今天，我们发布了免费、开源、托管的 更新 Web 服务 及其配套 npm 包，以便轻松实现开源 Electron 应用的自动更新。这是让应用开发者更少考虑部署，更多地关注为用户开发高质量体验的一步。

¥Today we're releasing a free, open-source, hosted updates webservice and companion npm package to enable easy automatic updates for open-source Electron apps. This is a step toward empowering app developers to think less about deployment and more about developing high-quality experiences for their users.

让生活更轻松​

¥Making life easier

Electron 拥有 autoUpdater API，使应用能够使用来自远程端点的元数据来检查更新、在后台下载并自动安装。

¥Electron has an autoUpdater API that gives apps the ability to consume metadata from a remote endpoint to check for updates, download them in the background, and install them automatically.

对于许多 Electron 应用开发者来说，启用这些更新一直是部署过程中繁琐的一步，因为它需要部署和维护一个 Web 服务器来提供应用版本历史元数据。

¥Enabling these updates has been a cumbersome step in the deployment process for many Electron app developers because it requires a web server to be deployed and maintained just to serve app version history metadata.

今天，我们宣布推出一款用于自动应用更新的全新嵌入式解决方案。如果你的 Electron 应用位于公共 GitHub 仓库中，并且你使用 GitHub Releases 发布构建版本，则可以使用此服务向用户提供持续的应用更新。

¥Today we are announcing a new drop-in solution for automatic app updates. If your Electron app is in a public GitHub repository and you're using GitHub Releases to publish builds, you can use this service to deliver continuous app updates to your users.

使用新模块​

¥Using the new module

为了最大限度地减少你的配置工作，我们创建了 update-electron-app，这是一个与新的 update.electronjs.org Web 服务集成的 npm 模块。

¥To minimize configuration on your part, we've created update-electron-app, an npm module which integrates with the new update.electronjs.org webservice.

安装模块：

¥Install the module:

npm install update-electron-app

可在应用的 主进程 中的任何位置调用：

¥Call it from anywhere in your app's main process:

require('update-electron-app')();

就是这样！该模块将在应用启动时检查更新，然后每十分钟检查一次。当发现更新时，它会在后台自动下载，并在更新准备就绪时显示一个对话框。

¥That's it! The module will check for updates at app startup, then every ten minutes. When an update is found it will download automatically in the background, and a dialog will be displayed when the update is ready.

迁移现有的应用​

¥Migrating existing apps

已经使用 Electron autoUpdater API 的应用也可以使用此服务。为此，你可以使用 自定义 update-electron-app 模块或 直接与 update.electronjs.org 集成 模块。

¥Apps already using Electron's autoUpdater API can use this service too. To do so, you can customize the update-electron-app module or integrate directly with update.electronjs.org.

替代方案​

¥Alternatives

如果你使用 electron-builder 打包应用，可以使用其内置的更新程序。详情请参阅 electron.build/auto-update。

¥If you're using electron-builder to package your app, you can use its built-in updater. For details, see electron.build/auto-update.

如果你的应用是私有的，则可能需要运行自己的更新服务器。有很多开源工具可以实现这一点，包括 Zeit 的 Hazel 和 Atlassian 的 核。请参阅 部署更新服务器 教程了解更多信息。

¥If your app is private, you may need to run your own update server. There are a number of open-source tools for this, including Zeit's Hazel and Atlassian's Nucleus. See the Deploying an Update Server tutorial for more info.

致谢​

¥Thanks

感谢 Julian Gruber 帮助设计和构建这个简单且可扩展的 Web 服务。感谢 Zeit 的朋友们开源了 Hazel 服务，我们从中汲取了设计灵感。感谢 Samuel Attard 的代码审查。感谢 Electron 社区帮助测试这项服务。

¥Thanks to Julian Gruber for helping design and build this simple and scalable web service. Thanks to the folks at Zeit for their open-source Hazel service, from which we drew design inspiration. Thanks to Samuel Attard for the code reviews. Thanks to the Electron community for helping test this service.

🌲 祝 Electron 应用未来长青！

¥🌲 Here's to an evergreen future for Electron apps!

新的 Electron 2.0 发行版是 packed，包含新功能和修复。此新主要版本的一大亮点是针对 Apple Mac 应用商店 推出了新的 inAppPurchase API。

¥The new Electron 2.0 release line is packed with new features and fixes. One of the highlights from this new major version is a new inAppPurchase API for Apple's Mac App Store.

