Skip to content
The best way to build Electron apps with security in mind.
JavaScript CSS HTML
Branch: master
Clone or download


The best way to build Electron apps with security in mind.

If you are curious about what makes an electron app secure, please check out this page.


Taken from the best-practices official page, here is what this repository offers!

  1. Only load secure content - (Need help!)
  2. Do not enable node.js integration for remote content -
  3. Enable context isolation for remote content -
  4. Handle session permission requests from remote content -
  5. Do not disable websecurity -
  6. Define a content security policy -
  7. Do not set allowRunningInsecureContent to true -
  8. Do not enable experimental features -
  9. Do not use enableBlinkFeatures -
  10. Do not use allowpopups -
  11. <webview> verify options and params -
  12. Disable or limit navigation -
  13. Disable or limit creation of new windows -
  14. Do not use openExternal with untrusted content -
  15. Disable remote module -
  16. Filter the remote module -
  17. Use a current version of electron -

Included frameworks

Built-in to this template are a number of popular frameworks already wired up to get you on the road running.


There are a number of additions that I'd like to implement in this repository, namely auto-updating and more release-focused enhancements as well as a redux undo/redo history and test suites, but those are lower priority (but I welcome PRs!).


For a more detailed view of the architecture of the template, please check out here. I would highly recommend reading this document to get yourself familiarized with this template.

How to get started

git clone
cd secure-electron-template
npm i
npm run dev
You can’t perform that action at this time.