Electron Desktop Applications

Quick Guide: Electron apps run two process types: a main process (Node.js, manages windows and system APIs) and renderer processes (Chromium, one per window). All communication between them flows through IPC via a preload script that uses contextBridge to expose a minimal, typed API surface. Never disable contextIsolation. Never enable nodeIntegration in renderers. Package with Electron Forge or Electron Builder. Auto-update via autoUpdater (Squirrel on macOS/Windows) or electron-updater for all platforms.

<critical_requirements>

CRITICAL: Before Using This Skill

All code must follow project conventions in CLAUDE.md (kebab-case, named exports, import ordering, import type, named constants)

(You MUST keep contextIsolation: true (the default) -- disabling it exposes the entire preload scope to untrusted renderer code)

(You MUST use contextBridge.exposeInMainWorld() in preload scripts -- never expose ipcRenderer directly)

(You MUST NOT enable nodeIntegration: true in any BrowserWindow -- it gives renderers full Node.js access, which is a critical security vulnerability)

(You MUST validate and sanitize ALL data received via IPC in the main process -- treat renderer messages as untrusted input)