A remote code execution vulnerability, "Magellan," has been discovered affecting software based on SQLite or Chromium, including all versions of Electron.

作用域​

Electron applications using Web SQL are impacted.

Mitigation​

Affected apps should stop using Web SQL or upgrade to a patched version of Electron.

We've published new versions of Electron which include fixes for this vulnerability:

• 4.0.0-beta.11
• 3.1.0-beta.4
• 3.0.13
• 2.0.16

There are no reports of this in the wild; however, affected applications are urged to mitigate.

Further Information​

This vulnerability was discovered by the Tencent Blade team, who have published a blog post that discusses the vulnerability.

要了解更多关于维护您的 Electron 应用安全的最佳做法，请参阅我们的 安全教程。

If you wish to report a vulnerability in Electron, email security@electronjs.org.

Electron 正在努力使其发布周期更快和更稳定。 为了实现这个目标，我们对大范围的Electron应用使用App反馈计划，以此来测试beta版本和上报与应用相关的特定问题给Electron团队。 这有助于我们确定工作的优先次序，使应用程序能够更快地升级到我们的下一个稳定版本。

更改 (2020-05-21)：该计划已经结束。

谁可以加入？​

我们对应用加入此程序的标准和期望包含以下项目：

• 在测试阶段通过10,000+用户使用时长测试您的应用程序
• 拥有一个将每周与您讨论您应用程序中出现的Electron异常和应用拦截器的负责人
• 您同意遵守Electron的行为守则
• 您愿意分享下一个问题中列出的以下信息

我的Electron应用需要分享哪些信息？​

• 任何测试版应用程序为用户服务的总时长
• 您的应用正在测试的 Electron 版本 (例如4.0.0-beta.3)
• 任何正在测试的、会阻止应用程序升级到发布线的异常

用户时长​

我们理解不是每个人都能分享准确的用户数字，但更好的数据帮助我们决定特定版本的稳定性。 我们要求应用承诺测试最低用户小时数，目前整个测试周期为10,000小时。

• 10个用户小时可分为为10个用户各测试一小时，或一个用户测试10个小时
• 您可以在测试版本之间分割测试，例如在3.0-beta测试的5,000个用户小时中。 然后在 3.0.0-β.5 测试5000个用户小时。 更多更好，但我们理解一些应用程序不能测试每个测试版本
• CI 或 QA 小时数不计入总数，但是内部版本数不计。

我的 Electron 应用程序为什么要加入？​

您的应用程序抛出的异常会被Electron核心队伍跟踪调查，并时刻获得此核心团队的注意力。 您的反馈有助于Electron团队了解新测试是如何进行的，以及需要完成哪些工作。

我的应用程序的信息是否会公开分享？ 谁可以查看此信息？​

不，您的应用程序的信息将不会与一般公众分享。 信息保存在一个私有的GitHub源代码库，只有应用反馈方案和 Electron Governance 的成员才能查看。 所有成员都同意遵循Electron的行为守则。

注册​

我们目前正在接受_有限的_注册申请。 如果您感兴趣并且能够满足上述要求，请填写此表格。

The Electron team is excited to announce that the first stable release of Electron 3 is now available from electronjs.org and via npm install electron@latest! It's jam-packed with upgrades, fixes, and new features, and we can't wait to see what you build with them. Below are details about this release, and we welcome your feedback as you explore.

发布流程​

As we undertook development of v3.0.0, we sought to more empirically define criteria for a stable release by formalizing the feedback progress for progressive beta releases. v3.0.0 would not have been possible without our App Feedback Program partners, who provided early testing and feedback during the beta cycle. Thanks to Atlassian, Atom, Microsoft Teams, Oculus, OpenFin, Slack, Symphony, VS Code, and other program members for their work. If you'd like to participate in future betas, please mail us at info@electronjs.org.

Changes / New Features​

Major bumps to several important parts of Electron's toolchain, including Chrome v66.0.3359.181, Node v10.2.0, and V8 v6.6.346.23.

