-
electron-secure-defaults
Starter kit and documentation for building security conscious Electron apps
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
We also follow Electron's security guidelines, and then some. We've open sourced an Electron app base that uses the same secure defaults here, if you would like to take a look. This includes disabling dangerous options like Node.JS integration. Let's jump to your specific example cases from past Electron tire-fires next. As a full disclaimer, Electron adds options now and then so its possible some of our prevention mechanisms might not have been as effective at the time these exploits in 2018 occurred.
The Slack exploit had a very positive effect on the security model of Electron overall too. Sometime after the vulnerability was reported, [Electron gained a feature[(https://github.com/electron/electron/pull/24241) called "fuses." These allow you to disable certain functionality at packaging time and to have their status enforced by OS code signing on the app binary. One of the more important ones is the ability to disable Node.JS integration through the entire app, regardless of what opening windows requests or possible bypasses in the Electron's typescript layer. We believe this is a huge improvement over the previous status quota.