Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/electron/remote

Bridge JavaScript objects from the main process to the renderer process in Electron.
https://github.com/electron/remote

Last synced: about 1 month ago
JSON representation

Bridge JavaScript objects from the main process to the renderer process in Electron.

Awesome Lists containing this project

README

        

# @electron/remote

[![CircleCI build status](https://circleci.com/gh/electron/remote/tree/main.svg?style=shield)](https://circleci.com/gh/electron/remote/tree/main)
[![npm version](http://img.shields.io/npm/v/@electron/remote.svg)](https://npmjs.org/package/@electron/remote)

`@electron/remote` is an [Electron](https://electronjs.org) module that bridges
JavaScript objects from the main process to the renderer process. This lets you
access main-process-only objects as if they were available in the renderer
process.

> ⚠️ **Warning!** This module has [many subtle
> pitfalls][remote-considered-harmful]. There is almost always a better way to
> accomplish your task than using this module. For example, [`ipcRenderer.invoke`](https://www.electronjs.org/docs/latest/api/ipc-renderer#ipcrendererinvokechannel-args) can serve many common use cases.

`@electron/remote` is a replacement for the built-in `remote` module in
Electron, which is deprecated and will eventually be removed.

## Migrating from `remote`

> **NOTE:** `@electron/remote` requires Electron 13 or higher.

There are three things you need to do to migrate from the built-in `remote`
module to `@electron/remote`.

First, you need to install it from NPM:

```shell
$ npm install --save @electron/remote
```

Second, `@electron/remote/main` must be initialized in the main
process before it can be used from the renderer:

```javascript
// in the main process:
require('@electron/remote/main').initialize()
```

Third, `require('electron').remote` in the renderer process must be
replaced with `require('@electron/remote')`.

```javascript
// in the renderer process:

// Before
const { BrowserWindow } = require('electron').remote

// After
const { BrowserWindow } = require('@electron/remote')
```

**Note:** Since this is requiring a module through npm rather than a built-in
module, if you're using `remote` from a sandboxed process, you'll need to
configure your bundler appropriately to package the code of `@electron/remote`
in the preload script. Of course, [using `@electron/remote` makes the sandbox
much less effective][remote-considered-harmful].

**Note:** In `electron >= 14.0.0`, you must use the new `enable` API to enable the remote module for each desired `WebContents` separately: `require("@electron/remote/main").enable(webContents)`.

In `electron < 14.0.0`, `@electron/remote` respects the `enableRemoteModule` WebPreferences
value. You must pass `{ webPreferences: { enableRemoteModule: true } }` to
the constructor of `BrowserWindow`s that should be granted permission to use
`@electron/remote`.

# API Reference

The `remote` module provides a simple way to do inter-process communication
(IPC) between the renderer process (web page) and the main process.

In Electron, GUI-related modules (such as `dialog`, `menu` etc.) are only
available in the main process, not in the renderer process. In order to use them
from the renderer process, the `ipc` module is necessary to send inter-process
messages to the main process. With the `remote` module, you can invoke methods
of the main process object without explicitly sending inter-process messages,
similar to Java's [RMI][rmi]. An example of creating a browser window from a
renderer process:

```javascript
const { BrowserWindow } = require('@electron/remote')
let win = new BrowserWindow({ width: 800, height: 600 })
win.loadURL('https://github.com')
```

In order for this to work, you first need to initialize the main-process side
of the remote module:

```javascript
// in the main process:
require('@electron/remote/main').initialize()
```

**Note:** In `electron >= 14.0.0` the remote module is disabled by default for any `WebContents` instance and is only enabled for specified `WebContents` after explicitly calling `require("@electron/remote/main").enable(webContents)`.

In `electron < 14.0.0` the remote module can be disabled for security reasons in the following contexts:
- [`BrowserWindow`](https://www.electronjs.org/docs/latest/api/browser-window) - by setting the `enableRemoteModule` option to `false`.
- [``](https://www.electronjs.org/docs/latest/api/webview-tag) - by setting the `enableremotemodule` attribute to `false`.

## Remote Objects

Each object (including functions) returned by the `remote` module represents an
object in the main process (we call it a remote object or remote function).
When you invoke methods of a remote object, call a remote function, or create
a new object with the remote constructor (function), you are actually sending
synchronous inter-process messages.

In the example above, both `BrowserWindow` and `win` were remote objects and
`new BrowserWindow` didn't create a `BrowserWindow` object in the renderer
process. Instead, it created a `BrowserWindow` object in the main process and
returned the corresponding remote object in the renderer process, namely the
`win` object.

**Note:** Only [enumerable properties][enumerable-properties] which are present
when the remote object is first referenced are accessible via remote.

**Note:** Arrays and Buffers are copied over IPC when accessed via the `remote`
module. Modifying them in the renderer process does not modify them in the main
process and vice versa.

## Lifetime of Remote Objects

Electron makes sure that as long as the remote object in the renderer process
lives (in other words, has not been garbage collected), the corresponding object
in the main process will not be released. When the remote object has been
garbage collected, the corresponding object in the main process will be
dereferenced.

If the remote object is leaked in the renderer process (e.g. stored in a map but
never freed), the corresponding object in the main process will also be leaked,
so you should be very careful not to leak remote objects.

Primary value types like strings and numbers, however, are sent by copy.

## Passing callbacks to the main process

Code in the main process can accept callbacks from the renderer - for instance
the `remote` module - but you should be extremely careful when using this
feature.

First, in order to avoid deadlocks, the callbacks passed to the main process
are called asynchronously. You should not expect the main process to
get the return value of the passed callbacks.