应用内购买功能允许直接在应用内购买内容或订阅。这为开发者提供了一种轻松拥抱 免费增值商业模式 的方法，用户无需付费即可下载应用，并可以选择应用内购买高级功能、附加内容或订阅。

¥In-app purchases enable content or subscriptions to be purchased directly from within apps. This gives developers an easy way to embrace the freemium business model, wherein users pay nothing to download an app and are offered optional in-app purchases for premium features, additional content, or subscriptions.

社区贡献者 Adrien Fery 为 Electron 添加了新的 API，以便在 Amanote（一款用于讲座和会议的 Electron 注意应用）中启用应用内购买。Amanote 可免费下载，允许在 PDF 中添加清晰、结构化的注释，并具有数学公式、绘图、录音等功能。

¥The new API was added to Electron by community contributor Adrien Fery to enable in-app purchases in Amanote, a note-taking Electron app for lectures and conferences. Amanote is free to download and allows clear and structured notes to be added to PDFs, with features like mathematical formulae, drawings, audio recording, and more.

自从 Mac 版 Amanote 增加应用内购买支持以来，Adrien 注意到其销量增长了 40%！

¥Since adding in-app purchase support to the Mac version of Amanote, Adrien has noted a 40% increase in sales!

入门​

¥Getting Started

新的 inAppPurchase API 已在最新的 Electron 测试版中推出：

¥The new inAppPurchase API has already landed in the latest Electron beta:

npm i -D electron@beta

API 的文档可在 在 GitHub 上找到 上找到，Adrien 也非常慷慨地编写了一篇关于如何使用 API 的教程。要开始在你的应用中添加应用内购买功能，请使用 查看教程。

¥The docs for the API can be found on GitHub, and Adrien has been kind enough to write a tutorial on how to use the API. To get started adding in-app purchases to your app, see the tutorial.

更多 API 改进 正在开发中，并将很快在即将发布的 Electron 测试版中推出。

¥More improvements to the API are in the works, and will soon be landing in an upcoming Electron beta release.

Windows 可能是下一个​

¥Windows Could Be Next

接下来，Adrien 希望通过在 Electron 中添加对 Microsoft Store 应用内购买的支持，为 Amanote 开辟新的收入渠道。敬请关注最新进展！

¥Up next, Adrien is hoping to open a new revenue channel for Amanote by adding support for Microsoft Store in-app purchases in Electron. Stay tuned for developments on that!

已发现一个漏洞，该漏洞允许在某些禁用 Node.js 集成的 Electron 应用中重新启用它。此漏洞已被分配 CVE 标识符 CVE-2018-1000136。

¥A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. This vulnerability has been assigned the CVE identifier CVE-2018-1000136.

受影响的应用​

¥Affected Applications

如果满足以下所有条件，则应用会受到影响：

¥An application is affected if all of the following are true:

1. 可在 Electron 1.7、1.8 或 2.0.0-beta 版本上运行

   ¥Runs on Electron 1.7, 1.8, or a 2.0.0-beta

2. 允许执行任意远程代码

   ¥Allows execution of arbitrary remote code

3. 禁用 Node.js 集成

   ¥Disables Node.js integration

4. 未在其 webPreferences 中明确声明 webviewTag: false

   ¥Does not explicitly declare webviewTag: false in its webPreferences

5. 不启用 nativeWindowOption 选项

   ¥Does not enable the nativeWindowOption option

6. 不拦截 new-window 事件，也不在不使用提供的 options 标签的情况下手动覆盖 event.newGuest

   ¥Does not intercept new-window events and manually override event.newGuest without using the supplied options tag

虽然这似乎只存在于少数 Electron 应用中，但我们建议所有应用升级以防万一。

¥Although this appears to be a minority of Electron applicatons, we encourage all applications to be upgraded as a precaution.

缓解措施​

¥Mitigation

此漏洞已在今天的 1.7.13、1.8.4 和 2.0.0-beta.5 版本中修复。

¥This vulnerability is fixed in today's 1.7.13, 1.8.4, and 2.0.0-beta.5 releases.

