Skip to main content

Windows

The top-level win key contains set of options instructing electron-builder on how it should build Windows targets. These options applicable for any Windows target.

Common Questions

How do delegate code signing?

Use sign option. Please also see why sign.js is called 8 times.

"win": {
  "signtoolOptions": {
    "sign": "./customSign.js"
  }
}

File customSign.js in the project root directory:

exports.default = async function(configuration) {
  // your custom code
}

How do use a custom verify function to enable nsis signature verification alternatives instead of powershell?

Use the verifyUpdateCodeSignature interface:

/**
*  return null if verify signature succeed
*  return error message if verify signature failed
*/
export type verifyUpdateCodeSignature = (publisherName: string[], path: string) => Promise<string | null>

Pass a custom verify function to the nsis updater. For example, if you want to use a native verify function, you can use win-verify-signature.

import { NsisUpdater } from "electron-updater"
import { verifySignatureByPublishName } from "win-verify-signature"
// Or MacUpdater, AppImageUpdater

export default class AppUpdater {
    constructor() {
        const options = {
            requestHeaders: {
                // Any request headers to include here
            },
            provider: 'generic',
            url: 'https://example.com/auto-updates'
        }

        const autoUpdater = new NsisUpdater(options)
        autoUpdater.verifyUpdateCodeSignature = (publisherName: string[], path: string) => {
            const result = verifySignatureByPublishName(path, publisherName);
            if(result.signed) return Promise.resolve(null);
            return Promise.resolve(result.message);
        }
        autoUpdater.addAuthHeader(`Bearer ${token}`)
        autoUpdater.checkForUpdatesAndNotify()
    }
}

How do create Parallels Windows 10 Virtual Machine?

!!! warning "Disable "Share Mac user folders with Windows"" If you use Parallels, you must not use "Share Mac user folders with Windows" feature and must not run installers from such folders.

You don't need to have Windows 10 license. Free is provided (expire after 90 days, but it is not a problem because no additional setup is required).

  1. Open Parallels Desktop.
  2. File -> New.
  3. Select "Modern.IE" in the "Free Systems".
  4. Continue, Continue, Accept software license agreement.
  5. Select "Microsoft Edge on Windows 10".
  6. The next steps are general, see Installing Windows on your Mac using Parallels Desktop from "Step 6: Specify a name and location".

Parallels Windows 10 VM will be used automatically to build AppX on macOS. No need even start VM — it will be started automatically on demand and suspended after build. No need to specify VM — it will be detected automatically (first Windows 10 VM will be used).

How do create VirtualBox Windows 10 Virtual Machine?

If you are not on macOS or don't want to buy Parallels Desktop, you can use free VirtualBox.

  1. Open Download virtual machines.
  2. Select "MSEdge on Win10 (x64) Stable".
  3. Select "VirtualBox" platform.
  4. Download. See installation instructions.

The password to your VM is Passw0rd!.

VirtualBox is not supported by electron-builder for now, so, you need to setup build environment on Windows if you want to use VirtualBox to build AppX (and other Windows-only tasks).

Configuration

Interface: WindowsConfiguration

Extends

Properties

appId?

readonly optional appId?: string | null

The application id. Used as CFBundleIdentifier for MacOS and as Application User Model ID for Windows (NSIS target only, Squirrel.Windows not supported). It is strongly recommended that an explicit ID is set.

Default

com.electron.${name}

Inherited from

PlatformSpecificBuildOptions.appId

artifactName?

readonly optional artifactName?: string | null

The artifact file name template. Defaults to ${productName}-${version}.${ext} (some target can have other defaults, see corresponding options).

Inherited from

PlatformSpecificBuildOptions.artifactName

asar?

readonly optional asar?: boolean | AsarOptions | null

Whether to package the application's source code into an archive, using Electron's archive format.

Node modules, that must be unpacked, will be detected automatically, you don't need to explicitly set asarUnpack - please file an issue if this doesn't work.

Default

true

Inherited from

PlatformSpecificBuildOptions.asar

asarUnpack?

readonly optional asarUnpack?: string | string[] | null

A glob patterns relative to the app directory, which specifies which files to unpack when creating the asar archive.

