Hey,
I have been reading up on Electron best practices and the official docs recommend turning off nodeIntegration for any renderer that loads remote content.
In my app, I use a preload script to expose any node modules that I need in the renderer process. Everything else is handled via IPC.
nodeIntegration is not required in my app. Turning it off , however, breaks the app. It just doesn't launch.


I tried using a new project, disabled nodeIntegration and the error still appeared. There are few issues on Github about this and the solution is always
Enable nodeIntegration
Is this a bug or expected behavior?
Same question
Noticed the same when I tried to turn it off
Didn't realize this many people wanted this, thanks for letting me know. I think the issue is because I set the webpack target to electron-renderer. What do you guys think about adding a config option that will leave the target as default, allowing you to disable nodeIntegration?
Also, you will have to do this for spectron testing.
@nklayman I don't really understand What is the difference between a electron-main, electron-renderer or electron-preload? Perhaps it makes sense to set the exact target for each entry point?
@cawa-93 https://webpack.js.org/configuration/target/
The explanation isn't that clear though 馃槙
@nklayman I don't think setting it to default will fix it. The different entry points need different targets.
There is also the preload script that can contain require statements but it is located in a Vue folder.
Maybe introduce some configuration like this:
// vue.config.js
module.exports = {
pluginOptions: {
electronBuilder: {
entryPoints: {
main: {path: ... , target: ...},
preload: {path: ... , target: ...},
renderer: {path: ... , target: ...},
},
builderOptions: {
// options placed here will be merged with default configuration and passed to electron-builder
}
}
}
}
nodeIntegration is now disabled by default on the v2.0.0 beta, and can be configured.
that sounds great. is preload added by default?
for the reference, secure-electron-template Is one project in react that tries to collect all secure practices for electron in one place. I think having a default example for IPC would help as well.
@Sparkenstein I created #742 to collect some security recommendations that can be implemented in v2.0 and described in a new documentation section. Can you please repost your comment there for better tracking? Thanks!
Most helpful comment
nodeIntegrationis now disabled by default on the v2.0.0 beta, and can be configured.