• [#12656] feat: app.isPackaged
• [#12652] feat: app.whenReady()
• [#13183] feat: process.getHeapStatistics()
• [#12485] feat: win.moveTop() to move window z-order to top
• [#13110] feat: TextField and Button APIs
• [#13068] feat: netLog API for dynamic logging control
• [#13539] feat: enable webview in sandbox renderer
• [#14118] feat: fs.readSync now works with massive files
• [#14031] feat: node fs wrappers to make fs.realpathSync.native and fs.realpath.native available

Breaking API changes​

• [#12362] feat: updates to menu item order control
• [#13050] refactor: removed documented deprecated APIs
  • See docs for more details
• [#12477] refactor: removed did-get-response-details and did-get-redirect-request events
• [#12655] feat: default to disabling navigating on drag/drop
• [#12993] feat: Node v4.x or greater is required use the electron npm module
• [#12008 #12140 #12503 #12514 #12584 #12596 #12637 #12660 #12696 #12716 #12750 #12787 #12858] refactor: NativeWindow
• [#11968] refactor: menu.popup()
• [#8953] feat: no longer use JSON to send the result of ipcRenderer.sendSync
• [#13039] feat: default to ignore command line arguments following a URL
• [#12004] refactor: rename api::Window to api::BrowserWindow
• [#12679] feat: visual zoom now turned off by default
• [#12408] refactor: rename app-command media-play_pause to media-play-pause

macOS​

• [#12093] feat: workspace notifications support
• [#12496] feat: tray.setIgnoreDoubleClickEvents(ignore) to ignore tray double click events.
• [#12281] feat: mouse forward functionality on macOS
• [#12714] feat: screen lock / unlock events

Windows​

• [#12879] feat: added DIP to/from screen coordinate conversions

Nota Bene: Switching to an older version of Electron after running this version will require you to clear out your user data directory to avoid older versions crashing. You can get the user data directory by running console.log(app.getPath("userData")) or see docs for more details.

Bug Fixes​

• [#13397] fix: issue with fs.statSyncNoException throwing exceptions
• [#13476, #13452] fix: crash when loading site with jquery
• [#14092] fix: crash in net::ClientSocketHandle destructor
• [#14453] fix: notify focus change right away rather not on next tick

MacOS​

• [#13220] fix: issue allowing bundles to be selected in <input file="type"> open file dialog
• [#12404] fix: issue blocking main process when using async dialog
• [#12043] fix: context menu click callback
• [#12527] fix: event leak on reuse of touchbar item
• [#12352] fix: tray title crash
• [#12327] fix: non-draggable regions
• [#12809] fix: to prevent menu update while it's open
• [#13162] fix: tray icon bounds not allowing negative values
• [#13085] fix: tray title not inverting when highlighted
• [#12196] fix: Mac build when enable_run_as_node==false
• [#12157] fix: additional issues on frameless windows with vibrancy
• [#13326] fix: to set mac protocol to none after calling app.removeAsDefaultProtocolClient
• [#13530] fix: incorrect usage of private APIs in MAS build
• [#13517] fix: tray.setContextMenu crash
• [#14205] fix: pressing escape on a dialog now closes it even if defaultId is set

Linux​

• [#12507] fix: BrowserWindow.focus() for offscreen windows

Other Notes​

• PDF Viewer is currently not working but is being worked on and will be functional once again soon
• TextField and Button APIs are experimental and are therefore off by default
  • They can be enabled with the enable_view_api build flag

接下来

The Electron team continues to work on defining our processes for more rapid and smooth upgrades as we seek to ultimately maintain parity with the development cadences of Chromium, Node, and V8.

Electron now uses GN to build itself. Here's a discussion of why.

