{"id":35867953,"url":"https://github.com/castlabs/electron-releases","last_synced_at":"2026-03-05T00:07:45.722Z","repository":{"id":37768441,"uuid":"109712089","full_name":"castlabs/electron-releases","owner":"castlabs","description":"Castlabs Electron for Content Security","archived":false,"fork":false,"pushed_at":"2026-02-06T00:21:09.000Z","size":3559,"stargazers_count":261,"open_issues_count":13,"forks_count":43,"subscribers_count":14,"default_branch":"master","last_synced_at":"2026-02-06T10:47:49.028Z","etag":null,"topics":["cdm","drm","electron","offline","vmp","widevine"],"latest_commit_sha":null,"homepage":"https://castlabs.com/security/widevine-certification/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/castlabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-11-06T15:19:19.000Z","updated_at":"2026-02-06T00:12:12.000Z","dependencies_parsed_at":"2024-02-21T01:38:53.591Z","dependency_job_id":"e600086c-3809-4c99-901b-20d7ab020e0d","html_url":"https://github.com/castlabs/electron-releases","commit_stats":{"total_commits":355,"total_committers":4,"mean_commits":88.75,"dds":0.008450704225352101,"last_synced_commit":"2af169991120cf0faca7796f0aabcfeba1a7243b"},"previous_names":[],"tags_count":1354,"template":false,"template_full_name":null,"purl":"pkg:github/castlabs/electron-releases","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castlabs%2Felectron-releases","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castlabs%2Felectron-releases/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castlabs%2Felectron-releases/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castlabs%2Felectron-releases/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/castlabs","download_url":"https://codeload.github.com/castlabs/electron-releases/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/castlabs%2Felectron-releases/sbom","scorecard":{"id":267530,"data":{"date":"2025-08-11","repo":{"name":"github.com/castlabs/electron-releases","commit":"28c7c5840ab91f2f8122cae413a00082b4b3426a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":10,"reason":"25 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v38.0.0-alpha.12+wvcus not signed: https://api.github.com/repos/castlabs/electron-releases/releases/237093228","Warn: release artifact v37.2.5+wvcus not signed: https://api.github.com/repos/castlabs/electron-releases/releases/237093207","Warn: release artifact v38.0.0-alpha.11+wvcus not signed: https://api.github.com/repos/castlabs/electron-releases/releases/236543469","Warn: release artifact v38.0.0-alpha.10+wvcus not signed: https://api.github.com/repos/castlabs/electron-releases/releases/235887382","Warn: release artifact v38.0.0-alpha.9+wvcus not signed: https://api.github.com/repos/castlabs/electron-releases/releases/235474394","Warn: release artifact v38.0.0-alpha.12+wvcus does not have provenance: https://api.github.com/repos/castlabs/electron-releases/releases/237093228","Warn: release artifact v37.2.5+wvcus does not have provenance: https://api.github.com/repos/castlabs/electron-releases/releases/237093207","Warn: release artifact v38.0.0-alpha.11+wvcus does not have provenance: https://api.github.com/repos/castlabs/electron-releases/releases/236543469","Warn: release artifact v38.0.0-alpha.10+wvcus does not have provenance: https://api.github.com/repos/castlabs/electron-releases/releases/235887382","Warn: release artifact v38.0.0-alpha.9+wvcus does not have provenance: https://api.github.com/repos/castlabs/electron-releases/releases/235474394"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'","Warn: branch protection not enabled for branch '37-x-y'","Warn: branch protection not enabled for branch '36-x-y'","Warn: branch protection not enabled for branch '35-x-y'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-17T12:29:04.990Z","repository_id":37768441,"created_at":"2025-08-17T12:29:04.990Z","updated_at":"2025-08-17T12:29:04.990Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30101991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T23:59:36.199Z","status":"ssl_error","status_checked_at":"2026-03-04T23:56:48.556Z","response_time":59,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cdm","drm","electron","offline","vmp","widevine"],"created_at":"2026-01-08T14:16:13.154Z","updated_at":"2026-03-05T00:07:45.676Z","avatar_url":"https://github.com/castlabs.