electron

mirror of https://github.com/electron/electron.git synced 2026-05-02 03:00:22 -04:00

Go to file

trop[bot] 2d943ef610 feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

* feat: support WebAuthn Touch ID platform authenticator on macOS

Adds `app.configureWebAuthn({ touchID: { keychainAccessGroup } })` to enable
the Secure Enclave platform authenticator for `navigator.credentials`.
Credentials are stored under the app-supplied keychain access group with a
per-session metadata secret that is generated on first use and persisted in
prefs.

Also introduces `ElectronAuthenticatorRequestClientDelegate` and wires it via
`ContentBrowserClient::GetWebAuthenticationRequestDelegate()` so that
discoverable-credential `get()` calls with multiple matches emit a new
`select-webauthn-account` session event instead of DCHECK-failing in the base
delegate. If no listener is registered (or the callback is invoked with no
credential), the request is cancelled with NotAllowedError rather than
silently auto-selecting.

Tests use the DevTools virtual authenticator so the account-selection flow is
exercised in CI without entitlements or real hardware.

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* fix: register request delegate as FidoRequestHandlerBase observer

The base AuthenticatorRequestClientDelegate::StartObserving() is a no-op, so
observer() on the request handler stayed null. MakeCredentialRequestHandler::
SpecializeRequestForAuthenticator dereferences observer()->SupportsPIN() when
residentKey is 'preferred', crashing with SEGV when a real FIDO2 HID key is
dispatched.

Override StartObserving/StopObserving to register via a ScopedObservation like
ChromeAuthenticatorRequestDelegate does. Added a virtual-authenticator
regression test for create() with residentKey: 'preferred'.

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* chore: update copyright attribution for new webauthn files

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* fix: address review feedback on webauthn account-select event

- Encode credentialId and userHandle as URL-safe base64 without padding so
  the values match PublicKeyCredential.id from navigator.credentials.get()
  byte-for-byte; tests now assert the equality rather than transcoding.
- Cancel the pending request when the listener invokes the callback with a
  credentialId that does not match any account, instead of leaving the
  request hanging while the listener retries. The TypeError still surfaces
  so the misuse remains visible to the developer.
- DCHECK that the Touch ID config helpers run on the UI thread, encoding
  the threading invariant the read-then-write metadata-secret pref relies
  on.

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* fix: oxfmt formatting in webauthn spec

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* fix: use out-param form of base::Base64UrlEncode

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* fix: silently cancel webauthn account select on unknown credentialId

Throwing back into the listener bubbles up as an unhandled exception in
the main process. Match the no-args branch exactly so the listener sees a
single consistent failure mode (cancel + NotAllowedError) whether it
declines deliberately or by mistake.

Co-authored-by: Samuel Attard <sattard@anthropic.com>

* chore: node script/lint.js --js --fix

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Samuel Attard <sattard@anthropic.com>
Co-authored-by: Charles Kerr <charles@charleskerr.com>

2026-05-01 11:15:13 -04:00

.claude

chore: add Phase Three (node smoke tests) to Node.js upgrade skill (#51185 )

2026-04-21 10:46:56 +02:00

.devcontainer

ci: Wayland test job, helpers, and app spec (#49908 )

2026-02-25 14:51:13 -05:00

.github

ci: backport secondary siso patch (#51388 )

2026-04-29 15:00:17 -04:00

.husky

build(deps-dev): bump husky and lint-staged (#47291 )

2025-06-05 20:23:55 +02:00

.yarn

build: use Yarn JsZipImpl for node-modules link to fix arm32 OOM (#51230 )

2026-04-22 12:27:08 +02:00

build

fix: include permission element string resources in locale paks (#51374 )

2026-04-29 18:00:03 -05:00

buildflags

build: add flag for setting vendor version (#41247 )

2024-02-06 14:23:17 -08:00

chromium_src

chore: bump chromium to 148.0.7768.0 (42-x-y) (#50781 )

