What I really wish is that these Electron apps could share a common instance of Chromium. That would help the memory consumption issue a lot, but I'm not sure how to implement it best.
Often they can, if they don't use certain features not yet encapsulated in webapps.
Most of it is about trust, and you'll see certain web APIs built around asking for permission to access the camera, or image files or whatever.
Desktop apps often can't really trust each other. It's not a problem right now, but if you could XSS something into a game or social app which, with user-level permissions on your desktop could remote-control (for example click-simulating) your electron banking app, that would be really bad. Just a contrived example, but with great power comes great exploitability.
Couldn't they just run like a regular website, except be available offline? Then you could just open it up in your browser, so only one instance of Chrome/Firefox is used. Not sure how hard it would be to allow electron apps to run like that, but it seems like they are basically just websites as it is, given that they run on Chromium, maybe it would be harder for them to work with the OS filesystem though.
For the electron apps I use, they are generally available online as a website anyways, so I just use that, and get the whole common instance thing for free.
Well, Electron is essentially a server and chromium, so there should also be a way to execute nodejs code inside the browser then... which would break sandboxing.
I think this isn’t really a problem of Electron, but more to Chromium.
We bundle python inside the binary and it’s fine. I don’t think I’ll hate command line programs that embed nodejs inside the binary.
It’s the Chromium that’s problematic, and just by switching Chromium to the native WebView will make Electron apps much, much more lightweight.
