Comment by koito17

Comment by koito17 3 days ago

35 replies

View on Hacker News

Looks like a thin wrapper around Tauri. The README doesn't do a good job at explaining why one should use this over Tauri itself.

From what I understand, this project attempts to implement a subset of the Electron API so that the library can act as a "drop-in replacement" for simple enough Electron apps. If this understanding is correct, then I think Electrico has the potential to significantly boost adoption of Tauri.

For those who don't know: Tauri is a collection of Rust libraries that allow using an operating system's "native web view" (WRY) and a Rust backend for the process backing a web view (there is an IPC layer between JS and Rust). The overall result is that, on Mac OS and Windows, one can distribute native executables without needing to bundle either Node.js or Chromium. There is no startup cost of loading Node.js, since a native Rust binary is used. As for the web view itself, startup tends to be faster than Chromium, since the libraries for e.g. WebKit are usually pre-loaded by the OS itself. Tauri apps have near-instant startup time, and I've found it to be a joy to use. The only downside is that the backend must be written in Rust. Electrico seems to help soften the learning curve by providing JavaScript APIs mirroring that of Electron.

Overall, nice project.

wruza 3 days ago

an operating system's "native web view" (WRY)

Isn’t that just a randomly abandoned version of something of uncertain origin, on average? Why would one want use it? I guess to save distribution space.

I don’t have a “top”-deps itch, but using an arbitrary webview sounds compatibility hell even to me.

Reply View 15 replies
  • WorldMaker 3 days ago

    At this point most operating systems are ahead of Electron on average, not behind it. Electron takes longer to bundle a new Chrome version than it should. Then it takes a while for applications to actually upgrade Electron versions because that includes the compatibility headaches of keeping up with all of Chrome changes, Node changes, and Electron API changes at the same time. Some apps are years behind on Electron today simply because they don't want the headache of rebuilding Node native dependencies or fixing Electron API breaks and think being on an old build of Chrome and the subsequent risk of unpatched security problems is an okay risk to take.

    There is still a long tail of versions you might encounter when using a (security supported OS), but for most Linux distros, macOS, and Windows the worst case in the long tail is now just 6 months behind. (You lose security support if you don't keep up with semiannual OS releases.) If you have reason such as a corporate overlord to also support LTS OSes the worst case is closer to 2 years depending on Unix distro. (Windows WebView2 remembers IE and still requires regular update cadence even on LTS Windows, so WebView2 on today's LTS Windows should still be closer to the 6 month mark than the 2 year mark if following Microsoft's LTS policies, staying within support, and not paying for more complicated LTS contracts.)

    It should be very easy with caniuse/MDN statistics to write web apps for any browser of the last six months. If you plan to support macOS you still need to support two (related like siblings) renderers as macOS wants you to use WebKit/Safari and everything else is Chromium in one way or another today, but testing on two browsers shouldn't be a showstopper for many (most?) apps. There are definitely Chrome-only APIs that might appeal to you in building an app, but at that point many of them you can polyfill with a native dependency (a Rust dependency in the Tauri world).

    Reply View 2 replies
    • esperent 2 days ago

      > Some apps are years behind on Electron today

      Could you give some examples? This seems like a potential security risk.

      Reply View 1 reply
      • jabwd 2 days ago

        Random output from my system:

        App Name: Microsoft Azure Storage Explorer.app Electron Version: 25.8.4 -n File Name: /Applications/Microsoft Azure Storage Explorer.app/Contents/Frameworks/Electron Framework.framework/Electron Framework -e App Name: MongoDB Compass.app Electron Version: 30.4.0 -n File Name: /Applications/MongoDB Compass.app/Contents/Frameworks/Electron Framework.framework/Electron Framework -e App Name: Obsidian.app Electron Version: 25.8.1 -n File Name: /Applications/Obsidian.app/Contents/Frameworks/Electron Framework.framework/Electron Framework

        And to answer your question: yes this is very much a security issue. There are many unpatched versions that are vulnerable to webp exploits, including chat apps (with the serious implications of that being obvious)

        Web devs shouldn't be allowed anywhere near native APIs.

        Reply View 0 replies
  • derefr 3 days ago

    The target you're thinking of with outdated OS webviews is probably Android. Tauri doesn't even support Android; it's a desktop framework.

    On both Windows and macOS, the "OS webview" is just a framework binding to the OS-shipped browser (i.e. Edge, Safari); and both Edge and Safari get updated with pretty much every release of the OS (which, in turn, are kept up-to-date in a pretty pushy way these days by Microsoft and Apple.)