Inherited from

PlatformSpecificBuildOptions.asarUnpack

azureSignOptions?

readonly optional azureSignOptions?: WindowsAzureSigningConfiguration | null

Options for usage of Azure Trusted Signing service Cannot be used in conjunction with signtoolOptions, signing will default to Azure Trusted Signing

compression?

readonly optional compression?: CompressionLevel | null

The compression level. If you want to rapidly test build, store can reduce build time significantly. maximum doesn't lead to noticeable size difference, but increase build time.

Default

normal

Inherited from

PlatformSpecificBuildOptions.compression

defaultArch?

readonly optional defaultArch?: string

The default architecture to build for when no --arch flag is specified. Defaults to the current machine's architecture.

Inherited from

PlatformSpecificBuildOptions.defaultArch

detectUpdateChannel?

readonly optional detectUpdateChannel?: boolean

Whether to infer update channel from application version pre-release components. e.g. if version 0.12.1-alpha.1, channel will be set to alpha. Otherwise to latest. This does not apply to github publishing, which will never auto-detect the update channel.

Default

true

Inherited from

PlatformSpecificBuildOptions.detectUpdateChannel

disableDefaultIgnoredFiles?

optional disableDefaultIgnoredFiles?: boolean | null

Whether to exclude all default ignored files(https://www.electron.build/contents#files) and options. Defaults to false.

Default

false

Inherited from

PlatformSpecificBuildOptions.disableDefaultIgnoredFiles

electronLanguages?

readonly optional electronLanguages?: string | string[]

The electron locales to keep. By default, all Electron locales used as-is.

Inherited from

PlatformSpecificBuildOptions.electronLanguages

electronUpdaterCompatibility?

readonly optional electronUpdaterCompatibility?: string | null

The electron-updater compatibility semver range.

Inherited from

PlatformSpecificBuildOptions.electronUpdaterCompatibility

executableName?

readonly optional executableName?: string | null

The executable name. Defaults to productName Note: Except for Linux, where this would constitute a breaking change in previous behavior and lead to both invalid executable names and Desktop files. Ref comments in: https://github.com/electron-userland/electron-builder/pull/9068

Inherited from

PlatformSpecificBuildOptions.executableName

extraFiles?

optional extraFiles?: string | FileSet | (string | FileSet)[] | null

The same as extraResources but copy into the app's content directory (Contents for MacOS, root directory for Linux and Windows).

Inherited from

PlatformSpecificBuildOptions.extraFiles

extraResources?

optional extraResources?: string | FileSet | (string | FileSet)[] | null

A glob patterns relative to the project directory, when specified, copy the file or directory with matching names directly into the app's resources directory (Contents/Resources for MacOS, resources for Linux and Windows).

File patterns (and support for from and to fields) the same as for files.

Inherited from

PlatformSpecificBuildOptions.extraResources

fileAssociations?

readonly optional fileAssociations?: FileAssociation | FileAssociation[]

The file associations.

Inherited from

PlatformSpecificBuildOptions.fileAssociations

files?

optional files?: string | FileSet | (string | FileSet)[] | null

A glob patterns relative to the app directory, which specifies which files to include when copying files to create the package.

Defaults to:

[
"**/*",
"!**/node_modules/*/{CHANGELOG.md,README.md,README,readme.md,readme}",
"!**/node_modules/*/{test,__tests__,tests,powered-test,example,examples}",
"!**/node_modules/*.d.ts",
"!**/node_modules/.bin",
"!**/*.{iml,o,hprof,orig,pyc,pyo,rbc,swp,csproj,sln,xproj}",
"!.editorconfig",
"!**/._*",
"!**/{.DS_Store,.git,.hg,.svn,CVS,RCS,SCCS,.gitignore,.gitattributes}",
"!**/{__pycache__,thumbs.db,.flowconfig,.idea,.vs,.nyc_output}",
"!**/{appveyor.yml,.travis.yml,circle.yml}",
"!**/{npm-debug.log,yarn.lock,.yarn-integrity,.yarn-metadata.json}"
]

Development dependencies are never copied in any case. You don't need to ignore it explicitly. Hidden files are not ignored by default, but all files that should be ignored, are ignored by default.

