This commit bumps Electron and related dependencies to their latest
versions to leverage native ESM support. It adjusts build configuration
to use native ESM support instead of relying on CommonJS bundling.
Key changes:
- Bump Electron to latest v29.
Electron v28 ships with native ESM/ECMAScript modules support.
Details on Electron ESM support:
- electron/electron#21457
- electron/electron#37535
- Bump `electron-builder` to latest v24.13.
`electron-builder` is used to package and publish the application.
It supports ESM since 24.10.
Details on `electron-builder` ESM support:
- electron-userland/electron-builder#7936
- electron-userland/electron-builder#7935
- Bump `electron-log` to latest v5.1.
`electron-log` supports ESM since version 5.0.4.
Details on `electron-log` ESM support:
- megahertz/electron-log#390.
- Change `electron-vite` configuration to bundle as ESM instead of
CommonJS to leverage Electron's native ESM support.
Other supporting changes:
- Add type hint for electron-builder configuration file.
- Update import statements for `electron-updater` as it still is a
CommonJS module and does not support ESM.
Details:
- electron-userland/electron-builder#7976
- Improve `electron-builder` configuration file to dynamically locate
main entry files, supporting various JavaScript file extensions
(`.js`, `.mjs` and `.cjs`) to facilitate easier future changes.
- Change comment about Electron process-specific module alias
registration. This issue has been fixed in `electron-vite`, but
subpath module imports for Electron still do not work when building
tests (`npm run test:unit`).
Details:
- alex8088/electron-vite#372
- Add `electron-log` in bundling process instead of externalizing to
workaround Electron ESM loader issues with subpath imports (inability
to do `electron-log/main`).
Details:
- alex8088/electron-vite#401
- electron/electron#41241
- Improve desktop runtime error checks' assertion message for better
clarity.
This commit upgrades TypeScript to the latest version 5.3 and introduces
`verbatimModuleSyntax` in line with the official Vue guide
recommendatinos (vuejs/docs#2592).
By enforcing `import type` for type-only imports, this commit improves
code clarity and supports tooling optimization, ensuring imports are
only bundled when necessary for runtime.
Changes:
- Bump TypeScript to 5.3.3 across the project.
- Adjust import statements to utilize `import type` where applicable,
promoting cleaner and more efficient code.
This commit fixes an issue seen on certain Windows environments (Windows
10 22H2 and 11 23H2 Pro Azure VMs) where scripts were being deleted
during execution due to temporary directory usage. To resolve this,
scripts are now stored in a persistent directory, enhancing reliability
for long-running scripts and improving auditability along with
troubleshooting.
Key changes:
- Move script execution logic to the `main` process from `preloader` to
utilize Electron's `app.getPath`.
- Improve runtime environment detection for non-browser environments to
allow its usage in Electron main process.
- Introduce a secure module to expose IPC channels from the main process
to the renderer via the preloader process.
Supporting refactorings include:
- Simplify `CodeRunner` interface by removing the `tempScriptFolderName`
parameter.
- Rename `NodeSystemOperations` to `NodeElectronSystemOperations` as it
now wraps electron APIs too, and convert it to class for simplicity.
- Rename `TemporaryFileCodeRunner` to `ScriptFileCodeRunner` to reflect
its new functinoality.
- Rename `SystemOperations` folder to `System` for simplicity.
- Rename `HostRuntimeEnvironment` to `BrowserRuntimeEnvironment` for
clarity.
- Refactor main Electron process configuration to align with latest
Electron documentation/recommendations.
- Refactor unit tests `BrowserRuntimeEnvironment` to simplify singleton
workaround.
- Use alias imports like `electron/main` and `electron/common` for
better clarity.
- Bump Node.js to version 18. This change is necessary as Node.js v16
will reach end-of-life on 2023-09-11. It also ensure compatibility
with dependencies requiring minimum of Node.js v18, such as `vite`,
`@vitejs`plugin-legacy` and `icon-gen`.
- Bump `setup-node` action to v4.
- Recommend using the `nvm` tool for managing Node.js versions in the
documentation.
