-
Notifications
You must be signed in to change notification settings - Fork 68
Features Wishlist
Proposals of new features and/or ideas on Electronegativity:
-
Find a way to detect Electron's version from a packaged application missing the
package.json
file. This would be an atomic check like the already existing ElectronVersionJSONCheck.js, working with AvailableSecurityFixesGlobalCheck.js to detect available security patches; -
Implement eslint-scope to make variable scoping working with TypeScript sources (see this comment on #40);
-
Introduce a global check to detectadded in 71acdd84HTTPResourcesJS/HTML
+nodeIntegration
/sandbox
; -
Introduce a global check to check ifnever the case,sandbox
is enabled along withnodeIntegration
;sandbox
disablesnodeIntegration
in every version of Electron -
Introduce a flag to print only the relative path of the files' findings (e.g.Added in v1.3.0 as--code-review
);-r
-
Get a beautifier option for obfuscated sources -
Have a different table display settings like
npm audit
. This would allow us to show the description of the finding and also fix every table formatting issue! -
Improve the
CERTIFICATE_ERROR_EVENT_JS_CHECK
confidence/severity by also checking the callback true/false -
Review
setImmediate
to limit the number ofDANGEROUS_FUNCTIONS_JS_CHECK
-
Compare Electron version with flags not explicitly set.
-
Split nodeIntegrationJSCheck in 3 distinct checks: nodeIntegration, nodeIntegrationInWorker, nodeIntegrationInSubFrames.
-
Design a method to group webPreferences properties by BrowserWindows
-
Design a SecureSettingsGlobalCheck used to warn the auditor if the application does not use all the available webpreferences security settings in a secure way.
-
Everything else labeled as "Enhancement" on the Github issues list;