无法升级应用 Electron 版本的开发者可以使用以下代码缓解此漏洞：

¥Developers who are unable to upgrade their application's Electron version can mitigate the vulnerability with the following code:

app.on('web-contents-created', (event, win) => {
  win.on(
    'new-window',
    (event, newURL, frameName, disposition, options, additionalFeatures) => {
      if (!options.webPreferences) options.webPreferences = {};
      options.webPreferences.nodeIntegration = false;
      options.webPreferences.nodeIntegrationInWorker = false;
      options.webPreferences.webviewTag = false;
      delete options.webPreferences.preload;
    },
  );
});

// and *IF* you don't use WebViews at all,
// you might also want
app.on('web-contents-created', (event, win) => {
  win.on('will-attach-webview', (event, webPreferences, params) => {
    event.preventDefault();
  });
});

更多信息​

¥Further Information

此漏洞由 Trustwave SpiderLabs 的 Brendan Scarvell 发现并负责任地报告给 Electron 项目。

¥This vulnerability was found and reported responsibly to the Electron project by Brendan Scarvell of Trustwave SpiderLabs.

要了解有关保护 Electron 应用安全的最佳实践的更多信息，请参阅我们的 安全教程。

¥To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

要报告 Electron 中的漏洞，请发送电子邮件至 security@electronjs.org。

¥To report a vulnerability in Electron, please email security@electronjs.org.

请加入我们的 邮件列表 以接收有关版本和安全更新的更新。

¥Please join our email list to receive updates about releases and security updates.

上周，electronjs.org 网站宕机了几分钟。如果你受到了这些短暂中断的影响，对于由此造成的不便，我们深表歉意。经过今天的一些调查，我们诊断出了根本原因并部署了 fix。

¥Last week the electronjs.org site had a few minutes of downtime. If you were affected by these brief outages, we're sorry for the inconvenience. After a bit of investigation today, we've diagnosed the root cause and have deployed a fix.

为了防止将来再次出现此类停机，我们已在应用上启用了 Heroku 阈值警报。每当我们的 Web 服务器累积的失败请求或响应速度超过一定阈值时，我们的团队都会收到通知，以便我们快速解决问题。

¥To prevent this kind of downtime in the future, we've enabled Heroku threshold alerts on our app. Any time our web server accumulates failed requests or slow responses beyond a certain threshold, our team will be notified so we can address the problem quickly.

所有语言的离线文档​

¥Offline Docs in Every Language

下次你在飞机上或地下咖啡店开发 Electron 应用时，不妨准备一份文档副本以供离线参考。幸运的是，Electron 的文档以 Markdown 文件的形式提供，支持 20 多种语言。

¥The next time you're developing an Electron app on a plane or in a subterranean coffee shop, you might want to have a copy of the docs for offline reference. Fortunately, Electron's docs are available as Markdown files in over 20 languages.

git clone https://github.com/electron/electron-i18n
ls electron-i18n/content

带有图形用户界面的离线文档​

¥Offline Docs with a GUI

devdocs.io/electron 是一个便捷的网站，存储文档以供离线使用，不仅适用于 Electron，还适用于许多其他项目，例如 JavaScript、TypeScript、Node.js、React、Angular 等等。当然，Electron 也有一个应用可以实现这一点。在 Electron 网站上查看 devdocs-app。

¥devdocs.io/electron is a handy website that stores docs for offline use, not just for Electron but many other projects like JavaScript, TypeScript, Node.js, React, Angular, and many others. And of course there's an Electron app for that, too. Check out devdocs-app on the Electron site.

如果你喜欢不使用鼠标或触控板安装应用，请尝试 Electron Forge 的 install 命令：

¥If you like to install apps without using your mouse or trackpad, give Electron Forge's install command a try:

npx electron-forge install egoist/devdocs-app

已发现一个远程代码执行漏洞，该漏洞影响使用自定义协议处理程序的 Electron 应用。此漏洞已被分配 CVE 标识符 CVE-2018-1000006。

¥A remote code execution vulnerability has been discovered affecting Electron apps that use custom protocol handlers. This vulnerability has been assigned the CVE identifier CVE-2018-1000006.

受影响的平台​

¥Affected Platforms

设计为在 Windows 上运行的 Electron 应用，如果将自己注册为某个协议（例如 myapp://）的默认处理程序，则容易受到攻击。

¥Electron apps designed to run on Windows that register themselves as the default handler for a protocol, like myapp://, are vulnerable.

无论协议如何注册（例如使用原生代码、Windows 注册表或 Electron 的 app.setAsDefaultProtocolClient API），此类应用都可能受到影响。

¥Such apps can be affected regardless of how the protocol is registered, e.g. using native code, the Windows registry, or Electron's app.setAsDefaultProtocolClient API.

macOS 和 Linux 均不易受此问题影响。

¥macOS and Linux are not vulnerable to this issue.

