¡Electron 20.0.0 ha sido liberado! Incluye actualizaciones a Chromium 104, V8 10.4, y Node.js 16.15.0. ¡Lea a continuación para más detalles!

El equipo de Electron esta emocionado de anunciar el lanzamiento de Electron 20.0.0! You can install it with npm via npm install electron@latest or download it from our releases website. Continue reading for details about this release and please share any feedback you have!

Electron 21 and later will have the V8 Memory Cage enabled, with implications for some native modules.

In Electron 21, we will be enabling V8 sandboxed pointers in Electron, following Chrome's decision to do the same in Chrome 103. This has some implications for native modules. Also, we previously enabled a related technology, pointer compression, in Electron 14. We didn't talk about it much then, but pointer compression has implications for the maximum V8 heap size.

These two technologies, when enabled, are significantly beneficial for security, performance and memory usage. However, there are some downsides to enabling them, too.

The main downside of enabling sandboxed pointers is that ArrayBuffers which point to external ("off-heap") memory are no longer allowed. This means that native modules which rely on this functionality in V8 will need to be refactored to continue working in Electron 20 and later.

The main downside of enabling pointer compression is that the V8 heap is limited to a maximum size of 4GB. The exact details of this are a little complicated—for example, ArrayBuffers are counted separately from the rest of the V8 heap, but have their own limits.

The Electron Upgrades Working Group believes that the benefits of pointer compression and the V8 memory cage outweigh the downsides. There are three main reasons for doing so:

1. It keeps Electron closer to Chromium. The less Electron diverges from Chromium in complex internal details such as V8 configuration, the less likely we are to accidentally introduce bugs or security vulnerabilities. Chromium's security team is formidable, and we want to make sure we are taking advantage of their work. Further, if a bug only affects configurations that aren't used in Chromium, fixing it is not likely to be a priority for the Chromium team.
2. It performs better. Pointer compression reduces V8 heap size by up to 40% and improves CPU and GC performance by 5%–10%. For the vast majority of Electron applications which won't bump into the 4GB heap size limit and don't use native modules that require external buffers, these are significant performance wins.
3. It's more secure. Some Electron apps run untrusted JavaScript (hopefully following our security recommendations!), and for those apps, having the V8 memory cage enabled protects them from a large class of nasty V8 vulnerabilities.

Lastly, there are workarounds for apps that really need a larger heap size. For example, it is possible to include a copy of Node.js with your app, which is built with pointer compression disabled, and move the memory-intensive work to a child process. Though somewhat complicated, it is also possible to build a custom version of Electron with pointer compression disabled, if you decide you want a different trade-off for your particular use case. And lastly, in the not-too-distant future, wasm64 will allow apps built with WebAssembly both on the Web and in Electron to use significantly more than 4GB of memory.

Preguntas más frecuentes​

How will I know if my app is impacted by this change?​

Attempting to wrap external memory with an ArrayBuffer will crash at runtime in Electron 20+.

If you don't use any native Node modules in your app, you're safe—there's no way to trigger this crash from pure JS. This change only affects native Node modules which allocate memory outside of the V8 heap (e.g. using malloc or new) and then wrap the external memory with an ArrayBuffer. This is a fairly rare use case, but some modules do use this technique, and such modules will need to be refactored in order to be compatible with Electron 20+.

How can I measure how much V8 heap memory my app is using to know if I'm close to the 4GB limit?​

In the renderer process, you can use performance.memory.usedJSHeapSize, which will return the V8 heap usage in bytes. In the main process, you can use process.memoryUsage().heapUsed, which is comparable.

What is the V8 memory cage?​

Some documents refer to it as the "V8 sandbox", but that term is easily confusable with other kinds of sandboxing that happen in Chromium, so I'll stick to the term "memory cage".

There's a fairly common kind of V8 exploit that goes something like this:

1. Find a bug in V8's JIT engine. JIT engines analyze code in order to be able to omit slow runtime type checks and produce fast machine code. Sometimes logic errors mean it gets this analysis wrong, and omits a type check that it actually needed—say, it thinks x is a string, but in fact it's an object.
2. Abuse this confusion to overwrite some bit of memory inside the V8 heap, for instance, the pointer to the beginning of an ArrayBuffer.
3. Now you have an ArrayBuffer that points wherever you like, so you can read and write any memory in the process, even memory that V8 normally doesn't have access to.