2026-04-07 15:30:18 -04:00

default_app

fix: remove decorateURL from default_app (#50897 )

2026-04-11 09:47:45 +02:00

docs

feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

2026-05-01 11:15:13 -04:00

lib

feat: add Notification.getHistory() for macOS (#51123 )

2026-04-22 11:25:24 -07:00

npm

build: restrict npm tarball contents to an explicit allowlist (#51308 )

2026-04-24 10:42:56 -04:00

patches

fix: make macOS text replacement work on contenteditable (#51344 )

2026-04-27 16:13:24 -04:00

script

build: drop script/run-gn-format.py (#51283 )

2026-04-23 14:52:10 +02:00

shell

feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

2026-05-01 11:15:13 -04:00

spec

feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

2026-05-01 11:15:13 -04:00

typings

feat: add Notification.getHistory() for macOS (#51123 )

2026-04-22 11:25:24 -07:00

.autofix.markdownlint-cli2.jsonc

chore: use markdownlint-cli2 directly for linting Markdown (#42192 )

2024-05-15 14:44:46 -04:00

.clang-format

Add clang-format config file.

2016-10-04 22:42:49 +02:00

.clang-tidy

chore: fix clang-tidy warnings (#38079 )

2023-04-26 10:09:54 -04:00

.dockerignore

build: remove unused install-build-deps (#26891 )

2020-12-09 09:26:21 -08:00

.env.example

chore: remove remaining references to AppVeyor (#45339 )

2025-02-07 12:57:36 +01:00

.eslintrc.json

build: add import/order eslint rule (#44085 )

2024-10-02 19:10:44 -07:00

.git-blame-ignore-revs

chore: add ignore revs file for GH blame UI (#33171 )

2022-03-07 18:40:28 -08:00

.gitattributes

build: use github actions for windows (#44136 )

2024-12-12 11:51:24 -05:00

.gitignore

test: add interactive macOS dialog tests (#50527 )

2026-03-27 08:21:08 -04:00

.lint-roller.json

chore: update @electron/lint-roller to 2.1.0 (#42078 )

2024-05-10 11:00:15 +02:00

.markdownlint-cli2.jsonc

docs: add Menu module tutorials (#47268 )

2025-07-15 15:09:32 -07:00

.nvmrc

build: bump version in .nvmrc to 22 (#48413 )

2025-10-08 14:21:55 -04:00

.yarnrc.yml

chore: Respect HTTP(S) proxy env variable for Yarn (#50351 )

2026-03-18 19:11:55 -04:00

BUILD.gn

feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

2026-05-01 11:15:13 -04:00

CLAUDE.md

chore: add Claude Code skill for Node.js upgrades (#50970 )

2026-04-11 22:05:15 -07:00

CODE_OF_CONDUCT.md

docs: ensure all links are on a single line (#42235 )

2024-05-28 11:15:18 -07:00

CONTRIBUTING.md

docs: added missing period for consistency and readability (#45333 )

2025-02-13 10:55:43 +01:00

DEPS

chore: bump chromium to 148.0.7778.56 (42-x-y) (#51299 )

2026-04-24 07:50:15 +02:00

filenames.auto.gni

feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

2026-05-01 11:15:13 -04:00

filenames.gni

feat: support WebAuthn Touch ID platform authenticator on macOS (#51411 )

2026-05-01 11:15:13 -04:00

filenames.hunspell.gni

chore: bump chromium to 144.0.7512.1 (main) (#48768 )

2025-11-07 10:13:45 -05:00

filenames.libcxx.gni

chore: bump chromium to 145.0.7596.0 (main) (#49224 )

2025-12-25 17:15:53 -06:00

filenames.libcxxabi.gni

chore: bump chromium to 117.0.5938.0 (main) (#39375 )

2023-08-15 10:49:41 -05:00

LICENSE

chore: update copyright headers (#27697 )

2021-02-12 15:22:41 -08:00

package.json

build: drop script/run-gn-format.py (#51283 )