    Also, in both of these cases, by relying on these OS webviews, you're "sharing" the renderer and other global context with the actual browser (if the user happens to use it), and with all other OS webviews on the machine — rather than each new app needing its own renderer and global context, wasting 1GB+ of memory per app and creating thousands of redundant files on disk for the app's own cache et al.

    It's really a pure win vs. Electron for these cases.

    On Linux, what you get depends on the distribution format. If distributed as a package, you get a dynamic binding to WebKitGtk — which requires the package manager to resolve and install this (and that might not work, if the distro doesn't ship that package.) If distributed as an .AppImage, you get a vendored-in copy of WebKitGtk — which is basically the same as what you get from Electron.

    Reply View 3 replies
    • NoahKAndrews 2 days ago

      On modern mainstream Android devices, the Webview is based on chromium and regularly updated through the play store

      Reply View 1 reply
      • derefr 2 days ago

        What do you qualify as a "modern mainstream Android device"?

        I think the median Android device out there in the world today — just by sheer volume of them produced — is probably a "Welcome" phone with a MediaTek 6580 chipset and a faked-capacity SD card; i.e. hardware that couldn't possibly run any Android version made in the last six years.

        (Such phones could in theory run Android Go... but they often don't, because these devices are often running non-Google-Play-Store AOSP derivatives — and there's no un-Googled version of Android Go.)

        Reply View 0 replies
  • afavour 3 days ago

    Not really. MacOS’s webview is kept relatively up to date with whatever version of Safari is current when the OS is released. Webview2 on Windows receives regular updates via Windows Update.

    You encounter the exact same compatibility issues you would on the web, with a somewhat slower uptake to new versions. Not ideal but entirely manageable.

    > why would one want to use it

    Primarily because (last I checked, anyway) any app using Electron has to bundle its own version of Chromium, which is massive. It also means each Electron-powered app is totally ignorant of the other, resulting in a lot of duplication and unnecessary memory usage. When you use the system webview you have minimal bulk and resources can be shared, as if they’re multiple tabs in one browser rather than each one being its own browser.

    Reply View 1 reply
  • Retr0id 3 days ago

    It might be a minor compatibility pain, but I don't think it'd be any worse than developing for the web in general.

    Reply View 3 replies
    • Sammi 3 days ago

      The alternative to Tauri isn't the web - it's Electron which has a specific Chrome version.

      One big reason people go for delivering their web apps through Electron is so they can guarantee that they are on a specific modern version of Chrome. This is something you lose with Tauri. You gain some tighter memory consumption, but you do trade one thing in for another.

      Reply View 2 replies
      • creshal 3 days ago

        > they are on a specific modern version of Chrome.

        For some value of "modern", usually "horrifyingly outdated".

        Reply View 0 replies
  • troyvit 3 days ago

    > I guess to save distribution space.

    Personally I'd agree with this. I'd also include saving the RAM of loading an independent version of Chrome for every electron app would be nice. Last, I never understood what version of chrome gets bundled with these electron apps. Is it more or less secure than WRY?

    Reply View 0 replies
DanielHB 3 days ago

From my understanding the main difference between electron and other WebView Containers (besides built-in APIs) is that electron runs your nodejs code in the same process as your browser code.

So there is no cross-process communication, true synchronous communication between browser and nodejs code, ability to communicate without copying memory and without serialization, etc. All these capabilities are essential if you do a lot of processing between the two sides. It is also why electron must bundle a browser (and its v8 engine) and can't rely on the OS browser like other solutions do (which might not be v8 or might be the wrong version of v8).

From my understanding this is not the case of any other WebView wrappers tech (Tauri, Wails). Which makes them unsuitable for some kinds of applications (invoking a function cross-process is extremely slow).

I am not sure how correct I am with these claims as I never did a lot of electron. If you have a deeper insight I am quite curious about the topic.

Reply View 15 replies
  • koito17 3 days ago

    In the case of Electron, there is a "main process" that is a Node.js process. This process has the capability to spawn "renderer processes", each browser window is a "renderer process". Through ipcMain and ipcRenderer, Node and Chromium have bidirectional comminication.

    I don't think renderer processes run Node. Per the documentation,

      [C]ode ran in renderer processes should behave according to web standards ... [T]he renderer has no direct access to require or other Node.js APIs
    https://www.electronjs.org/docs/latest/tutorial/process-mode...
    Reply View 4 replies
    • killcoder 3 days ago

      Renderers can access Node APIs via the ‘node integration’ setting or via a preload script.

      Reply View 2 replies
      • themoonisachees 3 days ago

        Aren't these just IPCs disguised as normal function calls though? IIRC only the main node process does anything node, renderers can call "node functions" that really happen in the main process.