For instance you can't use a function from the renderer process in an
`Array.map` called in the main process:

```javascript
// main process mapNumbers.js
exports.withRendererCallback = (mapper) => {
return [1, 2, 3].map(mapper)
}

exports.withLocalCallback = () => {
return [1, 2, 3].map(x => x + 1)
}
```

```javascript
// renderer process
const mapNumbers = require('@electron/remote').require('./mapNumbers')
const withRendererCb = mapNumbers.withRendererCallback(x => x + 1)
const withLocalCb = mapNumbers.withLocalCallback()

console.log(withRendererCb, withLocalCb)
// [undefined, undefined, undefined], [2, 3, 4]
```

As you can see, the renderer callback's synchronous return value was not as
expected, and didn't match the return value of an identical callback that lives
in the main process.

Second, the callbacks passed to the main process will persist until the
main process garbage-collects them.

For example, the following code seems innocent at first glance. It installs a
callback for the `close` event on a remote object:

```javascript
require('@electron/remote').getCurrentWindow().on('close', () => {
// window was closed...
})
```

But remember the callback is referenced by the main process until you
explicitly uninstall it. If you do not, each time you reload your window the
callback will be installed again, leaking one callback for each restart.

To make things worse, since the context of previously installed callbacks has
been released, exceptions will be raised in the main process when the `close`
event is emitted.

To avoid this problem, ensure you clean up any references to renderer callbacks
passed to the main process. This involves cleaning up event handlers, or
ensuring the main process is explicitly told to dereference callbacks that came
from a renderer process that is exiting.

## Accessing built-in modules in the main process

The built-in modules in the main process are added as getters in the `remote`
module, so you can use them directly like the `electron` module.

```javascript
const app = require('@electron/remote').app
console.log(app)
```

## Methods

The `remote` module has the following methods:

### `remote.require(module)`

* `module` String

Returns `any` - The object returned by `require(module)` in the main process.
Modules specified by their relative path will resolve relative to the entrypoint
of the main process.

e.g.

```sh
project/
├── main
│ ├── foo.js
│ └── index.js
├── package.json
└── renderer
└── index.js
```

```js
// main process: main/index.js
const { app } = require('@electron/remote')
app.whenReady().then(() => { /* ... */ })
```

```js
// some relative module: main/foo.js
module.exports = 'bar'
```

```js
// renderer process: renderer/index.js
const foo = require('@electron/remote').require('./foo') // bar
```

### `remote.getCurrentWindow()`

Returns `BrowserWindow` - The window to which this web page belongs.

**Note:** Do not use `removeAllListeners` on `BrowserWindow`. Use of this can
remove all [`blur`](https://developer.mozilla.org/en-US/docs/Web/Events/blur)
listeners, disable click events on touch bar buttons, and other unintended
consequences.

### `remote.getCurrentWebContents()`

Returns `WebContents` - The web contents of this web page.

### `remote.getGlobal(name)`

* `name` String

Returns `any` - The global variable of `name` (e.g. `global[name]`) in the main
process.

## Properties

### `remote.process` _Readonly_

A `NodeJS.Process` object. The `process` object in the main process. This is the same as
`remote.getGlobal('process')` but is cached.

# Overriding exposed objects

Without filtering, `@electron/remote` will provide access to any JavaScript
object that any renderer requests. In order to control what can be accessed,
`@electron/remote` provides an opportunity to the app to return a custom result
for any of `getGlobal`, `require`, `getCurrentWindow`, `getCurrentWebContents`,
or any of the builtin module properties.

The following events will be emitted first on the `app` Electron module, and
then on the specific `WebContents` which requested the object. When emitted on
the `app` module, the first parameter after the `Event` object will be the
`WebContents` which originated the request. If any handler calls
`preventDefault`, the request will be denied. If a `returnValue` parameter is
set on the result, then that value will be returned to the renderer instead of
the default.

## Events

### Event: 'remote-require'

Returns:

* `event` Event
* `moduleName` String

Emitted when `remote.require()` is called in the renderer process of `webContents`.
Calling `event.preventDefault()` will prevent the module from being returned.
Custom value can be returned by setting `event.returnValue`.

### Event: 'remote-get-global'

Returns:

* `event` Event
* `globalName` String

Emitted when `remote.getGlobal()` is called in the renderer process of `webContents`.
Calling `event.preventDefault()` will prevent the global from being returned.
Custom value can be returned by setting `event.returnValue`.

### Event: 'remote-get-builtin'

Returns:

* `event` Event
* `moduleName` String

Emitted when `remote.getBuiltin()` is called in the renderer process of
`webContents`, including when a builtin module is accessed as a property (e.g.
`require("@electron/remote").BrowserWindow`).
Calling `event.preventDefault()` will prevent the module from being returned.
Custom value can be returned by setting `event.returnValue`.

### Event: 'remote-get-current-window'

Returns:

* `event` Event

Emitted when `remote.getCurrentWindow()` is called in the renderer process of `webContents`.
Calling `event.preventDefault()` will prevent the object from being returned.
Custom value can be returned by setting `event.returnValue`.

### Event: 'remote-get-current-web-contents'

Returns:

* `event` Event

Emitted when `remote.getCurrentWebContents()` is called in the renderer process of `webContents`.
Calling `event.preventDefault()` will prevent the object from being returned.
Custom value can be returned by setting `event.returnValue`.

[rmi]: https://en.wikipedia.org/wiki/Java_remote_method_invocation
[enumerable-properties]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Enumerability_and_ownership_of_properties
[remote-considered-harmful]: https://medium.com/@nornagon/electrons-remote-module-considered-harmful-70d69500f31