Skip to content
The best way to build Electron apps with security in mind.
JavaScript HTML
Branch: master
Clone or download

README.md

secure-electron-template

The best way to build Electron apps with security in mind.

If you are curious about what makes an electron app secure, please check out this page.

Features

Taken from the best-practices official page, here is what this repository offers!

  1. Only load secure content - (Need help!)
  2. Do not enable node.js integration for remote content -
  3. Enable context isolation for remote content -
  4. Handle session permission requests from remote content -
  5. Do not disable websecurity -
  6. Define a content security policy -
  7. Do not set allowRunningInsecureContent to true -
  8. Do not enable experimental features -
  9. Do not use enableBlinkFeatures -
  10. Do not use allowpopups -
  11. <webview> verify options and params -
  12. Disable or limit navigation -
  13. Disable or limit creation of new windows -
  14. Do not use openExternal with untrusted content -
  15. Disable remote module -
  16. Filter the remote module -
  17. Use a current version of electron -

Included frameworks

Built-in to this template are a number of popular frameworks already wired up to get you on the road running.

Roadmap

There are a number of additions that I'd like to implement in this repository, namely:

I'd also like to get features such as auto-updating and more release-focused enhancements as well as a redux undo/redo history and test suites, but those are lower priority (but I welcome PRs!).

Architecture

For a more detailed view of the architecture of the template, please check out here. I would highly recommend reading this document to get yourself familiarized with this template.

How to get started

git clone https://github.com/reZach/secure-electron-template.git
cd secure-electron-template
npm i
npm run dev
You can’t perform that action at this time.