Building a Secure Electron App

secure-electron-template

The best way to build Electron apps with security in mind.

If you are curious about what makes an electron app secure, please check out this page .

Features

Taken from the best-practices official page, here is what this repository offers!

1. Only load secure content - (Need help!)
2. Do not enable node.js integration for remote content - :white_check_mark:
3. Enable context isolation for remote content - :white_check_mark:
4. Handle session permission requests from remote content - :white_check_mark:
5. Do not disable websecurity - :white_check_mark:
6. Define a content security policy - :white_check_mark:
7. Do not set allowRunningInsecureContent to true - :white_check_mark:
8. Do not enable expirimental features - :white_check_mark:
9. Do not use enableBlinkFeatures - :white_check_mark:
10. Do not use allowpopups - :white_check_mark:
11. <webview> verify options and params - :white_check_mark:
12. Disable or limit navigation - :white_check_mark:
13. Disable or limit creation of new windows - :white_check_mark:
14. Do not use openExternal with untrusted content - :white_check_mark:
15. Disable remote module - :white_check_mark:
16. Filter the remote module - todo!
17. Use a current version of electron - :white_check_mark:

Included frameworks

Built-in to this template are a number of popular frameworks already wired up to get you on the road running.

• Electron
• React
• Redux (with Redux toolkit )
• Babel
• Webpack (with webpack-dev-server )
• Electron builder (for packaging up your app)

Roadmap

There are a number of additions that I'd like to implement in this repository, namely:

• i18next (for localization). A package is already been started for this work.
• An electron store (to save user data), similar to this package

Both of these plans are being held back by some enhancements I'm going to tackle detailed in this issue . They will come soon.

I'd also like to get features such as auto-updating and more release-focused enhancements as well as a redux undo/redo history and test suites, but those are lower priority (but I welcome PRs!).

Architecture

For a more detailed view of the architecture of the template, please check out here . I would highly recommend reading this document to get yourself familiarized with this template.

How to get started

git clone https://github.com/reZach/secure-electron-template.git
cd secure-electron-template
npm i
npm run dev