经过四个多月的开发，八个测试版发布，和世界范围内的测试来自许多应用的分级发布，Electron 2.0.0 现在可从 electronjs.org 下载。

发布流程​

從 2.0.0 開始，Electron 會按照語意版本控制來發布. This means the major version will bump more often and will usually be a major update to Chromium. Patch releases should be more stable because they will contain only high-priority bug fixes.

Electron 2.0.0 also represents an improvement to how Electron is stabilized before a major release. Several large scale Electron apps have included 2.0.0 betas in staged rollouts, providing the best feedback loop Electron's ever had for a beta series.

Changes / New Features​

• Major bumps to several important parts of Electron's toolchain, including Chrome 61, Node 8.9.3, V8 6.1.534.41, GTK+ 3 on Linux, updated spellchecker, and Squirrel.
• In-app purchases are now supported on MacOS. #11292
• New API for loading files. #11565
• New API to enable/disable a window. #11832
• New API app.setLocale(). #11469
• New support for logging IPC messages. #11880
• New menu events. #11754
• Add a shutdown event to powerMonitor. #11417
• Add affinity option for gathering several BrowserWindows into a single process. #11501
• Add the ability for saveDialog to list available extensions. #11873
• Support for additional notification actions #11647
• The ability to set macOS notification close button title. #11654
• Add conditional for menu.popup(window, callback)
• Memory improvements in touchbar items. #12527
• Improved security recommendation checklist.
• Add App-Scoped Security scoped bookmarks. #11711
• Add ability to set arbitrary arguments in a renderer process. #11850
• Add accessory view for format picker. #11873
• Fixed network delegate race condition. #12053
• Drop support for the mips64el arch on Linux. Electron requires the C++14 toolchain, which was not available for that arch at the time of the release. We hope to re-add support in the future.

Breaking API changes​

• Removed deprecated APIs, including:
  • Changed menu.popup signature. #11968
  • Removed deprecated crashReporter.setExtraParameter #11972
  • Removed deprecated webContents.setZoomLevelLimits and webFrame.setZoomLevelLimits. #11974
  • Removed deprecated clipboard methods. #11973
  • Removed support for boolean parameters for tray.setHighlightMode. #11981

Bug Fixes​

• Changed to make sure webContents.isOffscreen() is always available. #12531
• Fixed BrowserWindow.getFocusedWindow() when DevTools is undocked and focused. #12554
• Fixed preload not loading in sandboxed render if preload path contains special chars. #12643
• Correct the default of allowRunningInsecureContent as per docs. #12629
• Fixed transparency on nativeImage. #12683
• Fixed issue with Menu.buildFromTemplate. #12703
• Confirmed menu.popup options are objects. #12330
• Removed a race condition between new process creation and context release. #12361
• Update draggable regions when changing BrowserView. #12370
• Fixed menubar toggle alt key detection on focus. #12235
• Fixed incorrect warnings in webviews. #12236
• Fixed inheritance of 'show' option from parent windows. #122444
• Ensure that getLastCrashReport() is actually the last crash report. #12255
• Fixed require on network share path. #12287
• Fixed context menu click callback. #12170
• Fixed popup menu position. #12181
• Improved libuv loop cleanup. #11465
• Fixed hexColorDWORDToRGBA for transparent colors. #11557
• Fixed null pointer dereference with getWebPreferences api. #12245
• Fixed a cyclic reference in menu delegate. #11967
• Fixed protocol filtering of net.request. #11657
• WebFrame.setVisualZoomLevelLimits now sets user-agent scale constraints #12510
• Set appropriate defaults for webview options. #12292
• Improved vibrancy support. #12157 #12171 #11886
• Fixed timing issue in singleton fixture.
• Fixed broken production cache in NotifierSupportsActions()
• Made MenuItem roles camelCase-compatible. #11532
• Improved touch bar updates. #11812, #11761.
• Removed extra menu separators. #11827
• Fixed Bluetooth chooser bug. Closes #11399.
• Fixed macos Full Screen Toggle menu item label. #11633
• Improved tooltip hiding when a window is deactivated. #11644
• Migrated deprecated web-view method. #11798
• Fixed closing a window opened from a browserview. #11799
• Fixed Bluetooth chooser bug. #11492
• Updated to use task scheduler for app.getFileIcon API. #11595
• Changed to fire console-message event even when rendering offscreen. #11921
• Fixed downloading from custom protocols using WebContents.downloadURL. #11804
• Fixed transparent windows losing transparency when devtools detaches. #11956
• Fixed Electron apps canceling restart or shutdown. #11625