GYP and GN

当Electron于2013年首次发布时，Chromium的构建配置是用 GYP编写的，短于“生成你的项目”。

2014年， Chromium项目引入了一个新的构建配置工具，叫做 GN (简称“生成 Ninja”)，Chromium的构建文件被迁移到GN ，GYP 被从源代码中删除。

Electron 历史上一直保持主 Electron 代码 和 libchromiumcontent之间的分离， 对 Chromium 的 'content' 子模块的 Electron 部分。 Electron has carried on using GYP, while libchromiumcontent -- as a subset of Chromium -- switched to GN when Chromium did.

Like gears that don't quite mesh, there was friction between using the two build systems. Maintaining compatibility was error-prone, from compiler flags and #defines that needed to be meticulously kept in sync between Chromium, Node, V8, and Electron.

To address this, the Electron team has been working on moving everything to GN. Today, the commit to remove the last of the GYP code from Electron was landed in master.

What this means for you

If you're contributing to Electron itself, the process of checking out and building Electron from master or 4.0.0 is very different than it was in 3.0.0 and earlier. See the GN build instructions for details.

If you're developing an app with Electron, there are a few minor changes you might notice in the new Electron 4.0.0-nightly; but more than likely, Electron's change in build system will be totally transparent to you.

What this means for Electron

GN is faster than GYP and its files are more readable and maintainable. Moreover, we hope that using a single build configuration system will reduce the work required to upgrade Electron to new versions of Chromium.

• It's already helped development on Electron 4.0.0 substantially because Chromium 67 removed support for MSVC and switched to building with Clang on Windows. With the GN build, we inherit all the compiler commands from Chromium directly, so we got the Clang build on Windows for free!

• It's also made it easier for Electron to use BoringSSL in a unified build across Electron, Chromium, and Node -- something that was problematic before.

A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions (3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15). 这个脆弱性已经被分配到CVE标识符 CVE-2018-15685。

Affected Platforms​

You are impacted if:

1. You embed any remote user content, even in a sandbox
2. You accept user input with any XSS vulnerabilities

详细信息

You are impacted if any user code runs inside an iframe / can create an iframe. Given the possibility of an XSS vulnerability it can be assumed that most apps are vulnerable to this case.

You are also impacted if you open any of your windows with the nativeWindowOpen: true or sandbox: true option. Although this vulnerability also requires an XSS vulnerability to exist in your app, you should still apply one of the mitigations below if you use either of these options.

Mitigation​

We've published new versions of Electron which include fixes for this vulnerability: 3.0.0-beta.7, 2.0.8, 1.8.8, and 1.7.16. We urge all Electron developers to update their apps to the latest stable version immediately.

If for some reason you are unable to upgrade your Electron version, you can protect your app by blanket-calling event.preventDefault() on the new-window event for all webContents'. If you don't use window.open or any child windows at all then this is also a valid mitigation for your app.

mainWindow.webContents.on('new-window', (e) => e.preventDefault());

If you rely on the ability of your child windows to make grandchild windows, then a third mitigation strategy is to use the following code on your top level window:

const enforceInheritance = (topWebContents) => {
  const handle = (webContents) => {
    webContents.on(
      'new-window',
      (event, url, frameName, disposition, options) => {
        if (!options.webPreferences) {
          options.webPreferences = {};
        }
        Object.assign(
          options.webPreferences,
          topWebContents.getLastWebPreferences(),
        );
        if (options.webContents) {
          handle(options.webContents);
        }
      },
    );
  };
  handle(topWebContents);
};

enforceInheritance(mainWindow.webContents);

This code will manually enforce that the top level windows webPreferences is manually applied to all child windows infinitely deep.

Further Information​

This vulnerability was found and reported responsibly to the Electron project by Matt Austin of Contrast Security.

要了解更多关于维护您的 Electron 应用安全的最佳做法，请参阅我们的 安全教程。

If you wish to report a vulnerability in Electron, email security@electronjs.org.