- Update documentation to point to code reference for required Node.js
version. This removes duplication of information, and keeps the code
as single source of truth for required Node.js version.
- Refactor code to adopt the `node:` protocol for Node API imports as
per Node.js 18 standards. This change addresses ambiguities and aligns
with Node.js best practices (nodejs/node#38343). Currently, there is
no ESLint rule to enforce this protocol, as noted in
import-js/eslint-plugin-import#2717.
- Replace `cross-fetch` dependency with the native Node.js fetch API
introduced in Node.js 18. Adjust type casting for async iterable read
streams to align with the latest Node.js APIs, based on discussions in
DefinitelyTyped/DefinitelyTyped#65542.
This commit refactors configuration to use centrally defined Electron
entry file path to improve maintainability and reduce duplication.
- Replace the hardcoded file path in the `main` field of `package.json`
with a reference to the `ELECTRON_ENTRY` environment variable, managed
by `electron-vite`.
- Update `electron-vite` to version 1.0.28, enabling the use of
`ELECTRON_ENTRY` environment variable feature (details in
alex8088/electron-vite#270).
This commit makes the build process more robust, simplifies
configurations and reduce the risk of incomplete or erroneous
deployments.
- Centralize output directory definitions by introducing
`dist-dirs.json`.
- Add `verify-build-artifacts` utility to ensure correct build outputs
and `print-dist-dir` to determine distribution directory.
- Add steps in CI/CD pipeline to verify build artifacts.
- Migrate Electron Builder config from YAML to CJS for capability to
read JSON.
- Fix `release-site.yaml` failing due to pointing to wrong distribution
directory, change it to use `print-dist-dir`.
- Improve `check-desktop-runtime-errors` to verify build artifacts for
more reliable builds. Ensure tests fail and succeed reliably.
- Update `.gitignore` and configure ESLint to use it to define and
ignore build artifact directories from one place, remove
`.eslintignore` that does not add anything after this change.
- Keep `"main"` field in `package.json` as `electron-vite` depends on it
(alex8088/electron-vite#270).
- Improve documentation
Enable `contextIsolation` in Electron to securely expose a limited set
of Node.js APIs to the renderer process. It:
1. Isolates renderer and main process contexts. It ensures that the
powerful main process functions aren't directly accessible from
renderer process(es), adding a security boundary.
2. Mitigates remote exploitation risks. By isolating contexts, potential
malicious code injections in the renderer can't directly reach and
compromise the main process.
3. Reduces attack surface.
4. Protect against prototype pollution: It prevents tampering of
JavaScript object prototypes in one context from affecting another
context, improving app reliability and security.
Supporting changes include:
- Extract environment and system operations classes to the infrastructure
layer. This removes node dependencies from core domain and application
code.
- Introduce `ISystemOperations` to encapsulate OS interactions. Use it
from `CodeRunner` to isolate node API usage.
- Add a preloader script to inject validated environment variables into
renderer context. This keeps Electron integration details
encapsulated.
- Add new sanity check to fail fast on issues with preloader injected
variables.
- Improve test coverage of runtime sanity checks and environment
components. Move validation logic into separate classes for Single
Responsibility.
- Improve absent value test case generation.
- Switch from deprecated Vue CLI plugin to `electron-vite` (see
nklayman/vue-cli-plugin-electron-builder#1982)
- Update main/preload scripts to use `index.cjs` filenames to support
`"type": "module"`, resolving crash issue (#233). This crash was
related to Electron not supporting ESM (see electron/asar#249,
electron/electron#21457).
- This commit completes migration to Vite from Vue CLI (#230).
Structure changes:
- Introduce separate folders for Electron's main and preload processes.
- Move TypeHelpers to `src/` to mark tit as accessible by the rest of
the code.
Config changes:
- Make `vite.config.ts` reusable by Electron configuration.
- On electron-builder, use `--publish` flag instead of `-p` for clarity.
Tests:
- Add log for preload script loading verification.
- Implement runtime environment sanity checks.
- Enhance logging in `check-desktop-runtime-errors`.