macOS​

• Fixed event leak on reuse of touchbar item. #12624
• Fixed tray highlight in darkmode. #12398
• Fixed blocking main process for async dialog. #12407
• Fixed setTitle tray crash. #12356
• Fixed crash when setting dock menu. #12087

Linux​

• Better Linux desktop notifications. #12229 #12216 #11965 #11980
• Better GTK+ theme support for menus. #12331
• Exit gracefully on linux. #12139
• Use the app’s name as the tray icon's default tooltip. #12393

Windows​

• Added Visual Studio 2017 support. #11656
• Fixed passing of exception to the system crash handler. #12259
• Fixed hiding tooltip from minimized window. #11644
• Fixed desktopCapturer to capture the correct screen. #11664
• Fixed disableHardwareAcceleration with transparency. #11704

接下来

Electron团队正在努力支持较新版本的Chromium, Node和 v8。 下一个版本号预计3.0.0-beta.1！

今天，我们发布了一个免费的、开源的托管更新 web服务 和配套的 npm 包，以便为开源 Electron 应用程序启用便捷的自动更新。 这使得应用程序开发人员能够花更少的时间考虑部署，而多去为用户提供高质量的体验。

让生活更轻松​

Electron有一个autoUpdater API，让应用程序能够从远程终端获取元数据以检查更新，可以在后台下载并且自动安装。

启用这些更新对许多Electron应用开发者来说是部署过程中一个繁琐的步骤，因为它需要部署一个 web 服务器并且这只是为了提供应用版本历史元数据。

今天我们公布了一个新的应用自动更新的解决方案。 如果你的Electron应用在公开的GitHub仓库中，并且你正在使用GitHub Releases发布构建版本，你可以使用这项服务向你的用户提供持续的应用更新。

使用新模块​

为了减少配置，我们创建了update-electron-app，一个npm模块，它与新的 update.electronjs.org web服务集成在一起。

安装模块

npm install update-electron-app

在您的应用程序的 main进程中的任何地方调用：

require('update-electron-app')();

搞定！ 该模块将在应用启动时检查更新，然后每10分钟检查一次。 当它发现有更新时，它将在后台自动下载，并在更新就绪时显示对话框。

迁移现有应用​

已经使用Electron的autoUpdater API的应用程序也可以使用这项服务。 为此，你可以定制update-electron-app模块，或者直接与update.electronjs.org集成。

可替代方案​

如果你使用electron-builder来打包你的应用，你可以使用它内置的更新程序。 有关详细信息，请参见electronic.build/auto-update。

如果你的应用是私人的，你可能需要部署属于你自己的更新服务器。 有很多开源工具可以做到这一点，包括Zeit的Hazel和Atlassian的Nucleus。 有关更多信息，请参阅部署一个更新服务器教程。

谢谢！​

感谢Julian Gruber帮助设计和构建这个简单且可扩展的web服务。 感谢Zeit的工作人员，他们提供了开源的Hazel服务，我们从中获得了设计灵感。 感谢Samuel Attard的代码评审。 感谢Electron社区帮助测试这项服务。

🌲 为 Electron 应用的美好未来干杯!

The new Electron 2.0 release line is packed with new features and fixes. One of the highlights from this new major version is a new inAppPurchase API for Apple's Mac App Store.

In-app purchases enable content or subscriptions to be purchased directly from within apps. This gives developers an easy way to embrace the freemium business model, wherein users pay nothing to download an app and are offered optional in-app purchases for premium features, additional content, or subscriptions.