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Electron for Content Security\n\nCheck out the [Wiki](../../wiki) for general news, guides, and other updates.\n\n\u003e :warning: **The `v16` series of Electron for Content Security, labeled `wvcus`, moves to using the Component Updater Service to handle installation of the Widevine CDM, and has incompatible API updates compared to the previous `wvvmp` releases.**\n\u003e\n\u003e See additional updates in the sections below, and please report any issues you find!\n\nElectron for Content Security (ECS) is a fork of Electron created by Castlabs to facilitate the use of Google's [Widevine Content Decryption Module (CDM)](../../wiki/CDM) for DRM-enabled playback within Electron, including support for [Verified Media Path (VMP)](../../wiki/VMP) and persistent license storage. It is intended to be used as a drop-in replacement for stock Electron and currently has full support for Windows and macOS platforms, with partial support for Linux (which lacks support for persistent licenses due to VMP limitations on the platform).\n\nThe sections below will describe the features/modifications that ECS provides, for anything else refer to the regular [Electron documentation](https://www.electronjs.org/docs).\n\n## How does it work?\n\nTo achieve Widevine support the [Widevine CDM](../../wiki/CDM) will be [installed on first launch](#widevine-cdm-installation) and enabled as an option for playback of DRM protected content using common EME APIs. Subsequent launces will trigger a backround update check. If an update is available it will be downloaded and applied on next launch.\n\nThe provided builds are VMP-signed for development and can be used with Widevine UAT or other servers accepting development clients. For production use you can sign up for our [EVS service](../../wiki/EVS), to obtain production VMP signing capabilities. Previously a license agreement with Google Widevine was required to get your own VMP signing certificate, but with EVS this is no longer necessary.\n\n## Installing\n\nTo install prebuilt ECS binaries, use [npm](https://docs.npmjs.com/). The preferred method is to install ECS as a development dependency in your app:\n\n```\nnpm install \"https://github.com/castlabs/electron-releases#v40.1.0+wvcus\" --save-dev\n```\n\nSince ECS is not published in the npm package index a GitHub URL is used instead to reference a particular release, just modify the `#` tag at the end to the version you want to use.\n\n\u003e :warning: The above command is just an example, **use a [release](https://github.com/castlabs/electron-releases/releases) of a [currently supported version](https://github.com/castlabs/electron-releases/wiki#supported-versions)** to make sure you have the latest features and security updates!\n\n## Using\n\nUsing ECS is very similar to using stock Electron, the main difference being that you should wait for the Widevine CDM installation to complete before opening your `BrowserWindow`. This can be achieved using the new [components API](docs/api/components.md):\n\n```javascript\nconst {app, components, BrowserWindow} = require('electron');\n\nfunction createWindow () {\n  const mainWindow = new BrowserWindow();\n  mainWindow.loadURL('https://shaka-player-demo.appspot.com/');\n}\n\napp.whenReady().then(async () =\u003e {\n  await components.whenReady();\n  console.log('components ready:', components.status());\n  createWindow();\n});\n```\n\n## Extensions to Electron\n\nThe only visible extensions provided is the new [components API](docs/api/components.md).\n\n### Widevine CDM installation\n\nComponent installation/updates are always automatically triggered unless the Component Updater is disabled, e.g. by passing `--disable-component-update`. This is always done on a delay timer, even if there is no version of a component installed.\n\nTo make sure the Widevine CDM is promptly installed the `components.whenReady()` API can be used (see example [above](#using)). This forces immediate installation if there isn't already a version of the Widevine CDM available.\n\n## Legal notice / Disclaimer\n\nTHIS SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT. UPDATES, INCLUDING SECURITY UPDATES, WILL BE PROVIDED ON A BEST-EFFORT BASIS.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcastlabs%2Felectron-releases","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcastlabs%2Felectron-releases","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcastlabs%2Felectron-releases/lists"}