electron-builder packages with wrong electron binary version
- Version: 20.44.1
- Target: mac / snap / nsis/ appx ....
I have [email protected] installed but when I package, electron-builder downloads [email protected] which is not the version I developed and tested with. This may lead to very unfortunate bugs/incompatibilities.
Details:
electron-builder appears to rely on the electron version provided in package.json and ignores installed/locked versions.
A version string like ^5.0.0 can be understood as 5.0.0 >= allowed versions > 6.0.0.
Example
While version 5 is specified in package.json
"dependencies": {
"electron": "^5",
"electron-builder": "20.44.1"
}
The package manager may/will choose to install more recent packages:
yarn.lock
electron@5:
version "5.0.4"
resolved "https://registry.yarnpkg.com/electron/-/electron-5.0.4.tgz#2e0d09055363e983f4a73317cde4821c39617b02"
integrity sha512-7QaKorvANvP+azMT7wElx33oLlqw8QxmLs7/outfH7LC5amErk4EUtWDesQ6Zgr+s5pYFbykl8ZtJ4ZGXER05g==
dependencies:
"@types/node" "^10.12.18"
electron-download "^4.1.0"
extract-zip "^1.0.3"
yarn.lock or package-lock.json do reflect the actual used package versions.
The workaround is to set the specific electron version in the package.json dependencies, this is however not the way one normally uses the package manager since lock files exist. (and will most certainly interfere with greenkeeper and depandabot)
Just noticed this by accident, packaging using electron 5.0.0 and expecting 5.0.4 (since I specifically updated to 5.0.4) would have caused a lot of headaches.
thomasnordquist
All 4 comments
No, electron-builder checks installed version — see https://github.com/electron-userland/electron-builder/blob/fd86d92079c1b31aa54299cd44316867086968ad/packages/app-builder-lib/src/electron/electronVersion.ts#L23
Maybe you use custom project dir during build (that not equal to actual project dir, where node modules installed)?
develar
on 24 Jun 2019
You are correct, I use a fresh clone (from .git) to prepare builds in a subdirectory. (to prevent using a dirty workspace by accident)
After building I remove the devDependencies in this subdirectory with yarn install --production, electron-builder can no longer determine the electron version since electron itself is a dev dependency.
I can confirm that the issue does not occur when the dev-dependencies are present/installed.
thomasnordquist
on 24 Jun 2019
Another workaround for such build scripts: pass CLI arg -c.electronVersion or set config "electronVersion": "version".
develar
on 25 Jun 2019
If you are trying to upgrade to Electron 7.0, make sure your dev dependencies is like the following
"devDependencies": {
"electron": "7.0.0",
}
Notice it has to be 7.0.0 not ^7.0.0. The parser is poorly written.
sandeep1995
on 28 Oct 2019
Related issues
noahprince22
·
3Comments
lbssousa
·
3Comments
xingoxu
·
3Comments
jhg
·
3Comments
iklemm
·
3Comments
Most helpful comment
If you are trying to upgrade to Electron 7.0, make sure your dev dependencies is like the following
Notice it has to be
7.0.0not^7.0.0. The parser is poorly written.