The new API was added to Electron by community contributor Adrien Fery to enable in-app purchases in Amanote, a note-taking Electron app for lectures and conferences. Amanote is free to download and allows clear and structured notes to be added to PDFs, with features like mathematical formulae, drawings, audio recording, and more.

Since adding in-app purchase support to the Mac version of Amanote, Adrien has noted a 40% increase in sales!

入门指南​

The new inAppPurchase API has already landed in the latest Electron beta:

npm i -D electron@beta

The docs for the API can be found on GitHub, and Adrien has been kind enough to write a tutorial on how to use the API. To get started adding in-app purchases to your app, see the tutorial.

More improvements to the API are in the works, and will soon be landing in an upcoming Electron beta release.

Windows Could Be Next​

Up next, Adrien is hoping to open a new revenue channel for Amanote by adding support for Microsoft Store in-app purchases in Electron. Stay tuned for developments on that!

已发现一个漏洞，该漏洞允许在某些禁用 Node.js 集成的 Electron 应用程序中重新启用 Node.js 环境。 已为此漏洞分配了 CVE 标识符 CVE-2018-1000136。

受影响的应用程序​

如果 以下所有 都为真，则应用程序将受到影响：

1. 在 Electron 1.7, 1.8, 或 2.0.0-beta 上运行
2. 允许执行任意远程代码
3. 禁用 Node.js 集成
4. 没有在其网页首选项中明确声明 webviewTag: false
5. 不启用 nativeWindowOption 选项
6. 不要在未使用提供的选项标签的情况下拦截 new-window 事件并手动覆盖 event.newGuest

虽然这似乎是 Electron 应用程序中的少数，但我们鼓励所有应用程序升级，以此作为一种预防措施。

Mitigation​

此漏洞在当前 1.7.13, 1.8.4, 和 2.0.0-beta.5 版本中已修复.

无法升级其 Electron 版本的开发人员可以使用以下代码缓解此漏洞：

app.on('web-contents-created', (event, win) => {
  win.on(
    'new-window',
    (event, newURL, frameName, disposition, options, additionalFeatures) => {
      if (!options.webPreferences) options.webPreferences = {};
      options.webPreferences.nodeIntegration = false;
      options.webPreferences.nodeIntegrationInWorker = false;
      options.webPreferences.webviewTag = false;
      delete options.webPreferences.preload;
    }
  );
});

// and *IF* you don't use WebViews at all,
// you might also want
app.on('web-contents-created', (event, win) => {
  win.on('will-attach-webview', (event, webPreferences, params) => {
    event.preventDefault();
  });
});

Further Information​

此漏洞是由 Trustwave SpiderLabs的Brendan Scarvell 发现并负责任地报告给Electron项目的。

要了解有关确保 Electron 应用程序安全的最佳实践，请参阅我们的 安全教程。

要报告Electron中的漏洞，请发送电子邮件至 security@electronjs.org 邮箱。

请加入我们 电子邮件列表 以接收有关版本和安全更新的信息。

上周 electronjs.org 网站停止运行了几分钟。 如果您受到这些短暂中断的影响，我们很抱歉给您带来不便。 今天经过调查，我们发现了根本原因，并部署了一个修复.

To prevent this kind of downtime in the future, we've enabled Heroku threshold alerts on our app. Any time our web server accumulates failed requests or slow responses beyond a certain threshold, our team will be notified so we can address the problem quickly.

各语种离线文档​

下次当你在飞机或在郊区咖啡店开发Electron应用程序时， 您可能想要拿到一份文档以供离线查看。 Fortunately, Electron's docs are available as Markdown files in over 20 languages.

git clone https://github.com/electron/electron-i18n
ls electron-i18n/content

使用GUI查看离线文档​

devdocs.io/electron 是一个文件储存网站，可供离线使用，十分便捷。 除了Electron， JavaScript, TypeScript, Node.js, React, Angular等项目也在使用该网站。 And of course there's an Electron app for that, too. Check out devdocs-app on the Electron site.