缓解措施​

¥Mitigation

我们已发布 Electron 的新版本，其中包含针对此漏洞的修复：1.8.2-beta.5、1.7.12 和 1.6.17。我们敦促所有 Electron 开发者立即将其应用更新到最新的稳定版本。

¥We've published new versions of Electron which include fixes for this vulnerability: 1.8.2-beta.5, 1.7.12, and 1.6.17. We urge all Electron developers to update their apps to the latest stable version immediately.

如果由于某种原因你无法升级 Electron 版本，你可以在调用 app.setAsDefaultProtocolClient 时将 -- 作为最后一个参数附加，这样可以防止 Chromium 解析其他选项。双破折号 -- 表示命令选项的结束，之后仅接受位置参数。

¥If for some reason you are unable to upgrade your Electron version, you can append -- as the last argument when calling app.setAsDefaultProtocolClient, which prevents Chromium from parsing further options. The double dash -- signifies the end of command options, after which only positional parameters are accepted.

app.setAsDefaultProtocolClient(protocol, process.execPath, [
  '--your-switches-here',
  '--',
]);

请参阅 app.setAsDefaultProtocolClient API 了解更多详情。

¥See the app.setAsDefaultProtocolClient API for more details.

要了解有关保护 Electron 应用安全的最佳实践的更多信息，请参阅我们的 安全教程。

¥To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

如果你想报告 Electron 中的漏洞，请发送电子邮件至 security@electronjs.org。

¥If you wish to report a vulnerability in Electron, email security@electronjs.org.

Electron 的新主要版本正在开发中，我们的版本控制策略也随之进行了一些调整。从 2.0.0 版本开始，Electron 将严格遵守语义化版本控制。

¥A new major version of Electron is in the works, and with it some changes to our versioning strategy. As of version 2.0.0, Electron will strictly adhere to Semantic Versioning.

此更改意味着你将更频繁地看到主要版本升级，并且通常是 Chromium 的重大更新。补丁版本也将更加稳定，因为它们现在只包含错误修复，不包含任何新功能。

¥This change means you'll see the major version bump more often, and it will usually be a major update to Chromium. Patch releases will also be more stable, as they will now only contain bug fixes with no new features.

主要版本增量

¥Major Version Increments

• Chrom 版本更新

  ¥Chromium version updates

• Node.js 主要版本更新

  ¥Node.js major version updates

• Electron 断裂 API 更改

  ¥Electron breaking API changes

小版本增量

¥Minor Version Increments

• Node.js 小版本更新

  ¥Node.js minor version updates

• Electron 不间断 API 更改

  ¥Electron non-breaking API changes

补丁版本增量

¥Patch Version Increments

• Node.js 补丁版本更新

  ¥Node.js patch version updates

• 修复相关的 chromium 补丁

  ¥fix-related chromium patches

• Electron 错误修复

  ¥Electron bug fixes

由于 Electron 的语义版本范围现在更有意义，我们建议使用 npm 的默认 --save-dev 标志安装 Electron，该标志会为你的版本添加 ^ 前缀，确保你能够安全地获取次要更新和补丁更新：

¥Because Electron's semver ranges will now be more meaningful, we recommend installing Electron using npm's default --save-dev flag, which will prefix your version with ^, keeping you safely up to date with minor and patch updates:

npm install --save-dev electron

对于只对错误修复感兴趣的开发者，你应该使用波浪符号语义版本前缀，例如 ~2.0.0，它永远不会引入新功能，只会修复以提高稳定性。

¥For developers interested only in bug fixes, you should use the tilde semver prefix e.g. ~2.0.0, which which will never introduce new features, only fixes to improve stability.

有关更多详细信息，请参阅 electronjs.org/docs/tutorial/electron-versioning。

¥For more details, see electronjs.org/docs/tutorial/electron-versioning.

Electron 的新网站 electronjs.org 上线！我们已将静态 Jekyll 网站替换为 Node.js 网络服务器，这使我们能够灵活地实现网站的国际化，并为更多激动人心的新功能铺平道路。

¥Electron has a new website at electronjs.org! We've replaced our static Jekyll site with a Node.js webserver, giving us flexibility to internationalize the site and paving the way for more exciting new features.

🌍 翻译​

¥🌍 Translations

我们已启动网站国际化进程，旨在让全球开发者都能轻松使用 Electron 应用开发。我们正在使用一个名为 Crowdin 的本地化平台，该平台与 GitHub 集成，在内容翻译成不同语言时自动打开和更新拉取请求。

¥We've begun the process of internationalizing the website with the goal of making Electron app development accessible to a global audience of developers. We're using a localization platform called Crowdin that integrates with GitHub, opening and updating pull requests automatically as content is translated into different languages.