The V8 memory cage is a technique designed to categorically prevent this kind of attack. The way this is accomplished is by not storing any pointers in the V8 heap. Instead, all references to other memory inside the V8 heap are stored as offsets from the beginning of some reserved region. Then, even if an attacker manages to corrupt the base address of an ArrayBuffer, for instance by exploiting a type confusion error in V8, the worst they can do is read and write memory inside the cage, which they could likely already do anyway. There's a lot more available to read on how the V8 memory cage works, so I won't go into further detail here—the best place to start reading is probably the high-level design doc from the Chromium team.

I want to refactor a Node native module to support Electron 21+. How do I do that?​

There are two ways to go about refactoring a native module to be compatible with the V8 memory cage. The first is to copy externally-created buffers into the V8 memory cage before passing them to JavaScript. This is generally a simple refactor, but it can be slow when the buffers are large. The other approach is to use V8's memory allocator to allocate memory which you intend to eventually pass to JavaScript. This is a bit more involved, but will allow you to avoid the copy, meaning better performance for large buffers.

To make this more concrete, here's an example N-API module that uses external array buffers:

// Create some externally-allocated buffer.
// |create_external_resource| allocates memory via malloc().
size_t length = 0;
void* data = create_external_resource(&length);
// Wrap it in a Buffer--will fail if the memory cage is enabled!
napi_value result;
napi_create_external_buffer(
    env, length, data,
    finalize_external_resource, NULL, &result);

This will crash when the memory cage is enabled, because data is allocated outside the cage. Refactoring to instead copy the data into the cage, we get:

size_t length = 0;
void* data = create_external_resource(&length);
// Create a new Buffer by copying the data into V8-allocated memory
napi_value result;
void* copied_data = NULL;
napi_create_buffer_copy(env, length, data, &copied_data, &result);
// If you need to access the new copy, |copied_data| is a pointer
// to it!

This will copy the data into a newly-allocated memory region that is inside the V8 memory cage. Optionally, N-API can also provide a pointer to the newly-copied data, in case you need to modify or reference it after the fact.

Refactoring to use V8's memory allocator is a little more complicated, because it requires modifying the create_external_resource function to use memory allocated by V8, instead of using malloc. This may be more or less feasible, depending on whether or not you control the definition of create_external_resource. The idea is to first create the buffer using V8, e.g. with napi_create_buffer, and then initialize the resource into the memory that has been allocated by V8. It is important to retain a napi_ref to the Buffer object for the lifetime of the resource, otherwise V8 may garbage-collect the Buffer and potentially result in use-after-free errors.

¡Electron 19.0.0 ha sido liberado! Incluye actualizaciones a Chromium 102, V8 10.2y Node.js 16.14.2. ¡Lea a continuación para más detalles!

El equipo de Electron esta emocionado de anunciar el lanzamiento de Electron 19.0.0! You can install it with npm via npm install electron@latest or download it from our releases website. Continue reading for details about this release and please share any feedback you have!

Electron Release Cadence Change​

The project is returning to its earlier policy of supporting the latest three major versions. See our versioning document for more detailed information about Electron versioning and support. This had temporarily been four major versions to help users adjust to the new release cadence that began in Electron 15. You can read the full details here.

Electron está cambiando su S3 bucket principal, es posible que debas actualizar tus scripts de construcción

¿Qué está pasando?

A significant amount of Electron's build artifacts are uploaded to an S3 bucket called gh-contractor-zcbenz. As part of ongoing infrastructure/ownership migrations that started way back in 2020, we will be changing everything that used gh-contractor-zcbenz from its old home in S3 to a new storage system hosted at https://artifacts.electronjs.org. The path prefix that most of our assets use is changing slightly as well. Los ejemplos se incluyen a continuación:

Before: https://gh-contractor-zcbenz.s3.amazonaws.com/atom-shell/dist/v17.0.0/node.lib After: https://artifacts.electronjs.org/headers/dist/v17.0.0/node.lib

The important things here are the Hostname changed and the /atom-shell prefix changed. Another example, this time for debug symbols:

Before: https://gh-contractor-zcbenz.s3.amazonaws.com/atom-shell/symbols/path/to/symbol.pdb After: https://artifacts.electronjs.org/symbols/path/to/symbol.pdb

Again, the hostname changed and the /atom-shell prefix was changed.

¿Cómo puede influir en ti?

Anyone using standard build tooling such as electron-rebuild, electron-packager or @electron/get won't have to do anything. This should be the majority of people.

For anyone directly referencing the S3 bucket, you must update your reference to point at the hostname and update the path as well.

¿Qué pasa con los datos existentes?

