-
Notifications
You must be signed in to change notification settings - Fork 65
AVAILABLE_SECURITY_FIXES_GLOBAL_CHECK
AVAILABLE_SECURITY_FIXES_GLOBAL_CHECK - Detect if there are security patches available for your current Electron version
Electronegativity has a mechanism to automatically fetch the latest Electron releases along with their change logs from electron/releases. The repository is managed by the original @electron-bot and is updated every ten minutes. A new commit is published if any of the following change:
- number of Electron releases on GitHub
- number of Electron releases on npm
- npm
electron@betaversion - npm
electron@latestversion
The resulting releases.<etag>.json file is parsed by the AVAILABLE_SECURITY_FIXES_GLOBAL_CHECK, which determines whether the Electron version of the targeted application is missing the latest available security patches or if it can be regarded as safe.
In order to make this decision Electronegativity parses the changelog body of the newer versions, looking for the presence of [security] tags or Security sections.
Right now Electronegativity is using ELECTRON_VERSION_JSON_CHECK to infer the target's Electron version by parsing its package.json file. As suggested in #30, there may be other ways to detect it for already packed applications.
Not using the latest and safest version of Electron may expose the application to security risks.
Compare your Electron version with the latest Electron releases, looking for security patches.