Electron 网站有一个搜索引擎，可以提供 API 文档、教程、Electron 相关的 npm 包等查询结果。

学习像 Electron 这样的新技术或框架可能有点令人生畏。 当您学习完快速开始部分后，寻找最佳实践、正确的 API 或者合适的辅助工具可能会有点困难。 我们希望 Electron 网站成为帮助您寻找开发资料的更好工具。

访问 electronjs.org 的任意页面，您便可以在页面顶端找到搜索框。

搜索引擎​

起初我们为网站添加搜索时，我们使用了自己的，基于 GraphQL 的后端。 GraphQL 很有趣，并且搜索的效率很高，但我们很快认识到构建搜索引擎只是很基础的一部分。 像多词搜索和错别字检测等特性需要大量工作才能完成。 与其重复造轮子，我们决定使用现有的方案：Algolia。

Algolia 是一个托管的搜索服务，已经很快成为不少热门开源项目（如 React，Vue，Bootstrap，Yarn 等等）的选择。

以下特性让 Algolia 很适合 Electron 官网的搜索任务：

• InstantSearch.js 在您输入时提供实时搜索结果，延迟通常在 1 ms 之内。
• 输入容忍度 让您在输入 [widnow] 等错别字时也能获得结果。
• 高级查询语法 允许您使用 "exact quoted matches" 和 -exclusion 等语句。
• API 客户端 是开源的，并有大量文档。
• 分析 帮助我们了解人们经常搜索的内容，以及哪些缺失的内容需要补充。 这将为我们提供有关如何改进 Electron 文档的宝贵见解。
• Algolia 对开源项目 免费。

API 文档​

有时你知道_你想要完成什么_ ，但你不完全知道_如何做_。 Electron 拥有超过 750 个 API 方法、事件和属性。 没有人能够轻易地记住所有这些，但计算机在这件事上很擅长。 通过 Electron 的 JSON API 文档，我们将所有这些数据编入了 Algolia 。 现在你可以轻松地找到你想要的 API。

尝试调整窗口大小？ 搜索 [调整大小] 并直接跳转到您需要的方法。

教程​

Electron 的教程正在逐步丰富，以跟进它的 API 文档。 现在你可以更容易地找到关于某个主题的教程，以及相关的 API 文档。

寻找安全方面的最佳实践？ 搜索 [security]。

npm 包​

目前 npm 注册表中有超过 70 万个包，找到所需的包并不总是容易。 为了更容易地寻找这些依赖包，我们创建了 electron-npm-packages 这个集合，包含 3400 余个专为 Electron 编写的依赖项目。

Libraries.io 的工作者们做了 SourceRank，可以基于一系列指标（如代码、社区、文档、用法等）对开源项目进行评分。 我们创建了一个 [sourceranks] 模块，它包含了在 npm 注册表中每个模块的分数。 并且我们 使用这些分数来排序包结果。

想要 Electron 的内置 IPC 模块的替代品吗？ 搜索 is:package ipc。

Electron 应用​

使用 Algolia 索引数据很容易，所以我们添加了 GitHub 的 electron/apps 中的项目。

尝试搜索 [音乐] 或 [自制程序]。

Filtering Results​

如果你以前使用过 GitHub 的代码搜索功能，你可能知道它的键 - 值过滤用法，如 extension:js 或 user:defunkt 。 我们认为这种机制很有用，因此我们添加了一个 is: 关键词到 Electron 网站的搜索引擎中，帮助你筛选结果的类型：

• is:api thumbnail
• is:tutorial security
• is:package ipc
• is:app graphql

快捷键​

人们喜欢键盘快捷键！ 新的搜索可以让你手不离键盘：

• / 聚焦到搜索输入框
• Esc 聚焦到搜索输入框并清除内容
• ↓ 移动到下一个结果
• ↑ 移动到之前的结果，或搜索内容
• Enter 打开结果

我们已经将这个模块开源了。 它被设计成与 Algolia InstantSearch 一起使用，但是也为不同的搜索实现做了兼容。

我们希望得到您的反馈​

如果你在使用新的搜索工具时遇到了任何问题，我们希望了解它们！

提交反馈的最佳方式是在 GitHub 的对应仓库中提交 issue：

• electron/electronjs.org 是 Electron 的网站。 如果你不知道某个问题应该在哪提 issue，可以在这里提出。
• electron/algolia-indices 是 Electron 的可搜索的数据被编译的地方。
• electron/search-with-your-keyboard 提供了通过快捷键导航搜索的功能。
• algolia/instantsearch.js 是一个浏览器端的插件，提供在输入时实时获取结果的功能。
• algolia/algoliasearch-client-javascript 是用于将数据提交到 Algolia 服务器的 Node.js 客户端。

