“Because Electron applications are web applications running in the Chromium engine, they may be vulnerable to web-related attacks such as cross-site scripting attacks”
" Electron applications have been criticized for containing very significant overhead due to their Chromium dependency. Compared to native applications of similar functionality, Electron applications take up much more storage and RAM while being slower and providing a non-native user interface."
For example, I’m considering Fluent Reader (perhaps the flatpak), a " Modern desktop RSS reader built with Electron, React, and Fluent UI" but don’t want to install an insecure and bloated app on my new PureOS system.
What are opinions out there on the Electron framework?
From a Javascript developer’s point of view Electron/Cordova apps are great. It’s very easy to get a powerful program up and running without having to get into “real” programming languages and mess around with horrible things like pointers and garbage collection
From a user’s point of view such apps can feel sluggish and bloated compared to native apps, although if your machine is sufficiently capable and the app isn’t too heavy this might not be an issue.
I don’t know much about the security side of things.
Security isn’t an intangible thing that programs possess or not. You must always consider what threat you are trying to protect against. In your case, what threats are you concerned about with the RSS reader that the Electron app might not be able to protect you from?
From a user perspective I’d prefer native apps, from a developer perspective Electron apps. They are much easier and faster to develop but consume a high amount of resources. Signal for example is sluggy as hell, whereas VS Code/Codium is relatively fast.
Especially keeping mobile phones in mind, Electron apps should be avoided…
I made an app for my Android phone using Cordova. When I came to write version 2 I was going to do it as a native app. I’m very glad I didn’t, because otherwise I’d have to rewrite it again for use with my PinePhone.
I’m using Cordova which is similar to Electron but for mobiles. Cordova recently added an Electron exporter though so I’m going to try it for running on my PinePhone when I have time.
Those here that like Electron from a developers perspective… probably never tried QtQuick.
I mean… replace the cumbersome HTML with easy-to-read QML, keep the JS part, and have A LOT of advanced, ready made components (transitions, animations, particles, location, …)
And should ever JS be a bottleneck… add some lines of C++.
(And of course, save some app size and RAM)
I’d like avoid any browser-based risk exposure in an RSS reader. In my experience many RSS readers have in-app browsers with limited functionality. I don’t have the technical knowledge to know if a “web application” running in Chromium like Fluent Reader would present additional risk along those lines. It also originates from a city in a country that is active in cyber operations and has a somewhat small dev team. (I don’t want to necessarily dismiss it outright based on the location of the dev, though).
Thanks, I’m currently using NewsFlash and like it quite a bit but then ran across Fluent which I was curious about. There are a couple of little things with NewsFlash that I still can’t figure such as out how to see my entire list of feeds whether they have news items or not.
Thanks for all comments. RE performance it seems that varies across Electron apps and I’d just need to run the app on my computer to see how it performs. Still not sure about security/privacy from a “web application” running in Chromium.
