Vite+Electron = 🔥
This is a secure template for electron applications. Written following the latest safety requirements, recommendations and best practices.
Under the hood is used Vite 2.0 — super fast, nextgen bundler, and electron-builder for compilation.
By default, the Vue framework is used for the interface, but you can easily use any other frameworks such as React, Preact, Angular, Svelte or anything else.
Vite is framework agnostic
This template maintained by Alex Kozack. You can 💖 sponsor him for continued development of this template.
If you have ideas, questions or suggestions - Welcome to discussions. 😊
- Template use the latest electron version with all the latest security patches.
- The architecture of the application is built according to the security guids and best practices.
- The latest version of the electron-builder is used to compile the application.
- Vite is used to bundle all source codes. This is an extremely fast packer that has a bunch of great features. You can learn more about how it is arranged in this video.
- Vite supports reading
.env
files. My template has a separate command to generate.d.ts
file with type definition your environment variables.
Vite provides you with many useful features, such as: TypeScript
, TSX/JSX
, CSS/JSON Importing
, CSS Modules
, Web Assembly
and much more.
- The Latest TypeScript is used for all source code.
- Vite supports TypeScript out of the box. However, it does not support type checking.
- Type checking is performed in both
.ts
and.vue
files thanks to @vuedx/typecheck. - Code formatting rules follow the latest TypeScript recommendations and best practices thanks to @typescript-eslint/eslint-plugin.
- By default, web pages are built using the latest version of the Vue. However, there are no problems with using any other frameworks or technologies.
- Also, by default, the vue-router version is included.
- Code formatting rules follow the latest Vue recommendations and best practices thanks to eslint-plugin-vue.
- Installed Vue.js devtools beta with Vue 3 support.
- The configured workflow for check the types for each push and PR.
- The configured workflow for check the code style for each push and PR.
- Automatic tests used spectron. Simple, automated test check:
- Does the main window open
- Is the main window not empty
- Is dev tools closed
- An automatic update from GitHub releases is supported.
- Each time you push changes to the main branch, a workflow starts, which creates a new github release.
- The version number is automatically set based on the current date in the format "yy.mm.dd".
- Notes are automatically generated and added to the new release.
- ✅ Building main and renderer endpoints in production mode — works great.
- ✅ Development mode with hot reload for renderer endpoint — works great.
- ⚠ Development mode for main and preload endpoints — work fine, but it is possible to reboot the backend faster (vite#1434)
- ✅ Compile the app with electron builder in CD — work.
- ✅ Auto update — work.
- ✅ Typechecking in
.ts
and.vue
files — work thanks - ⚠ Linting — work fine, but need review the configuration files and refactor its.
- ✅ Vue.js devtools beta.
- ⏳ Code signing — planned.
- ⚠ Vite 2.0 — still in beta.
The template required a minimum dependencies. Only Vite is used for building, nothing more.
As per the security requirements, context isolation is enabled in this template.
Context Isolation is a feature that ensures that both your
preload
scripts and Electron's internal logic run in a separate context to the website you load in awebContents
. This is important for security purposes as it helps prevent the website from accessing Electron internals or the powerful APIs your preload script has access to.This means that the
window
object that your preload script has access to is actually a different object than the website would have access to. For example, if you setwindow.hello = 'wave'
in your preload script and context isolation is enabledwindow.hello
will be undefined if the website tries to access it.
Read more about Context Isolation.
Exposing APIs from your preload script
to the renderer is a common usecase and there is a dedicated module in Electron to help you do this in a painless way.
// /src/preload/index.ts
const api = {
data: ['foo', 'bar'],
doThing: () => ipcRenderer.send('do-a-thing')
}
contextBridge.exposeInMainWorld('electron', api)
To access this API use the useElectron()
function:
// /src/renderer/App.vue
import {useElectron} from '/@/use/electron'
const {doThing, data} = useElectron()
Note: Context isolation disabled for test
environment. See #693.
All environment variables set as part of the import.meta
, so you can access them as follows: import.meta.env
.
You can also build type definitions of your variables by running bin/buildEnvTypes.js
. This command will create types/env.d.ts
file with describing all environment variables for all modes.
The mode option is used to specify the value of import.meta.env.MODE
and the corresponding environment variables files that needs to be loaded.
By default, there are two modes:
production
is used by defaultdevelopment
is used bynpm run watch
scripttest
is used bynpm test
script
When running building, environment variables are loaded from the following files in your project root:
.env # loaded in all cases
.env.local # loaded in all cases, ignored by git
.env.[mode] # only loaded in specified env mode
.env.[mode].local # only loaded in specified env mode, ignored by git
Note: only variables prefixed with VITE_
are exposed to your code (e.g. VITE_SOME_KEY=123
) and SOME_KEY=123
will not. you can access VITE_SOME_KEY
using import.meta.env.VITE_SOME_KEY
. This is because the .env
files may be used by some users for server-side or build scripts and may contain sensitive information that should not be exposed in code shipped to browsers.
src
Contains all source code.src/main
Contain entrypoint for Electron main script.src/renderer
Contain entrypoint for Electron web page. All files in this directory work as a regular Vue application.src/preload
Contain entrypoint for custom script. It uses aspreload
script inBrowserWindow.webPreferences.preload
. See Checklist: Security Recommendations.src/*
It is assumed any entry points will be added here, for custom scripts, web workers, webassembly compilations, etc.
dist
dist/source
Contains all bundled code.dist/source/main
Bundled main entrypoint.dist/source/renderer
Bundled renderer entrypoint.dist/source/preload
Bundled preload entrypoint.dist/source/*
Bundled any custom files.
dist/app
Contain packages and ready-to-distribute electron apps for any platform. Files in this directory created using electron-builder.
config
Contains various configuration files for Vite, TypeScript, electron builder, etc.bin
It is believed any scripts for build the application will be located here.types
Contains all declaration files to be applied globally to the entire projecttests
Contains all tests
This project requires Node 14 or later.
- Fork this repository
- Run
npm install
to install all dependencies - Build compile app for production —
npm run compile
- Run development environment with file watching —
npm run watch
- Run tests —
npm test