谢谢！​

特别感谢 Emily Jordan 和 Vanessa Yuen 编写了这些搜索工具，感谢 Libraries.io 提供 SourceRank 评分，以及感谢 Algolia 团队。 🍹

Ever since the launch of the new internationalized Electron website, we have been working hard to make the Electron development experience even more accessible to developers outside of the English speaking world.

So here we are with some exciting i18n updates!

🌐 Language Toggle​

Did you know that many people who read translated documentation often cross reference that with the original English documentation? They do this to familiarize themselves with English docs, and to avoid outdated or inaccurate translations, which is one caveat of internationalized documentations.

To make cross-referencing to English docs easier, we recently shipped a feature that allows you to seamlessly toggle a section of the Electron documentation between English and whatever language you're viewing the website in. The language toggle will show up as long as you have a non-English locale selected on the website.

⚡️ Quick Access to Translation Page​

Notice a typo or an incorrect translation while you're reading the documentation? You no longer have to log in to Crowdin, pick your locale, find the file you'd like the fix, etc etc. Instead, you can just scroll down to the bottom of the said doc, and click "Translate this doc" (or the equivalent in your language). Voila! You are brought straight to the Crowdin translation page. Now apply your translation magic!

📈 Some Statistics​

Ever since we have publicized the Electron documentation i18n effort, we have seen huge growth in translation contributions from Electron community members from all around the world. To date, we have 1,719,029 strings translated, from 1,066 community translators, and in 25 languages.

Here is a fun graph showing the approximate amount of time needed to translate the project into each language if the existing tempo (based on the project activity during the last 14 days at the time of writing) is preserved.

📃 Translator Survey​

We would like to give a huge ❤️ thank you ❤️ to everyone who has contributed their time to help improving Electron! In order to properly acknowledge the hard work of our translator community, we have created a survey to collect some information (namely the mapping between their Crowdin and Github usernames) about our translators.

If you are one of our incredible translators, please take a few minutes to fill this out: https://goo.gl/forms/b46sjdcHmlpV0GKT2.

🙌 Node's Internationalization Effort​

Because of the success of Electron's i18n initiative, Node.js decided to model their revamped i18n effort after the pattern we use as well! 🎉 The Node.js i18n initiative has now been launched and gained great momentum, but you can stil read about the early proposal and reasoning behind it here.

🔦 Contributing Guide​

If you're interested in joining our effort to make Electron more international friendly, we have a handy-dandy contributing guide to help you get started. Happy internationalizing! 📚

经过四个多月的开发，八个测试版发布，和世界范围内的测试来自许多应用的分级发布，Electron 2.0.0 现在可从 electronjs.org 下载。

发布流程​

從 2.0.0 開始，Electron 會按照語意版本控制來發布. This means the major version will bump more often and will usually be a major update to Chromium. Patch releases should be more stable because they will contain only high-priority bug fixes.

Electron 2.0.0 also represents an improvement to how Electron is stabilized before a major release. Several large scale Electron apps have included 2.0.0 betas in staged rollouts, providing the best feedback loop Electron's ever had for a beta series.

