Generate secure main process and preload script boilerplate with proper context isolation, IPC patterns, and security best practices for Electron applications
Generate secure Electron main process and preload scripts with proper context isolation, secure IPC patterns, and comprehensive security best practices. This skill creates production-ready boilerplate that follows Electron security guidelines.
main.js/main.ts) with proper window configuration{
"type": "object",
"properties": {
"projectPath": {
"type": "string",
"description": "Path to the Electron project root"
},
"language": {
"enum": ["javascript", "typescript"],
"default": "typescript"
},
"features": {
"type": "array",
"items": {
"enum": [
"contextIsolation",
"sandbox",
"csp",
"ipcChannels",
"permissionHandler",
"protocolHandler",
"deepLinking",
"autoUpdater",
"tray",
"multiWindow"
]
},
"default": ["contextIsolation", "sandbox", "csp", "ipcChannels"]
},
"ipcChannels": {
"type": "array",
"items": {
"type": "object",
"properties": {
"name": { "type": "string" },
"direction": { "enum": ["toMain", "toRenderer", "bidirectional"] },
"description": { "type": "string" },
"requestSchema": { "type": "object" },
"responseSchema": { "type": "object" }
},
"required": ["name", "direction"]
},
"description": "Define IPC channels for the application"
},
"windowConfig": {
"type": "object",
"properties": {
"width": { "type": "number", "default": 1200 },
"height": { "type": "number", "default": 800 },
"minWidth": { "type": "number" },
"minHeight": { "type": "number" },
"frame": { "type": "boolean", "default": true },
"transparent": { "type": "boolean", "default": false },
"titleBarStyle": { "enum": ["default", "hidden", "hiddenInset", "customButtonsOnHover"] }
}
},
"cspPolicy": {
"type": "object",
"properties": {
"defaultSrc": { "type": "array", "items": { "type": "string" } },
"scriptSrc": { "type": "array", "items": { "type": "string" } },
"styleSrc": { "type": "array", "items": { "type": "string" } },
"imgSrc": { "type": "array", "items": { "type": "string" } },
"connectSrc": { "type": "array", "items": { "type": "string" } }
}
}
},
"required": ["projectPath"]
}
{
"type": "object",
"properties": {
"success": { "type": "boolean" },
"files": {
"type": "array",
"items": {
"type": "object",
"properties": {
"path": { "type": "string" },
"type": { "enum": ["main", "preload", "types", "utils"] },
"description": { "type": "string" }
}
}
},
"securityChecklist": {
"type": "array",
"items": {
"type": "object",
"properties": {
"check": { "type": "string" },
"status": { "enum": ["implemented", "recommended", "optional"] },
"details": { "type": "string" }
}
}
},
"warnings": { "type": "array", "items": { "type": "string" } }
},
"required": ["success", "files"]
}
src/
main/
main.ts # Main process entry point
ipc-handlers.ts # IPC handler implementations
window-manager.ts # Multi-window management (optional)
protocol-handler.ts # Custom protocol registration (optional)
permission-handler.ts # Permission request handling
preload/
preload.ts # Preload script with contextBridge
api.ts # Exposed API definitions
shared/
ipc-channels.ts # IPC channel definitions
types.ts # Shared TypeScript types
import { app, BrowserWindow, session, ipcMain } from 'electron';
import path from 'path';
// Security: Disable remote module (deprecated but check)
app.disableHardwareAcceleration(); // Optional: for headless environments
function createWindow(): BrowserWindow {
const mainWindow = new BrowserWindow({
width: 1200,
height: 800,
webPreferences: {
// Security settings
nodeIntegration: false, // Never enable in production
contextIsolation: true, // Always enable
sandbox: true, // Enable sandbox
webSecurity: true, // Keep enabled
allowRunningInsecureContent: false,
preload: path.join(__dirname, 'preload.js'),
},
});
// Content Security Policy
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
callback({
responseHeaders: {
...details.responseHeaders,
'Content-Security-Policy': [
"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'"
]
}
});
});
// Permission handling
session.defaultSession.setPermissionRequestHandler((webContents, permission, callback) => {
const allowedPermissions = ['clipboard-read', 'notifications'];
callback(allowedPermissions.includes(permission));
});
return mainWindow;
}
import { contextBridge, ipcRenderer } from 'electron';
// Define allowed channels
const VALID_CHANNELS = {
toMain: ['save-file', 'open-dialog', 'app-settings'],
fromMain: ['file-saved', 'update-available', 'settings-changed'],
} as const;
type ToMainChannel = typeof VALID_CHANNELS.toMain[number];
type FromMainChannel = typeof VALID_CHANNELS.fromMain[number];
// Expose protected methods via contextBridge
contextBridge.exposeInMainWorld('electronAPI', {
// Send to main process (one-way)
send: (channel: ToMainChannel, data: unknown) => {
if (VALID_CHANNELS.toMain.includes(channel)) {
ipcRenderer.send(channel, data);
}
},
// Invoke main process and wait for response
invoke: async <T>(channel: ToMainChannel, data?: unknown): Promise<T> => {
if (VALID_CHANNELS.toMain.includes(channel)) {
return ipcRenderer.invoke(channel, data);
}
throw new Error(`Invalid channel: ${channel}`);
},
// Subscribe to main process events
on: (channel: FromMainChannel, callback: (...args: unknown[]) => void) => {
if (VALID_CHANNELS.fromMain.includes(channel)) {
const subscription = (_event: Electron.IpcRendererEvent, ...args: unknown[]) =>
callback(...args);
ipcRenderer.on(channel, subscription);
// Return unsubscribe function
return () => {
ipcRenderer.removeListener(channel, subscription);
};
}
return () => {};
},
// One-time listener
once: (channel: FromMainChannel, callback: (...args: unknown[]) => void) => {
if (VALID_CHANNELS.fromMain.includes(channel)) {
ipcRenderer.once(channel, (_event, ...args) => callback(...args));
}
},
});
// types/electron-api.d.ts
export interface ElectronAPI {
send: (channel: string, data: unknown) => void;
invoke: <T>(channel: string, data?: unknown) => Promise<T>;
on: (channel: string, callback: (...args: unknown[]) => void) => () => void;
once: (channel: string, callback: (...args: unknown[]) => void) => void;
}
declare global {
interface Window {
electronAPI: ElectronAPI;
}
}
| Security Measure | Status | Details |
|---|---|---|
| Context Isolation | Required | Always set contextIsolation: true |
| Node Integration | Required | Always set nodeIntegration: false |
| Sandbox | Recommended | Set sandbox: true for renderer |
| Web Security | Required | Never disable webSecurity |
| CSP Headers | Recommended | Strict Content Security Policy |
| Remote Module | Required | Ensure enableRemoteModule: false |
| IPC Validation | Required | Whitelist and validate all IPC channels |
| Protocol Handlers | Recommended | Register custom protocols securely |
| Permission Handler | Recommended | Control permission requests |
| Navigation Guard | Recommended | Restrict navigation to trusted origins |
ipcRenderer directly - Always use channel whitelistingelectron-builder-config - Build configurationelectron-ipc-security-audit - Audit IPC implementationselectron-auto-updater-setup - Auto-update configurationelectron-architect - Electron architecture expertisedesktop-security-auditor - Security auditing