If you like to install apps without using your mouse or trackpad, give Electron Forge's install command a try:

npx electron-forge install egoist/devdocs-app

A remote code execution vulnerability has been discovered affecting Electron apps that use custom protocol handlers. This vulnerability has been assigned the CVE identifier CVE-2018-1000006.

Affected Platforms​

Electron apps designed to run on Windows that register themselves as the default handler for a protocol, like myapp://, are vulnerable.

Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron's app.setAsDefaultProtocolClient API.

macOS and Linux are not vulnerable to this issue.

Mitigation​

We've published new versions of Electron which include fixes for this vulnerability: 1.8.2-beta.5, 1.7.12, and 1.6.17. We urge all Electron developers to update their apps to the latest stable version immediately.

如果由于某些原因，您无法升级您的 Electron 版本， 在调用 应用时，您可以添加 -- 作为最后一个参数。 etAsdefaultProtocol客户端, 防止Chromium 解析更多选项。 The double dash -- signifies the end of command options, after which only positional parameters are accepted.

app.setAsDefaultProtocolClient(protocol, process.execPath, [
  '--your-switches-here',
  '--',
]);

更多详情请参阅 app.setAssDefaultProtocol客户端 API。

要了解更多关于维护您的 Electron 应用安全的最佳做法， 请参阅我们的 安全教程

If you wish to report a vulnerability in Electron, email security@electronjs.org.

A new major version of Electron is in the works, and with it some changes to our versioning strategy. As of version 2.0.0, Electron will strictly adhere to Semantic Versioning.

This change means you'll see the major version bump more often, and it will usually be a major update to Chromium. Patch releases will also be more stable, as they will now only contain bug fixes with no new features.

Major 版本增量

• Chromium 版本更新
• Node.js 重大版本更新
• Electron 突破性 API 变更

Minor 版本增量

• Node.js 次要版本更新
• Electron 无突破性 API 变更

Patch 版本增量

• Node.js patch 版本更新
• 修复相关的 chromium 补丁
• Electron bug 修复

Because Electron's semver ranges will now be more meaningful, we recommend installing Electron using npm's default --save-dev flag, which will prefix your version with ^, keeping you safely up to date with minor and patch updates:

npm install --save-dev electron

For developers interested only in bug fixes, you should use the tilde semver prefix e.g. ~2.0.0, which which will never introduce new features, only fixes to improve stability.

For more details, see electronjs.org/docs/tutorial/electron-versioning.

Electron has a new website at electronjs.org! We've replaced our static Jekyll site with a Node.js webserver, giving us flexibility to internationalize the site and paving the way for more exciting new features.

🌍 翻译​

We've begun the process of internationalizing the website with the goal of making Electron app development accessible to a global audience of developers. We're using a localization platform called Crowdin that integrates with GitHub, opening and updating pull requests automatically as content is translated into different languages.

Though we've been working quietly on this effort so far, over 75 Electron community members have already discovered the project organically and joined in the effort to internationalize the website and translate Electron's docs into over 20 languages. We are seeing daily contributions from people all over the world, with translations for languages like French, Vietnamese, Indonesian, and Chinese leading the way.

To choose your language and view translation progress, visit electronjs.org/languages

If you're multilingual and interested in helping translate Electron's docs and website, visit the electron/electron-i18n repo, or jump right into translating on Crowdin, where you can sign in using your GitHub account.

There are currently 21 languages enabled for the Electron project on Crowdin. Adding support for more languages is easy, so if you're interested in helping translate but you don't see your language listed, let us know and we'll enable it.

Raw Translated Docs​

If you prefer to read documentation in raw markdown files, you can now do that in any language:

git clone https://github.com/electron/electron-i18n
ls electron-i18n/content

App Pages​

As of today, any Electron app can easily have its own page on the Electron site. For a few examples, check out Etcher, 1Clipboard, or GraphQL Playground, pictured here on the Japanese version of the site:

There are some incredible Electron apps out there, but they're not always easy to find, and not every developer has the time or resources to build a proper website to market and distribute their app.