        Reply View 1 reply
        • killcoder 2 days ago

          Not at all, in a renderer the Node and Chromium event loops are bound together, they’re part of the same v8 isolate, no IPC shenanigans.

          The main process really shouldn’t be used for anything except setup. Since it controls gpu paints amongst other things, blocking on it will cause visible stuttering and a bad user experience.

          https://www.electronjs.org/blog/electron-internals-node-inte...

          Reply View 0 replies
    • notpushkin 3 days ago

      > Renderer processes can be spawned with a full Node.js environment for ease of development. Historically, this used to be the default, but this feature was disabled for security reasons.

      Makes sense.

      Reply View 0 replies
  • __jonas 3 days ago

    >From my understanding the main difference between electron and other WebView Containers (besides built-in APIs) is that electron runs your nodejs code in the same process as your browser code.

    That is not correct: https://www.electronjs.org/docs/latest/tutorial/process-mode...

    > So there is no cross-process communication, true synchronous communication between browser and nodejs code, ability to communicate without copying memory and without serialization, etc

    From the Electrton docs:

    > Arguments will be serialized with the Structured Clone Algorithm, just like window.postMessage, so prototype chains will not be included. Sending Functions, Promises, Symbols, WeakMaps, or WeakSets will throw an exception.

    (https://www.electronjs.org/docs/latest/api/ipc-renderer#ipcr...)

    But yes they do build pretty heavily on Chromium, so swapping it out for a system WebView would probably not be possible.

    Reply View 6 replies
    • killcoder 3 days ago

      Within a renderer you can access NodeJS APIs directly. The main process shouldn’t be used for any significant computation, as it will block GPU paints and cross-process synchronisation.

      The other main difference is Electron bundles a known set of APIs, given the known Chromium version. There’s such a huge variance of supported features across the embedded web views.

      Reply View 2 replies
      • cyanydeez 3 days ago

        Yes, this is the best benefit of elecrron: you dont have to trouble shoot 10s of OS webview versions and their ixremental suppory, especially with MacOS.

        But it is right that the ui for elwctron has to use a IPC layer to get a node backend running. However, chrome is moving a lot of things like FilesystemAPI into browsers so there may be a day were nodejs is dropped in favor of a sandboxed chromium.

        Reply View 1 reply
    • DanielHB 3 days ago

      oh wow, I was very wrong, I don't know why I got this notion that electron shared the runtime environment between non-browser and browser code. Thanks for the clarification.

      I am pretty disappointed about this, it severely limits the usability of native code from inside the UI code and makes Electron much less attractive compared to Tauri, Wails or similar alternatives.

      Do you know if at least moving objects between the electron processes uses direct memory-copying and not some heavy-handed serialization (Wails for example serializes to JSON). The links you pointed out don't mention that.

      Reply View 2 replies
      • killcoder 3 days ago

        You were correct. Electron lets you expose specific NodeJS APIs via the preload script or everything via the ‘nodeIntegration’ setting:

        https://www.electronjs.org/docs/latest/api/structures/web-pr...

        Separately the IPC lets you do zero copy in some circumstances via Transferable objects such as ArrayBuffers. Structured cloning is efficient but not zero copy, and json serialisation shouldn’t be used (since structured cloning is easily available).

        Reply View 1 reply
        • __jonas 3 days ago

          Thanks for adding this context! Guess I was mislead by the Electron documentation talking about multiple processes and IPC, appreciate the clarification!

          Reply View 0 replies
  • baumschubser 3 days ago

    In a recent podcast, Daniel Thompson from Tauri talks about the perspective of having shared memory between the Webview and the backend in Tauri as well. However, it is pretty vague.

    See here, search for "Topic 12": https://syntax.fm/show/821/is-tauri-the-electron-killer/tran...

    Reply View 2 replies
    • cyanydeez 3 days ago

      You can used shared buffers in chrome so one could use webworkers for a lot of processing. However, we are still waiting for many Apis to be available in webworkers.

      Reply View 1 reply
      • DanielHB 3 days ago

        What you really want is to get a reference to those SharedArrayBuffers in the native code like you can do with WASM

        Reply View 0 replies
cyanydeez 3 days ago

Isnt another downside that the javascript in the OS web view could be different and lead to having to support a significant number of different webview versions. If you ship chrome with your app, you get to choose the conformance.

This seems very overlooked in your evaluation.

Reply View 2 replies
  • pipe01 3 days ago

    Yes, but imo it's not a huge deal as we are used to this with regular websites

    Reply View 1 reply
    • Sammi 3 days ago

      It most certainly is a huge deal to handle all the browser differences with regular websites.

      A big reason people choose Electron is so they don't have to deal with all these differences.

      Reply View 0 replies