2026-04-23 14:52:10 +02:00

README.md

docs: update macOS version support in README (#48785 )

2025-11-10 13:57:34 +01:00

SECURITY.md

docs: add security escalation policy (#48317 )

2025-10-08 15:19:07 -07:00

tsconfig.default_app.json

feat: I guess it's esm (#37535 )

2023-08-30 17:38:07 -07:00

tsconfig.electron.json

chore: fix ts config to not complain about extraneous files (#16790 )

2019-02-06 15:46:10 -08:00

tsconfig.json

build: drop @types/webpack-env in favor of webpack/module types (#47798 )

2025-08-08 18:09:23 -07:00

tsconfig.script.json

build: auto-push patch file changes (#26235 )

2020-10-29 14:21:23 -04:00

tsconfig.spec.json

test: drop now-empty remote runner (#35343 )

2022-08-16 15:23:13 -04:00

yarn.lock

build: replace npx with lockfile-pinned binaries (#50716 )

2026-04-06 10:03:00 -04:00

README.md

📝 Available Translations: 🇨🇳 🇧🇷 🇪🇸 🇯🇵 🇷🇺 🇫🇷 🇺🇸 🇩🇪. View these docs in other languages on our Crowdin project.

The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. It is based on Node.js and Chromium and is used by the Visual Studio Code and many other apps.

Follow @electronjs on Twitter for important announcements.

This project adheres to the Contributor Covenant code of conduct. By participating, you are expected to uphold this code. Please report unacceptable behavior to coc@electronjs.org.

Installation

To install prebuilt Electron binaries, use npm. The preferred method is to install Electron as a development dependency in your app:

npm install electron --save-dev

For more installation options and troubleshooting tips, see installation. For info on how to manage Electron versions in your apps, see Electron versioning.

Platform support

Each Electron release provides binaries for macOS, Windows, and Linux.

macOS (Monterey and up): Electron provides 64-bit Intel and Apple Silicon / ARM binaries for macOS.
Windows (Windows 10 and up): Electron provides ia32 (x86), x64 (amd64), and arm64 binaries for Windows. Windows on ARM support was added in Electron 5.0.8. Support for Windows 7, 8 and 8.1 was removed in Electron 23, in line with Chromium's Windows deprecation policy.
Linux: The prebuilt binaries of Electron are built on Ubuntu 22.04. They have also been verified to work on:
- Ubuntu 18.04 and newer
- Fedora 32 and newer
- Debian 10 and newer

Electron Fiddle

Use Electron Fiddle to build, run, and package small Electron experiments, to see code examples for all of Electron's APIs, and to try out different versions of Electron. It's designed to make the start of your journey with Electron easier.

Resources for learning Electron

electronjs.org/docs - All of Electron's documentation
electron/fiddle - A tool to build, run, and package small Electron experiments
electronjs.org/community#boilerplates - Sample starter apps created by the community

Programmatic usage

Most people use Electron from the command line, but if you require electron inside your Node app (not your Electron app) it will return the file path to the binary. Use this to spawn Electron from Node scripts:

const electron = require('electron')
const proc = require('node:child_process')

// will print something similar to /Users/maf/.../Electron
console.log(electron)

// spawn Electron
const child = proc.spawn(electron)

Mirrors

China

See the Advanced Installation Instructions to learn how to use a custom mirror.

Documentation translations

We crowdsource translations for our documentation via Crowdin. We currently accept translations for Chinese (Simplified), French, German, Japanese, Portuguese, Russian, and Spanish.

Contributing

If you are interested in reporting/fixing issues and contributing directly to the code base, please see CONTRIBUTING.md for more information on what we're looking for and how to get started.

Community

Info on reporting bugs, getting help, finding third-party tools and sample apps, and more can be found on the Community page.

License

MIT

When using Electron logos, make sure to follow OpenJS Foundation Trademark Policy.

Languages

C++ 54.8%

TypeScript 34.6%

Objective-C++ 5.4%

JavaScript 2.4%

Python 1.7%

Other 1%