Squirrel
open_safety
Our great sponsors
Squirrel | open_safety | |
---|---|---|
37 | 14 | |
7,155 | 35 | |
0.8% | - | |
6.0 | 2.6 | |
3 months ago | almost 2 years ago | |
C++ | Rust | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Squirrel
-
ClickOnce
I never had much luck with ClickOnce, so I was using Squirrel.Windows. I've recently switched to the Clowd.Squirrel fork, since I needed support for AzureSignTool in the build process.
-
Any sufficiently advanced uninstaller is indistinguishable from malware
As soon as Office 2007 didn't use MSI the format was doomed.
I assume the Here in NIH refers to an individual team, not MS as a whole.
Teams is entirely NIH https://github.com/Squirrel/Squirrel.Windows for updates to the Electron app.
I would use winget, but MS made it weirdly hard to run as a script on multiple computers, it installs per user, because... who knows.
So still using chocolatey
-
Thanks, log
Back in the day, wasn't Discord installed using Squirrel?
- C# Windows desktop app - Best way to create an installer and auto-updater?
-
In the year 2023, what is the best way to deploy/distribute a WPF Application?
Originally, we used to use Squirrel.Windows for our internal applications but we had a few issues with it before we finally dropped it.
-
WinForms Application Updater
The most viable option with the path of least resistance would be Squirrel.Windows as it is both and installer and updater but has some caveats (SemVer pattern must be followed).
-
[ClickOnce] How to get rid of this message?
Maybe someone has a better ide, but this is one of many reasons why I'm trying to get all our old ClickOnce installers migrated to something else (I've heard good things about Squirrel.
-
Compose Multiplatform 1.2 Is Out: New Mouse and Keyboard APIs, ProGuard Support, Online Updates
Electron does have auto-update built in (Squirrel), but it comes with severe non-price related caveats. Squirrel is only intermittently maintained and goes through long periods in which the different versions are abandoned (see for Windows, macOS). People have requested a switch to Sparkle on macOS, which is what Conveyor uses, but with no response. There's also the issue that their update solutions require interactive servers but the only free one is restricted to open source projects, and isn't itself open source. The Electron website points you towards a variety of projects if you want to run your own server but all of them are (again) abandoned for years.
-
What is currently a good way to provide an installer for WPF application?
We replaced clickonce with https://github.com/Squirrel/Squirrel.Windows and are generally happy with the choice
-
How to disable discord from trying to update after reboot?
Discord in the Task Manager can sometimes show up as "Update", made by GitHub, because Discord uses a program, that GitHub / their devs were/are involved with making, to update the app, and some kind of bug happens that means it doesn't display as 'Discord'.
open_safety
-
Any sufficiently advanced uninstaller is indistinguishable from malware
Malware delivered as an email with a link to a zip file containing a .js file is one of the most common methods of delivery, right behind word macros. The "map the .js extension to notepad.exe" is a common security trick with a measurable, immediate drop in malware in large orgs. You can deploy it via GPO or InTune.
Personal promotion, I built this as a better alternative:
https://github.com/technion/open_safety
Note the built in .js parser hasn't basically ever updated, if you're writing for this you're writing like you're targetting IE5.
- How to build windows application clean / virus free for online distribution?
- Security Cadence: Use Default Apps to Help Prevent Accidental Launching of Malicious File Types
- Have you ever been hit with ransomware?
-
Microsoft's Small Step to Disable Macros Is a Win for Security
Allow me to reference my own workaround for those vectors:
https://github.com/technion/open_safety
- Am I the only one who finds Rust to be centered around Linux? Any Windows devs want to share their experience with Rust?
- State-of-the-art EDRs are not perfect, fail to detect common attacks
- Is shipping the produced .exe the only thing one needs to ship in order to ship a Rust program?
-
How to Rapidly Improve at Any Programming Language
https://github.com/technion/open_safety
The time I've spent on the Github actions is substantively higher than the time I've spent on the .rs files. Of course you can't "test actions before commit" in the way you can actual code, so I kept having to make branches, make 15 commits like "try action fix again", followed by squashing them all down and merging.
- To enable trust, install this certificate in the Trusted Root Certification Authorities store.
What are some alternatives?
AutoUpdater.NET - AutoUpdater.NET is a class library that allows .NET developers to easily add auto update functionality to their classic desktop application projects.
csv-injection-payloads - 🎯 CSV Injection Payloads
Wix Toolset
music-vibes - Desktop app for translating audio output into vibrations
Chocolatey - Chocolatey - the package manager for Windows
xwin - A utility for downloading and packaging the Microsoft CRT headers and libraries, and Windows SDK headers and libraries needed for compiling and linking programs targeting Windows.
Clowd.Squirrel - Quick and easy installer and automatic updates for cross-platform dotnet applications
ntfs - An implementation of the NTFS filesystem in a Rust crate, usable from firmware level up to user-mode.
NetSparkle - NetSparkle is a C# cross-platform software update framework for .NET developers compatible with .NET 4.6.2/.NET 6+, WinForms, WPF, and Avalonia; uses Ed25519 or DSA signatures! View basic usage here in the README or visit our website for code docs.
Windows-Sandbox-Utilities - A public repository for useful developments surrounding Windows Sandbox
wixsharp - Framework for building a complete MSI or WiX source code by using script files written with C# syntax.
Stacktribution - A tiny webapp to generate proper attribution to a Stack Overflow's answer.