org/company found, moose-team contributor org/company found, libgit2 contributor org/company found, jus contributor org/company found, AtomLinter contributor org/company found, tc39 contributor org/company found, akavache contributor org/company found, mozilla contributor org/company found, yue contributor org/company found, microsoft contributor org/company found, words contributor org/company found, replicate contributor org/company found, makenotion contributor org/company found, greenheartgames contributor org/company found, openjs-foundation contributor org/company found, salesforce contributor org/company found, share contributor org/company found, legacy-buildpacks contributor org/company found, transmission contributor org/company found, unity8-team contributor org/company found, WhitestormJS contributor org/company found, ProgRx contributor org/company found, crimethinc contributor org/company found, hackmcgill contributor org/company found, electron contributor org/company found, dashrlabs contributor org/company found, apple-opensource-mirror contributor org/company found, slackhq contributor org/company found, dataprotocols contributor org/company found,

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

License

Determines if the project has defined a license.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

9

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

8

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

5

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

Reason

detected GitHub workflow tokens with excessive permissions

Details

Info: jobLevel 'contents' permission set to 'read': .github/workflows/branch-created.yml:19
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:171
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:172
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:173
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:194
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:192
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:193
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:135
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:133
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:134
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:152
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:153
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:154
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:214
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:215
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:216
Info: jobLevel 'contents' permission set to 'read': .github/workflows/build.yml:235
Info: jobLevel 'issues' permission set to 'read': .github/workflows/build.yml:236
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:237
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/build.yml:36
Info: jobLevel 'contents' permission set to 'read': .github/workflows/non-maintainer-dependency-change.yml:16
Info: jobLevel 'pull-requests' permission set to 'read': .github/workflows/semantic.yml:16
Warn: jobLevel 'statuses' permission set to 'write': .github/workflows/semantic.yml:17
Warn: no topLevel permission defined: .github/workflows/archaeologist-dig.yml:1
Info: found token with 'none' permissions: .github/workflows/branch-created.yml:1
Warn: no topLevel permission defined: .github/workflows/build.yml:1
Warn: no topLevel permission defined: .github/workflows/clean-src-cache.yml:1
Info: found token with 'none' permissions: .github/workflows/issue-commented.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-labeled.yml:8
Info: found token with 'none' permissions: .github/workflows/issue-opened.yml:1
Info: found token with 'none' permissions: .github/workflows/issue-transferred.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/issue-unlabeled.yml:8
Warn: no topLevel permission defined: .github/workflows/linux-publish.yml:1
Warn: no topLevel permission defined: .github/workflows/macos-publish.yml:1
Info: found token with 'none' permissions: .github/workflows/non-maintainer-dependency-change.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-build-and-test-and-nan.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:67
Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:68
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-electron-build-and-test.yml:69
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-docs-only.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-electron-lint.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-build.yml:1
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-electron-gn-check.yml:1
Info: topLevel 'contents' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:34
Info: topLevel 'issues' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:35
Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/pipeline-segment-electron-test.yml:36
Warn: no topLevel permission defined: .github/workflows/pipeline-segment-node-nan-test.yml:1
Info: found token with 'none' permissions: .github/workflows/pull-request-labeled.yml:1
Info: topLevel permissions set to 'read-all': .github/workflows/scorecards.yml:11
Info: topLevel 'contents' permission set to 'read': .github/workflows/semantic.yml:11
Info: found token with 'none' permissions: .github/workflows/stable-prep-items.yml:1
Info: found token with 'none' permissions: .github/workflows/stale.yml:1
Info: found token with 'none' permissions: .github/workflows/update_appveyor_image.yml:1

Score

6.9

/10

Last Scanned on 2024-11-27T16:41:35Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More