虽然我们一直在默默地进行这项工作，但已有超过 75 位 Electron 社区成员自然而然地发现了这个项目，并加入了网站国际化和将 Electron 文档翻译成 20 多种语言的努力。我们看到世界各地的人们都在为 每日贡献 努力，其中法语、越南语、印尼语和中文等语言的翻译工作正在稳步推进。

¥Though we've been working quietly on this effort so far, over 75 Electron community members have already discovered the project organically and joined in the effort to internationalize the website and translate Electron's docs into over 20 languages. We are seeing daily contributions from people all over the world, with translations for languages like French, Vietnamese, Indonesian, and Chinese leading the way.

要选择你的语言并查看翻译进度，请访问 electronjs.org/languages

¥To choose your language and view translation progress, visit electronjs.org/languages

如果你精通多语言，并且有兴趣帮助翻译 Electron 的文档和网站，请访问 electron/electron-i18n 仓库，或者直接使用 Crowdin 进行翻译，你可以使用你的 GitHub 账户登录。

¥If you're multilingual and interested in helping translate Electron's docs and website, visit the electron/electron-i18n repo, or jump right into translating on Crowdin, where you can sign in using your GitHub account.

目前，Crowdin 上的 Electron 项目支持 21 种语言。添加更多语言支持非常简单，如果你有兴趣帮助翻译，但没有看到你要使用的语言列表，请 告诉我们，我们将为你启用。

¥There are currently 21 languages enabled for the Electron project on Crowdin. Adding support for more languages is easy, so if you're interested in helping translate but you don't see your language listed, let us know and we'll enable it.

原始翻译文档​

¥Raw Translated Docs

如果你更喜欢阅读原始 Markdown 文件中的文档，现在你可以使用任何语言进行操作：

¥If you prefer to read documentation in raw markdown files, you can now do that in any language:

git clone https://github.com/electron/electron-i18n
ls electron-i18n/content

应用页面​

¥App Pages

从今天起，任何 Electron 应用都可以在 Electron 网站上轻松拥有自己的页面。如需查看一些示例，请查看 Etcher、1Clipboard 或 GraphQL 游乐场，如图所示，该图位于网站的日文版中：

¥As of today, any Electron app can easily have its own page on the Electron site. For a few examples, check out Etcher, 1Clipboard, or GraphQL Playground, pictured here on the Japanese version of the site:

市面上有一些非常棒的 Electron 应用，但它们并不总是那么容易找到，而且并非每个开发者都有时间或资源来构建一个合适的网站来营销和分发他们的应用。

¥There are some incredible Electron apps out there, but they're not always easy to find, and not every developer has the time or resources to build a proper website to market and distribute their app.

仅使用 PNG 图标文件和少量应用元数据，我们就能收集有关特定应用的大量信息。使用从 GitHub 收集的数据，应用页面现在可以显示每个拥有公共代码库的应用的屏幕截图、下载链接、版本、发行说明和自述文件。使用从每个应用图标中提取的调色板，我们可以生成 醒目且易于理解的颜色，为每个应用页面提供一些视觉上的区别。

¥Using just a PNG icon file and a small amount of app metadata, we're able to collect a lot of information about a given app. Using data collected from GitHub, app pages can now display screenshots, download links, versions, release notes, and READMEs for every app that has a public repository. Using a color palette extracted from each app's icon, we can produce bold and accessible colors to give each app page some visual distinction.

应用索引页 现在还包含类别和关键字过滤器，以便查找有趣的应用，例如 GraphQL GUI 和 p2p 工具。

¥The apps index page now also has categories and a keyword filter to find interesting apps like GraphQL GUIs and p2p tools.

如果你有一个 Electron 应用想要在网站上展示，请在 electron/electron-apps 代码库上提交拉取请求。

¥If you've got an Electron app that you'd like featured on the site, open a pull request on the electron/electron-apps repository.

使用 Homebrew 的一行安装​

¥One-line Installation with Homebrew

macOS 的 Homebrew 软件包管理器有一个名为 cask 的子命令，它可以轻松地在终端中使用单个命令安装桌面应用，就像 brew cask install atom 一样。

¥The Homebrew package manager for macOS has a subcommand called cask that makes it easy to install desktop apps using a single command in your terminal, like brew cask install atom.