Using just a PNG icon file and a small amount of app metadata, we're able to collect a lot of information about a given app. Using data collected from GitHub, app pages can now display screenshots, download links, versions, release notes, and READMEs for every app that has a public repository. Using a color palette extracted from each app's icon, we can produce bold and accessible colors to give each app page some visual distinction.

The apps index page now also has categories and a keyword filter to find interesting apps like GraphQL GUIs and p2p tools.

If you've got an Electron app that you'd like featured on the site, open a pull request on the electron/electron-apps repository.

One-line Installation with Homebrew​

The Homebrew package manager for macOS has a subcommand called cask that makes it easy to install desktop apps using a single command in your terminal, like brew cask install atom.

We've begun collecting Homebrew cask names for popular Electron apps and are now displaying the installation command (for macOS visitors) on every app page that has a cask:

To view all the apps that have homebrew cask names, visit electronjs.org/apps?q=homebrew. If you know of other apps with casks that we haven't indexed yet, please add them!

🌐 A New Domain​

We've moved the site from electron.atom.io to a new domain: electronjs.org.

The Electron project was born inside Atom, GitHub's open-source text editor built on web technologies. Electron was originally called atom-shell. Atom was the first app to use it, but it didn't take long for folks to realize that this magical Chromium + Node runtime could be used for all kinds of different applications. When companies like Microsoft and Slack started to make use of atom-shell, it became clear that the project needed a new name.

And so "Electron" was born. In early 2016, GitHub assembled a new team to focus specifically on Electron development and maintenance, apart from Atom. In the time since, Electron has been adopted by thousands of app developers, and is now depended on by many large companies, many of which have Electron teams of their own.

Supporting GitHub's Electron projects like Atom and GitHub Desktop is still a priority for our team, but by moving to a new domain we hope to help clarify the technical distinction between Atom and Electron.

🐢🚀 Node.js Everywhere​

The previous Electron website was built with Jekyll, the popular Ruby-based static site generator. Jekyll is a great tool for building static websites, but the website had started to outgrow it. We wanted more dynamic capabilities like proper redirects and dynamic content rendering, so a Node.js server was the obvious choice.

The Electron ecosystem includes projects with components written in many different programming languages, from Python to C++ to Bash. But JavaScript is foundational to Electron, and it's the language used most in our community.

By migrating the website from Ruby to Node.js, we aim to lower the barrier to entry for people wishing to contribute to the website.

⚡️ Easier Open-Source Participation​

If you've got Node.js (8 or higher) and git installed on your system, you can easily get the site running locally:

git clone https://github.com/electron/electronjs.org
cd electronjs.org
npm install
npm run dev

The new website is hosted on Heroku. We use deployment pipelines and the Review Apps feature, which automatically creates a running copy of the app for every pull request. This makes it easy for reviewers to view the actual effects of a pull request on a live copy of the site.

🙏 Thanks to Contributors​

We'd like to give special thanks to all the folks around the world who have contributed their own time and energy to help improve Electron. The passion of the open-source community has helped immeasurably in making Electron a success. Thank you!

在谷歌Chromium的代码中发现了远程代码执行功能，这将影响到所有Electron的最新版本。 访问 远程内容的任何Electron应用都易受此开发利用的伤害，不管 沙盒选项 是否启用。

我们已经发布了两个新版本的Electron，分别是1.7.8 与 1.6.14，这两个版本都包括了对于这种脆弱性的修复。 我们鼓励所有Electron开发者立即升级他们的应用到最新的稳定版。

npm i electron@latest --save-dev

要了解更多关于维护您的 Electron 应用安全的最佳做法， 请参阅我们的 安全教程

如果您想在Electron报告一个脆弱性，请联系security@electronjs.org。

electron npm 包现在包含一个 TypeScript 定义文件，提供整个Electron API的详细注释。 这些注释可以改进您的 Electron 开发 感受 ，即使您正在编写原版JavaScript 只需要运行 npm install electron 就可以在您的项目中获得最新的 Electron 类型注释。