Default pattern **/* is not added to your custom if some of your patterns is not ignore (i.e. not starts with !). package.json and **/node_modules/**/* (only production dependencies will be copied) is added to your custom in any case. All default ignores are added in any case — you don't need to repeat it if you configure own patterns.

May be specified in the platform options (e.g. in the mac).

You may also specify custom source and destination directories by using FileSet objects instead of simple glob patterns.

[
{
 "from": "path/to/source",
 "to": "path/to/destination",
 "filter": ["**/*", "!foo/*.js"]
}
]

You can use file macros in the from and to fields as well. from and to can be files and you can use this to rename a file while packaging.

Inherited from

PlatformSpecificBuildOptions.files

forceCodeSigning?

readonly optional forceCodeSigning?: boolean

Whether to fail if app will be not code signed.

Default

false

Inherited from

PlatformSpecificBuildOptions.forceCodeSigning

generateUpdatesFilesForAllChannels?

readonly optional generateUpdatesFilesForAllChannels?: boolean

Please see Building and Releasing using Channels.

Default

false

Inherited from

PlatformSpecificBuildOptions.generateUpdatesFilesForAllChannels

icon?

readonly optional icon?: string | null

The path to application icon.

Default

build/icon.ico

Overrides

PlatformSpecificBuildOptions.icon

legalTrademarks?

readonly optional legalTrademarks?: string | null

The trademarks and registered trademarks.

protocols?

readonly optional protocols?: Protocol | Protocol[]

The URL protocol schemes.

Inherited from

PlatformSpecificBuildOptions.protocols

publish?

optional publish?: Publish

Publisher configuration. See Auto Update for more information.

Inherited from

PlatformSpecificBuildOptions.publish

releaseInfo?

readonly optional releaseInfo?: ReleaseInfo

The release info. Intended for command line usage:

-c.releaseInfo.releaseNotes="new features"

Inherited from

PlatformSpecificBuildOptions.releaseInfo

requestedExecutionLevel?

readonly optional requestedExecutionLevel?: RequestedExecutionLevel | null

The security level at which the application requests to be executed. Cannot be specified per target, allowed only in the win.

Default

asInvoker

signAndEditExecutable?

readonly optional signAndEditExecutable?: boolean

Whether to sign and add metadata to executable via resedit. Metadata includes information about the app name/description/version, publisher, copyright, etc. This property also is responsible for adding the app icon and setting execution level. Set to false only if you need to fully disable resedit-based resource editing. To skip only code signing while keeping resource editing, use signExecutable: false instead.

Default

true

signExecutable?

readonly optional signExecutable?: boolean

Whether to sign Windows executables and any additional files matched by signExts. Set to false to skip Windows code signing while still editing executable resources (icon, metadata, etc. via resedit). This option is not limited to the main executable edit/sign flow and can also affect signing of Windows installers or other artifacts that use the standard signing path.

Default

true

signExts?

readonly optional signExts?: string[] | null

Explicit file name/extensions (str.endsWith) to also sign. Advanced option. Supports negative patterns, e.g. example that excludes .appx files: ["somefilename", ".dll", "!.appx"].

See

https://github.com/electron-userland/electron-builder/issues/7329

Default

null

signtoolOptions?

readonly optional signtoolOptions?: WindowsSigntoolConfiguration | null

Options for usage with signtool.exe Cannot be used in conjunction with azureSignOptions, signing will default to Azure Trusted Signing

target?

readonly optional target?: TargetConfigType

The target package type: list of nsis, nsis-web (Web installer), portable ([portable]https://www.electron.build/nsis#portable) app without installation), appx, msi, msi-wrapped, squirrel, 7z, zip, tar.xz, tar.lz, tar.gz, tar.bz2, dir. AppX package can be built only on Windows 10.

To use Squirrel.Windows please install electron-builder-squirrel-windows dependency.

Default

nsis

Overrides

PlatformSpecificBuildOptions.target

verifyUpdateCodeSignature?

readonly optional verifyUpdateCodeSignature?: boolean

Whether to verify the signature of an available update before installation. The publisher name will be used for the signature verification.

Default

true