Changes / New Features​

• Major bumps to several important parts of Electron's toolchain, including Chrome 61, Node 8.9.3, V8 6.1.534.41, GTK+ 3 on Linux, updated spellchecker, and Squirrel.
• In-app purchases are now supported on MacOS. #11292
• New API for loading files. #11565
• New API to enable/disable a window. #11832
• New API app.setLocale(). #11469
• New support for logging IPC messages. #11880
• New menu events. #11754
• Add a shutdown event to powerMonitor. #11417
• Add affinity option for gathering several BrowserWindows into a single process. #11501
• Add the ability for saveDialog to list available extensions. #11873
• Support for additional notification actions #11647
• The ability to set macOS notification close button title. #11654
• Add conditional for menu.popup(window, callback)
• Memory improvements in touchbar items. #12527
• Improved security recommendation checklist.
• Add App-Scoped Security scoped bookmarks. #11711
• Add ability to set arbitrary arguments in a renderer process. #11850
• Add accessory view for format picker. #11873
• Fixed network delegate race condition. #12053
• Drop support for the mips64el arch on Linux. Electron requires the C++14 toolchain, which was not available for that arch at the time of the release. We hope to re-add support in the future.

Breaking API changes​

• Removed deprecated APIs, including:
  • Changed menu.popup signature. #11968
  • Removed deprecated crashReporter.setExtraParameter #11972
  • Removed deprecated webContents.setZoomLevelLimits and webFrame.setZoomLevelLimits. #11974
  • Removed deprecated clipboard methods. #11973
  • Removed support for boolean parameters for tray.setHighlightMode. #11981

Bug Fixes​

• Changed to make sure webContents.isOffscreen() is always available. #12531
• Fixed BrowserWindow.getFocusedWindow() when DevTools is undocked and focused. #12554
• Fixed preload not loading in sandboxed render if preload path contains special chars. #12643
• Correct the default of allowRunningInsecureContent as per docs. #12629
• Fixed transparency on nativeImage. #12683
• Fixed issue with Menu.buildFromTemplate. #12703
• Confirmed menu.popup options are objects. #12330
• Removed a race condition between new process creation and context release. #12361
• Update draggable regions when changing BrowserView. #12370
• Fixed menubar toggle alt key detection on focus. #12235
• Fixed incorrect warnings in webviews. #12236
• Fixed inheritance of 'show' option from parent windows. #122444
• Ensure that getLastCrashReport() is actually the last crash report. #12255
• Fixed require on network share path. #12287
• Fixed context menu click callback. #12170
• Fixed popup menu position. #12181
• Improved libuv loop cleanup. #11465
• Fixed hexColorDWORDToRGBA for transparent colors. #11557
• Fixed null pointer dereference with getWebPreferences api. #12245
• Fixed a cyclic reference in menu delegate. #11967
• Fixed protocol filtering of net.request. #11657
• WebFrame.setVisualZoomLevelLimits now sets user-agent scale constraints #12510
• Set appropriate defaults for webview options. #12292
• Improved vibrancy support. #12157 #12171 #11886
• Fixed timing issue in singleton fixture.
• Fixed broken production cache in NotifierSupportsActions()
• Made MenuItem roles camelCase-compatible. #11532
• Improved touch bar updates. #11812, #11761.
• Removed extra menu separators. #11827
• Fixed Bluetooth chooser bug. Closes #11399.
• Fixed macos Full Screen Toggle menu item label. #11633
• Improved tooltip hiding when a window is deactivated. #11644
• Migrated deprecated web-view method. #11798
• Fixed closing a window opened from a browserview. #11799
• Fixed Bluetooth chooser bug. #11492
• Updated to use task scheduler for app.getFileIcon API. #11595
• Changed to fire console-message event even when rendering offscreen. #11921
• Fixed downloading from custom protocols using WebContents.downloadURL. #11804
• Fixed transparent windows losing transparency when devtools detaches. #11956
• Fixed Electron apps canceling restart or shutdown. #11625

macOS​

• Fixed event leak on reuse of touchbar item. #12624
• Fixed tray highlight in darkmode. #12398
• Fixed blocking main process for async dialog. #12407
• Fixed setTitle tray crash. #12356
• Fixed crash when setting dock menu. #12087

Linux​

• Better Linux desktop notifications. #12229 #12216 #11965 #11980
• Better GTK+ theme support for menus. #12331
• Exit gracefully on linux. #12139
• Use the app’s name as the tray icon's default tooltip. #12393

