What is Electron and why is it so controversial? - ITPro

It’s also safe to say that not everyone loves it – as demonstrated by the reaction on Twitter. “I’m suddenly in need of a new password manager,” wrote Mac developer Bryan Jones after downloading the 1Password update. Coder Tom Morris said: “It has been a bad week if you like software that is high performance, low memory usage, and not hideously ugly.” Penetration tester Vetle Hjelle put it even more bluntly, branding it “a punch to the gut”. Clearly, some developers love Electron, while many others hate it – but why is Electron so divisive? … “Talk about bloatware,” says software developer Sam Strachan, who points to how two Electron apps he uses regularly – Postman and GitHub Desktop. Both have temporary files that clock in at around a gigabyte each. “In some ways, it just doesn't matter these days, because who notices a gigabyte here and there? But when you stop and think that, actually, you could write the same app [natively], it would be like a couple of megabytes.” There is then a trade-off, as each Electron requires its own Chromium back-end, so if you’re running, say, Slack, GitHub Desktop and Visual Studio Code at the same time, it’s effectively running three copies of Chrome at once. “I usually work with powerful machines so they are not as noticeable, but I can imagine most people with average computers really suffer if they open multiple Electron apps,” says Federico Terzi, a software engineer who’s had his own experience building cross-platform apps such as Espanso, a text expander. Choosing Electron impacts users differently. “I think Electron is mostly loved by developers rather than users,” Terzi continues. ... ## Might Electron pose a cyber security risk? There’s another layer to Terzi’s concerns. He worries Electron apps, by nature, aren’t as secure as native apps, which could have significant implications for apps such as password managers. “The biggest problem with Electron applications is that you build them using JavaScript,” he says. As JavaScript is often open source and used all over the web, the applications are often built using many different packages – building blocks of code that have been written by other people. If you want your app to show a graph, for example, instead of going to the trouble of writing your own graph-drawing code, it’s much easier to use an off-the-shelf graph drawing package inside your app – and that package becomes a dependency the app requires to run. It makes development much quicker, but it does have one drawback. “An average application can download thousands of those dependencies, because each dependency has other dependencies, which each have other dependencies, and so on,” says Terzi. This creates what Terzi describes as “dependency hell”. … ## Money is the main reason Electron is surging Security and bloat aside, Electron is clearly popular. So, what’s motivating the trend for Electron? Why are major apps such as 1Password switching to the framework when there's so many conceivable drawbacks? “For a company, it's a no-brainer to choose an Electron app,” says Terzi. “They can reuse the web developers they have in-house to build a desktop application. And if you go with native applications, the skills that are needed are completely different, and it’s usually harder to find developers.”