Thank you, Takuya
Vite + Electron = ๐ฅ
This project is a secure electron application using the latest safety requirements, recommendations and best practices.
Under the hood is Vite โ A next-generation blazing fast bundler, and electron-builder for packaging.
Follow these steps to get started:
- After cloning the repo or downloading the zip, input
npm i
into terminal. - Input
npm run watch
to view a live version of the project while you are working on it. - Input
npm run compile
to generate an executable which will be located in .\dist\win-unpacked [windows].
That's all you need. ๐
- Latest electron version and security patches.
- Architecture of the app follows the security guides and best practices.
- The latest version of the electron-builder is used to package the app.
- Vite is used to bundle the source code. It's a fast bundler, that has a ton of amazing features. You can learn more about how it is arranged in this video.
- Vite supports reading
.env
files. You can also specify the types of your environment variables intypes/env.d.ts
. - Automatic hot-reloads for the
Main
andRenderer
processes.
Vite provides many useful features, such as: TypeScript
, TSX/JSX
, CSS/JSON Importing
, CSS Modules
, Web Assembly
and much more.
- The latest version of TypeScript is used for the source code.
- Vite supports TypeScript out of the box. However, it does not support type checking.
- Code formatting rules follow the latest TypeScript recommendations and best practices thanks to @typescript-eslint/eslint-plugin.
See this discussion if you want completely remove TypeScript.
- Web pages are built using Vue. However, may change that... or not use additional frameworks at all. ๐ค
- Code formatting rules follow the latest Vue recommendations and best practices thanks to eslint-plugin-vue.
See examples of web pages for different frameworks.
The project requires a minimum amount dependencies. Only Vite is used for building, nothing more.
The structure of this project is very similar to the structure of a monorepo.
flowchart TB;
packages/preload <-. IPC Messages .-> packages/main
subgraph packages/main
M[index.ts] --> EM[Electron Main Process Modules]
M --> N2[Node.js API]
end
subgraph packages/preload
P[index.ts] --> N[Node.js API]
P --> ED[External dependencies]
P --> ER[Electron Renderer Process Modules]
end
subgraph packages/renderer
R[index.html] --> W[Web API]
R --> BD[Bundled dependencies]
R --> F[Web Frameforks]
end
packages/renderer -- Call Exposed API --> P
The entire source code of the project is divided into three modules (packages) that are each bundled independently:
packages/renderer
. Responsible for the contents of the application window. In fact, it is a regular web application. In developer mode, you can even open it in a browser. The development and build process is the same as for classic web applications. Access to low-level API electrons or Node.js is done through the preload layer.packages/preload
. Acts as an intermediate bridge between the renderer process and the API exposed by electron and Node.js. Runs in an isolated browser context, but has direct access to the full Node.js functionality. See Checklist: Security Recommendations .packages/main
Electron main script. This is the main process that powers the application. It manages creating and handling the spawned BrowserWindow, setting and enforcing secure permissions and request handlers. You can also configure it to do much more as per your need, such as: logging, reporting statistics and health status among others.
The main
and preload
packages are built in library mode as it is
simple javascript.
The renderer
package builds as a regular web app.
The next step is to package a ready to distribute Electron app for macOS, Windows and Linux with "auto update" support out of the box.
To do this, use electron-builder:
- Using the npm script
npm run compile
: This script is configured to compile the application as quickly as possible. It is not ready for distribution, it is compiled only for the current platform and is used for debugging. - Using GitHub Actions: The application is compiled for any platform and ready-to-distribute files are automatically added as a draft to the GitHub releases page.
Because the renderer
works and builds like a regular web application, you can only use dependencies that support the
browser or compile to a browser-friendly format.
This means that in the renderer
you are free to use any frontend dependencies such as Vue, React, lodash, axios and so
on.However, you CANNNOT use any native Node.js APIs, such as, systeminformation
. These APIs are only available in
a Node.js runtime environment and will cause your application to crash if used in the renderer
layer. Instead, if you
need access to Node.js runtime APIs in your frontend, export a function form the preload
package.
All dependencies that require Node.js api can be used in
the preload
script.
Here is an example. Let's say you need to read some data from the file system or database in the renderer.
In the preload context, create a function that reads and returns data. To make the function announced in the preload
available in the render, you usually need to call
the electron.contextBridge.exposeInMainWorld
. However,
this project uses the unplugin-auto-expose plugin, so you just need
to export the method from the preload. The exposeInMainWorld
will be called automatically.
// preload/index.ts
import {writeFile} from 'fs'
// Everything you exported from preload/index.ts may be called in renderer
export function getData() {
return /* ... */
}
Now you can import and call the method in renderer
// renderer/somewere.component.ts
import {getData} from '#preload'
const dataFromFS = getData()
Read more about Security Considerations .
Although the preload has access to all of Node.js's API, it still runs in the BrowserWindow context, so a limited electron modules are available in it. Check the electron docs for full list of available methods.
All other electron methods can be invoked in the main
.
As a result, the architecture of interaction between all modules is as follows:
sequenceDiagram
renderer->>+preload: Read data from file system
preload->>-renderer: Data
renderer->>preload: Maximize window
activate preload
preload-->>main: Invoke IPC command
activate main
main-->>preload: IPC response
deactivate main
preload->>renderer: Window maximized
deactivate preload
Read more about Inter-Process Communication
All environment variables are set as part of the import.meta
, so you can access them vie the following
way: import.meta.env
.
If you are using TypeScript and want to get code completion you must add all the environment variables to
the ImportMetaEnv
in types/env.d.ts
.
The mode option is used to specify the value of import.meta.env.MODE
and the corresponding environment variables files
that need to be loaded.
By default, there are two modes:
production
is used by defaultdevelopment
is used bynpm run watch
script
When running the build script, the environment variables are loaded from the following files in your project root:
.env # loaded in all cases
.env.local # loaded in all cases, ignored by git
.env.[mode] # only loaded in specified env mode
.env.[mode].local # only loaded in specified env mode, ignored by git
To prevent accidentally leaking env variables to the client, only variables prefixed with VITE_
are exposed to your
Vite-processed code.
For example let's take the following .env
file:
DB_PASSWORD=foobar
VITE_SOME_KEY=123
Only VITE_SOME_KEY
will be exposed as import.meta.env.VITE_SOME_KEY
to your client source code, but DB_PASSWORD
will not.
See Contributing Guide.