Windows​

• Added Visual Studio 2017 support. #11656
• Fixed passing of exception to the system crash handler. #12259
• Fixed hiding tooltip from minimized window. #11644
• Fixed desktopCapturer to capture the correct screen. #11664
• Fixed disableHardwareAcceleration with transparency. #11704

接下来

Electron团队正在努力支持较新版本的Chromium, Node和 v8。 下一个版本号预计3.0.0-beta.1！

今天，我们发布了一个免费的、开源的托管更新 web服务 和配套的 npm 包，以便为开源 Electron 应用程序启用便捷的自动更新。 这使得应用程序开发人员能够花更少的时间考虑部署，而多去为用户提供高质量的体验。

让生活更轻松​

Electron有一个autoUpdater API，让应用程序能够从远程终端获取元数据以检查更新，可以在后台下载并且自动安装。

启用这些更新对许多Electron应用开发者来说是部署过程中一个繁琐的步骤，因为它需要部署一个 web 服务器并且这只是为了提供应用版本历史元数据。

今天我们公布了一个新的应用自动更新的解决方案。 如果你的Electron应用在公开的GitHub仓库中，并且你正在使用GitHub Releases发布构建版本，你可以使用这项服务向你的用户提供持续的应用更新。

使用新模块​

为了减少配置，我们创建了update-electron-app，一个npm模块，它与新的 update.electronjs.org web服务集成在一起。

安装模块

npm install update-electron-app

在您的应用程序的 main进程中的任何地方调用：

require('update-electron-app')();

搞定！ 该模块将在应用启动时检查更新，然后每10分钟检查一次。 当它发现有更新时，它将在后台自动下载，并在更新就绪时显示对话框。

迁移现有应用​

已经使用Electron的autoUpdater API的应用程序也可以使用这项服务。 为此，你可以定制update-electron-app模块，或者直接与update.electronjs.org集成。

可替代方案​

如果你使用electron-builder来打包你的应用，你可以使用它内置的更新程序。 有关详细信息，请参见electronic.build/auto-update。

如果你的应用是私人的，你可能需要部署属于你自己的更新服务器。 有很多开源工具可以做到这一点，包括Zeit的Hazel和Atlassian的Nucleus。 有关更多信息，请参阅部署一个更新服务器教程。

谢谢！​

感谢Julian Gruber帮助设计和构建这个简单且可扩展的web服务。 感谢Zeit的工作人员，他们提供了开源的Hazel服务，我们从中获得了设计灵感。 感谢Samuel Attard的代码评审。 感谢Electron社区帮助测试这项服务。

🌲 为 Electron 应用的美好未来干杯!

The new Electron 2.0 release line is packed with new features and fixes. One of the highlights from this new major version is a new inAppPurchase API for Apple's Mac App Store.

In-app purchases enable content or subscriptions to be purchased directly from within apps. This gives developers an easy way to embrace the freemium business model, wherein users pay nothing to download an app and are offered optional in-app purchases for premium features, additional content, or subscriptions.

The new API was added to Electron by community contributor Adrien Fery to enable in-app purchases in Amanote, a note-taking Electron app for lectures and conferences. Amanote is free to download and allows clear and structured notes to be added to PDFs, with features like mathematical formulae, drawings, audio recording, and more.

Since adding in-app purchase support to the Mac version of Amanote, Adrien has noted a 40% increase in sales!

入门指南​

The new inAppPurchase API has already landed in the latest Electron beta:

npm i -D electron@beta

The docs for the API can be found on GitHub, and Adrien has been kind enough to write a tutorial on how to use the API. To get started adding in-app purchases to your app, see the tutorial.

More improvements to the API are in the works, and will soon be landing in an upcoming Electron beta release.

Windows Could Be Next​

Up next, Adrien is hoping to open a new revenue channel for Amanote by adding support for Microsoft Store in-app purchases in Electron. Stay tuned for developments on that!