The best way to build Electron apps with security in mind.
If you are curious about what makes an electron app secure, please check out this page.
Taken from the best-practices official page, here is what this repository offers!
- Only load secure content - (Need help!)
- Do not enable node.js integration for remote content - ✅
- Enable context isolation for remote content - ✅
- Handle session permission requests from remote content - ✅
- Do not disable websecurity - ✅
- Define a content security policy - ✅
- Do not set allowRunningInsecureContent to true - ✅
- Do not enable experimental features - ✅
- Do not use enableBlinkFeatures - ✅
- Do not use allowpopups - ✅
- <webview> verify options and params - ✅
- Disable or limit navigation - ✅
- Disable or limit creation of new windows - ✅
- Do not use openExternal with untrusted content - ✅
- Disable remote module - ✅
- Filter the remote module - ✅
- Use a current version of electron - ✅
Built-in to this template are a number of popular frameworks already wired up to get you on the road running.
- Electron
- React
- Redux (with Redux toolkit)
- Babel
- Webpack (with webpack-dev-server)
- i18next (with this plugin for localization).
- Store (for saving config/data)
- Electron builder (for packaging up your app)
There are a number of additions that I'd like to implement in this repository, namely auto-updating and more release-focused enhancements as well as a redux undo/redo history and test suites, but those are lower priority (but I welcome PRs!).
For a more detailed view of the architecture of the template, please check out here. I would highly recommend reading this document to get yourself familiarized with this template.
git clone https://github.com/reZach/secure-electron-template.git
cd secure-electron-template
npm i
npm run dev