TypeScript 是一种由Microsoft创建的开源编程语言。 它是一个添加了对 静态类型的支持并扩展了语言的 JavaScript 超集。 TypeScript 社区近年来迅速增长。 TypeScript 在 最近的Stack Overflow开发者调查 名列最受开发者喜爱的编程语言中。 TypeScript 被描述为 "增强的JavaScript", GitHub, Slack, 和 Microsoft 都用它来写成可缩放的 Electron 应用，这些应用被数以百万计的人使用 。

TypeScript 支持 JavaScript 中的许多较新的语言功能，如 类，对象析构， 异步，但其真正的不同的 功能是 类型注释。 声明程序所期望的输入和输出数据类型可以通过帮助您在编译时找到错误降低错误，类型注释还可以作为程序工作方式的正式声明。

当库使用原版 Javascript 编写时，类型常常很模糊 定义通常是写文档时的事后思考。 函数通常可以 接受更多的类型，而不是文件记录的类型， 或者函数可能有隐藏的 未被记录的约束，因此可能导致运行时错误。

TypeScript 用 定义文件 解决了这个问题。 TypeScript 定义文件描述了库的所有函数和它的 预期输入和输出类型。 当库作者将一个 TypeScript 定义文件与其已发布的库捆绑在一起时， 该库的使用者可以在他们的 编辑器 中探索它的API，并立即开始使用它。 常常不需要查阅图书馆的 文档。

很多受欢迎的项目，例如 角, Vue. s, node-github (现在是 Electron! ）编译他们自己的定义文件并将它与他们的 已发布的 npm 软件包捆绑在一起。 对于那些不将自己的定义文件捆绑在一起的项目， 通常有 DefinitelyTyped, 社区维护定义文件的第三方生态系统。

安装​

从 1.6.10版本开始，Electron 的每次版本更新都包含它自己的 TypeScript 定义文件。 当您从 npm 安装 electron 软件包时， electron.d.ts 文件会自动与 安装的软件包捆绑在一起。

最安全的 安装 Electron 的方式是使用准确的版本号：

npm install electron --save-dev --save-exact

或者如果您正在使用 yarn：

yarn add electron --dev --exact

如果您已经使用了第三方定义，例如 @types/electron 和 @types/node， 您应该将它们从您的 Electron 项目中删除，以防止任何冲突

定义文件来自我们的 结构化 API 文档， 因此它将始终与 Electron 的 API 文档 一致。 只要安装electron，你就能获取到和你的版本一致的最新TypeScript定义

用法​

关于如何安装和使用Electron新的 TypeScript 定义的概要， 观看这个简短的演示：

如果您正在使用 Visual Studio Code，您已经 得到了内置的 TypeScript 支持。 还有社区维护的 插件用于 Atom, Sublime, vim, 和 其他编辑器

一旦您的编辑器配置好了 TypeScript ，您将开始看到更多的 基于上下文的行为，例如自动补全，内嵌方法引用， 参数检查等等。

开始使用 TypeScript​

如果你刚刚知道 TypeScript 并想了解更多信息, 此 来自Microsoft 的介绍视频 提供了关于为何创建这门语言的很好的概述。 如何工作, 如何使用它, 以及它的未来。

在官方的 TypeScript 网站上还有 Handbook 和 Playground 。

因为TypeScript 是 JavaScript 的超集，您现有的 JavaScript 代码 已经是有效的 TypeScript。 这意味着您可以根据需要逐步将现有的 JavaScript 项目转换为 TypeScript 并使用新语言功能。

谢谢！​

没有Electron的 开源社区维护者的帮助，这个项目是不可能实现的。 感谢 Samuel Attard, Felix Rieseberg, Birunthan Mohanathas, Milan Burda, Brendan Forster, 和许多其他人的错误修复、文件改进、 和技术指导。

支持​

如果您在使用 Electron 新的 TypeScript 定义文件时遇到任何问题， 请在 electron-typescript-definition 仓库中提交一个Issue。

尽情使用 TypeScript 吧！