Skip to content

Secure boilerplate for Electron app based on Vite. TypeScript + Vue/React/Angular/Svelte/Vanilla

License

Notifications You must be signed in to change notification settings

EvanBldy/vite-electron-builder

 
 

Repository files navigation

Vite Electron Builder Boilerplate v2

GitHub issues by-label Required Node.JS >= v16.13 Required npm >= v8.1

Vite+Electron = 🔥

This is a secure template for electron applications. Written following the latest safety requirements, recommendations and best practices.

Under the hood is used Vite — super fast, nextgen bundler, and electron-builder for compilation.


Support

  • This template maintained by Alex Kozack. You can 💖 sponsor him for continued development of this template.

  • Found a problem? Pull requests are welcome.

  • If you have ideas, questions or suggestions - Welcome to discussions. 😊


Get started

Follow these steps to get started with this template:

  1. Click the Use this template button (you must be logged in) or just clone this repo.
  2. If you want use another package manager don't forget edit .github/workflows -- it uses npm by default.

That's all you need. 😉

Note: This template uses npm v7 feature — Installing Peer Dependencies Automatically. If you are using a different package manager, you may need to install some peerDependencies manually.

Features

Electron Electron version

  • Template use the latest electron version with all the latest security patches.
  • The architecture of the application is built according to the security guides and best practices.
  • The latest version of the electron-builder is used to compile the application.

Vite Vite version

  • Vite is used to bundle all source codes. This is an extremely fast packer that has a bunch of great features. You can learn more about how it is arranged in this video.
  • Vite supports reading .env files. You can also specify types of your environment variables in types/vite-env.d.ts.
  • Hot reloads for Main and Renderer processes.

Vite provides you with many useful features, such as: TypeScript, TSX/JSX, CSS/JSON Importing, CSS Modules, Web Assembly and much more.

See all Vite features.

TypeScript TypeScript version (optional)

  • The Latest TypeScript is used for all source code.
  • Vite supports TypeScript out of the box. However, it does not support type checking.
  • Code formatting rules follow the latest TypeScript recommendations and best practices thanks to @typescript-eslint/eslint-plugin.

See this discussion if you want completly remove TypeScript.

Vue Vue version (optional)

  • By default, web pages are built using Vue. However, you can easily change it. Or do not use additional frameworks at all. (See React fork)
  • Also, by default, the vue-router version Vue-router version is used.
  • Code formatting rules follow the latest Vue recommendations and best practices thanks to eslint-plugin-vue.
  • Installed Vue.js devtools beta with Vue 3 support.

See examples of web pages for different frameworks.

Continuous Integration

  • The configured workflow for check the types for each push and PR.
  • The configured workflow for check the code style for each push and PR.
  • Automatic tests used playwright. Simple, automated test check:
    • Does the main window created and visible?
    • Is the main window not empty?
    • Is dev tools closed?
    • Is preload script loaded?

Continuous delivery

  • Each time you push changes to the main branch, release workflow starts, which creates release draft.
    • The version is automatically set based on the current date in the format yy.mm.dd-minutes.
    • Notes are automatically generated and added to the release draft.
    • Code signing supported. See compile job in release workflow.
  • Auto-update is supported. After the release will be published, all client applications will download the new version and install updates silently.

Status

This template was created to make my work easier. It may not be universal, but I try to keep it that way.

I am actively involved in its development. But I do not guarantee that this template will be maintained in the future.

At the moment, there are the following problems:

  • ⚠ Playwright has experimental support for Electron.
  • ⚠ Release notes are created automatically based on commit history. .github/actions/release-notes is used for generation. It may not provide some scenarios. If you encounter a problem - write about it.
  • ⏳ I want to migrate all code base to ESM. But because Nodejs ecosystem is unprepared I have not known whether this will give more benefits or more inconvenience.

Some improvement or problems can be listed in issues.

Pull requests are welcome.

How it works

The template required a minimum dependencies. Only Vite is used for building, nothing more.

Project Structure

The structure of this template is very similar to the structure of a monorepo.

The entire source code of the program is divided into three modules (packages) that are bundled each independently:

Build web resources

Packages main and preload are built in library mode as it is a simple javascript. renderer package build as regular web app.

The build of web resources is performed in the scripts/build.js. Its analogue is a sequential call to vite build for each package.

Compile App

Next step is run packaging and compilation a ready for distribution Electron app for macOS, Windows and Linux with "auto update" support out of the box.

To do this, using the electron-builder:

  • In npm script compile: This script is configured to compile the application as quickly as possible. It is not ready for distribution, is compiled only for the current platform and is used for debugging.
  • In GitHub Action: The application is compiled for any platform and ready-to-distribute files are automatically added to the draft GitHub release.

Using Node.js API in renderer

According to Electron's security guidelines, Node.js integration is disabled for remote content. This means that you cannot call any Node.js api in the packages/renderer directly. To do this, you must describe the interface in the packages/preload where Node.js api is allowed:

// packages/preload/src/index.ts
import {readFile} from 'fs/promises'

const api = {
  readConfig: () =>  readFile('/path/to/config.json', {encoding: 'utf-8'}),
}

contextBridge.exposeInMainWorld('electron', api)
// packages/renderer/src/App.vue
import {useElectron} from '/@/use/electron'

const {readConfig} = useElectron()

Read more about Security Considerations.

Modes and Environment Variables

All environment variables set as part of the import.meta, so you can access them as follows: import.meta.env.

You can also specify types of your environment variables in types/vite-env.d.ts.

The mode option is used to specify the value of import.meta.env.MODE and the corresponding environment variables files that needs to be loaded.

By default, there are two modes:

  • production is used by default
  • development is used by npm run watch script

When running building, environment variables are loaded from the following files in your project root:

.env                # loaded in all cases
.env.local          # loaded in all cases, ignored by git
.env.[mode]         # only loaded in specified env mode
.env.[mode].local   # only loaded in specified env mode, ignored by git

Note: only variables prefixed with VITE_ are exposed to your code (e.g. VITE_SOME_KEY=123) and SOME_KEY=123 will not. You can access VITE_SOME_KEY using import.meta.env.VITE_SOME_KEY. This is because the .env files may be used by some users for server-side or build scripts and may contain sensitive information that should not be exposed in code shipped to browsers.

Contribution

See Contributing Guide.

About

Secure boilerplate for Electron app based on Vite. TypeScript + Vue/React/Angular/Svelte/Vanilla

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 72.9%
  • Vue 23.9%
  • HTML 3.2%