Most data that existed on the gh-contractor-zcbenz bucket has been cloned into the new storage system. This means all debug symbols and all headers have been copied. If you relied on some data in that bucket that hasn't been copied over please raise an issue in electron/electron and let us know.

The current gh-contractor-zcbenz S3 bucket will not be actively deleted. However, we can't guarantee how long that bucket will be left alive. We strongly recommend updating to target the new bucket as soon as possible.

¡Electron 18.0.0 ha sido liberado! Incluye actualizaciones a Chromium 100, V8 10.0y Node.js 16.13.2. ¡Lea a continuación para más detalles!

El equipo de Electron esta emocionado de anunciar el lanzamiento de Electron 18.0.0! You can install it with npm via npm install electron@latest or download it from our releases website. Continue reading for details about this release and please share any feedback you have!

Electron Release Cadence Change​

As of Electron 15, Electron will release a new major stable version every 8 weeks. You can read the full details here.

Additionally, Electron has changed supported versions from latest three versions to latest four versions until May 2022. See our versioning document for more detailed information about versioning in Electron. After May 2022, we will return to supporting latest three versions.

Notable Changes​

• Added ses.setCodeCachePath() API for setting code cache directory. #33286
• Removed the old BrowserWindowProxy-based implementation of window.open. This also removes the nativeWindowOpen option from webPreferences. #29405
• Added 'focus' and 'blur' events to WebContents. #25873
• Added Substitutions menu roles on macOS: showSubstitutions, toggleSmartQuotes, toggleSmartDashes, toggleTextReplacement. #32024
• Added a first-instance-ack event to the app.requestSingleInstanceLock() flow, allowing users to seamlessly transmit data from the first instance to the second instance. #31460
• Added support for more color formats in setBackgroundColor. #33364

Vea la notas de lanzamiento 18.0.0 para la lista completa de nuevas características y cambios.

¡El equipo de Electrón está encantado de anunciarles que por primera vez en este año estaremos en el Google Summer of Code!

¿Qué es Google Summer of Code?​

Google Summer of Code (GSoC) celebrado cada año, es un programa de mentorías que busca conectar proyectos de código abierto con futuros posibles colaborares. Anteriormente solo era abierto para estudiantes, ahora cualquier persona mayor de 18 años puede registrarse en Google Summer of Code.

Para obtener más información, consulte Summer of Code.

¿Cómo me registro?​

¿Estás interesado en colaborar con Electrón? ¡Si eres un colaborador novato o principiante en el código abierto, le damos la bienvenida a su solicitud!

Para ser seleccionado como colaborador de Electron para Google Summer of Code, deberá enviar una solicitud. Las solicitudes se abrirán el 4 de abril de 2022 y se cerrarán el 19 de abril de 2022. Puedes seguir las actualizaciones de Google: las directrices de aplicación de verano de código aquí.

¿Quieres presentar tu candidatura? Primero, revisa los cinco borradores de ideas de proyecto que hemos preparado. Todas las ideas de la lista están actualmente abiertas a propuestas. También estamos abiertos a aceptar nuevas ideas que no estén en la lista de proyectos propuestos.

Su solicitud debe incluir:

• Tu propuesta, que es un documento escrito que describe en detalle lo que planeas conseguir en el transcurso del verano.
• Su experiencia como desarrollador. Si tiene un currículum vitae, incluya una copia; de lo contrario, háblenos de su experiencia anterior haciendo hincapié en la experiencia técnica relevante.

Aquí encontrará una guía detallada de lo que debe presentar como parte de su solicitud Electron.

También puedes leer la guía oficial de estudiantes/colaboradores de GSoC para obtener consejos importantes sobre cómo preparar tu propuesta.

Si quieres hablar sobre propuestas de proyectos o tienes alguna pregunta, ¡ven a nuestro canal de Discord #gsoc-general!

Referencias​

• Guía de propuesta de Electron
• Electron GitHub
• Documento de ideas del proyecto
• Google Summer of Code Student/Contributor Guide

¡Electron 17.0.0 ha sido liberado! Incluye actualizaciones a Chromium 98, V8 9.8y Node.js 16.13.0. ¡Lea a continuación para más detalles!

El equipo de Electron esta emocionado de anunciar el lanzamiento de Electron 17.0.0! You can install it with npm via npm install electron@latest or download it from our releases website. Continue reading for details about this release and please share any feedback you have!

Electron Release Cadence Change​

As of Electron 15, Electron will release a new major stable version every 8 weeks. You can read the full details here.

Additionally, Electron has changed supported versions from latest three versions to latest four versions until May 2022. See our versioning document for more detailed information about versioning in Electron. After May 2022, we will return to supporting latest three versions.

