Context Aware Native Module, Electron Context Isolation and Node Integration Support

[danielduan]

@pokusew I saw that you're making some changes in both the pcsclite module and here so I hope this helps.

Since Electron 14, there's been enhanced security around how native modules in node can interact with Electron renderer and main processes. Basically, to reduce the risk of external content loaded remotely from directly interacting with native and operating system level programs, the renderer process cannot access native modules and hardware by default, including the pcsclite module.

There's also been a change introduced to node that requires native modules to be context aware. Looks like the change was introduced here pokusew/node-pcsclite@3cbfdc3 but not published yet.

The native module pcsclite needs to be used inside the main process, and communicate with the renderer via the new IPC channels. But because IPC cannot reasonably stringify all bytecodes and errors, it makes it hard for us to work with nfc-pcsc or pcsclite.

The workaround and hack is to disable these new security mechanisms.

In the main.ts file, when the BrowserWindow object is created, we must enable nodeIntegration and disable contextIsolation so that native modules like pcsclite can be used in the same JS context.

mainWindow = new BrowserWindow({
    webPreferences: {
      webSecurity: false,
      nodeIntegration: true,
      contextIsolation: false,
    },
  });

In addition, most new Electron boilerplates and example projects require two different package.json files, one for the native modules specifically, and the other for everything else because the native modules need to be compiled and rebuilt separately per platform (Windows, Mac, Linux).

In the case of Electron React Boilerplate that I'm using, I've only gotten it to work in this very specific way.

• nfc-pcsc@0.8.1 is installed at the root package.json, pcsclite@1.0.1 (not @pokesew/pcsclite because the context aware change has not been published) is installed at the release/app/package.json for platform specific node binding compilation.
• use nfc-pcsc in the renderer process normally.
• disable check-native-dep.js because it will flag the native dependency @pokusew/pcsclite of nfc-pcsc and warn that it won't be included in the build
• import the pcsclite module in main.ts so the binding and node files are included into the build. most updated boilerplates only include .node binding files when into the main process for security purposes.

It also seems like the the original package your @pokesew/pcsclite was forked from has also been updated with some of your changes. I wonder if it makes sense to combine the two because it seems like the compiled native modules are more or less interchangeable. https://github.com/santigimeno/node-pcsclite