Notable Changes​

• Added webContents.getMediaSourceId(), can be used with getUserMedia to get a stream for a WebContents. #31204
• Deprecates webContents.getPrinters() and introduces webContents.getPrintersAsync(). #31023
• desktopCapturer.getSources is now only available in the main process. #30720

Vea la notas de lanzamiento 17.0.0 para la lista completa de nuevas características y cambios.

Spectron estará obsoleto el 1 de febrero de 2022.

Beginning in February 2022, Spectron will be officially deprecated by the Electron team.

Why Deprecate Spectron?​

While Spectron has consistently put out new releases for each new version of Electron, the project has had very little maintenance and improvements for well over a year, and currently has no full-time maintainers. With the remote module moving outside of Electron core and into an external module in Electron 14, Spectron will require a major rewrite to continue working reliably.

After reviewing several available options for Spectron's continued maintenance, the Electron team has decided to deprecate Spectron in 2022.

Deprecation Timeline​

The following is our planned deprecation timeline:

• November 2021 - January 2022: The Electron team will continue to accept pull requests from the community.
• January 2022: A final version of announcement warning about Spectron's deprecation will be released.
• February 1, 2022: Spectron's repo will be marked as "archived". No more pull requests will be accepted.

Following February 1st, 2022, Electron will continue to leave the Spectron repo up indefinitely, so that others are welcome to fork or use the existing code for their projects. We hope this will help provide a longer transition to any projects that may still depend on Spectron.

Alternatives to Spectron​

If you're currently using Spectron in your project and would like to migrate to an alternative testing solution, you can read our guide for automated testing here.

We currently have several other recommended alternatives to Spectron, including Playwright and WebDriverIO. Official tutorials for each option can be found in our Automated Testing documentation.

¿Y ahora, qué?​

We here on the Electron team appreciate you using Spectron and Electron. We understand that many of you depend on Spectron for testing your apps, and we want to make this transition as painless for you as possible. Thank you for choosing Electron!

¡Electron 16.0.0 ha sido liberado! Incluye actualizaciones a Chromium 96, V8 9.6y Node.js 16.9.1. ¡Lea a continuación para más detalles!

El equipo de Electron esta emocionado de anunciar el lanzamiento de Electron 16.0.0! You can install it with npm via npm install electron@latest or download it from our releases website. Continue reading for details about this release and please share any feedback you have!

Electron Release Cadence Change​

As of Electron 15, Electron will release a new major stable version every 8 weeks. You can read the full details here.

Additionally, Electron has changed supported versions from latest three versions to latest four versions until May 2022. See our versioning document for more detailed information about versioning in Electron. After May 2022, we will return to supporting latest three versions.

Notable Changes​

• Now supports the WebHID API. #30213
• Add data parameter to app.requestSingleInstanceLock to share data between instances. #30891
• Pass securityOrigin to media permissions request handler. #31357
• Add commandLine.removeSwitch. #30933

Vea la notas de lanzamiento 16.0.0 para la lista completa de nuevas características y cambios.

El proyecto de Electron realizará una pausa para el mes de diciembre de 2021, para después regresar a toda velocidad en enero de 2022.

vía GIPHY

Lo que será igual en diciembre​

1. Los lanzamientos de día cero y los lanzamientos principales relacionados con la seguridad se publicarán según sea necesario. Los incidentes de seguridad se deben reportar a través de SECURITY.md.
2. Los reportes del Código de Conducta y moderación continuarán.

Lo que será diferente en diciembre​

1. No se publicarán versiones estables o de prueba en diciembre. No se publicarán las versiones anticipadas durante las últimas dos semanas de diciembre.
2. Con algunas excepciones, no se realizará la revisión o fusión de pull requests.
3. No se actualizará el rastreador de incidencias en ningún repositorio.
4. No se ayudará con la depuración en Discord por parte de los encargados.
5. No se publicarán actualizaciones de contenido en las redes sociales.

¿Por qué sucede esto?​

En resumen, mientras los mantedores están felices y conectados con el proyecto, EL MUNDO ESTÁ CANSADO. Diciembre es un mes tranquilo para la mayoría de las compañías, por lo que queremos darle a los mantenedores una oportunidad de recargar. Animamos a otros proyectos a considerar medidas similares.

¿Debo preocuparme por el futuro de Electron?​

No. Somos capaces de tomar este paso porque el proyecto se encuentra en buena forma. Todos esperan el 2022 y ¡esperamos que vengan buenas cosas!