我们已开始为热门 Electron 应用收集 Homebrew 的 Cask 名称，现在会在每个包含 Cask 的应用页面上显示安装命令（供 macOS 访问者使用）：

¥We've begun collecting Homebrew cask names for popular Electron apps and are now displaying the installation command (for macOS visitors) on every app page that has a cask:

要查看所有使用 Homebrew Cask 名称的应用，请访问 electronjs.org/apps?q=homebrew。如果你知道其他我们尚未索引的带有 cask 的应用，请添加它们！

¥To view all the apps that have homebrew cask names, visit electronjs.org/apps?q=homebrew. If you know of other apps with casks that we haven't indexed yet, please add them!

🌐 新字段​

¥🌐 A New Domain

我们已将网站从 electron.atom.io 迁移到新域名：electronjs.org。

¥We've moved the site from electron.atom.io to a new domain: electronjs.org.

Electron 项目诞生于 Atom，这是 GitHub 基于 Web 技术构建的开源文本编辑器。Electron 最初名为 atom-shell。Atom 是第一个使用它的应用，但很快人们就意识到这个神奇的 Chromium + Node 运行时可以用于各种不同的应用。当微软和 Slack 等公司开始使用 atom-shell 时，很明显，该项目需要一个新名称。

¥The Electron project was born inside Atom, GitHub's open-source text editor built on web technologies. Electron was originally called atom-shell. Atom was the first app to use it, but it didn't take long for folks to realize that this magical Chromium + Node runtime could be used for all kinds of different applications. When companies like Microsoft and Slack started to make use of atom-shell, it became clear that the project needed a new name.

于是 "Electron" 诞生了。2016 年初，GitHub 组建了一支新团队，专注于 Electron 的开发和维护，不再专注于 Atom 的开发。自那时起，Electron 已被成千上万的应用开发者采用，现在许多大公司都依赖于它，其中许多公司都有自己的 Electron 团队。

¥And so "Electron" was born. In early 2016, GitHub assembled a new team to focus specifically on Electron development and maintenance, apart from Atom. In the time since, Electron has been adopted by thousands of app developers, and is now depended on by many large companies, many of which have Electron teams of their own.

支持 GitHub 的 Electron 项目（例如 Atom 和 GitHub 桌面版）仍然是我们团队的首要任务，但通过迁移到新域名，我们希望能够帮助明确 Atom 和 Electron 之间的技术区别。

¥Supporting GitHub's Electron projects like Atom and GitHub Desktop is still a priority for our team, but by moving to a new domain we hope to help clarify the technical distinction between Atom and Electron.

🐢🚀 Node.js 无处不在​

¥🐢🚀 Node.js Everywhere

之前的 Electron 网站是使用 Jekyll（一款流行的基于 Ruby 的静态网站生成器）构建的。Jekyll 是构建静态网站的绝佳工具，但该网站的发展已经开始超出其能力范围。我们想要更多动态功能，例如合理的重定向和动态内容渲染，因此 Node.js 服务器是显而易见的选择。

¥The previous Electron website was built with Jekyll, the popular Ruby-based static site generator. Jekyll is a great tool for building static websites, but the website had started to outgrow it. We wanted more dynamic capabilities like proper redirects and dynamic content rendering, so a Node.js server was the obvious choice.

Electron 生态系统包含使用多种编程语言编写的组件项目，从 Python 到 C++ 再到 Bash。但 JavaScript 是 Electron 的基础，也是我们社区中使用最多的语言。

¥The Electron ecosystem includes projects with components written in many different programming languages, from Python to C++ to Bash. But JavaScript is foundational to Electron, and it's the language used most in our community.

通过将网站从 Ruby 迁移到 Node.js，我们旨在降低希望为网站做出贡献的人的准入门槛。

¥By migrating the website from Ruby to Node.js, we aim to lower the barrier to entry for people wishing to contribute to the website.

⚡ 更轻松的开源参与​

¥⚡️ Easier Open-Source Participation

如果你的系统上安装了 Node.js（8 或更高版本）和 git，你可以轻松地在本地运行网站：

¥If you've got Node.js (8 or higher) and git installed on your system, you can easily get the site running locally:

git clone https://github.com/electron/electronjs.org
cd electronjs.org
npm install
npm run dev

新网站托管在 Heroku 上。我们使用部署流水线和 应用审核 功能，该功能会为每个拉取请求自动创建应用的运行副本。这使得审阅者能够轻松查看拉取请求对网站实时副本的实际效果。

¥The new website is hosted on Heroku. We use deployment pipelines and the Review Apps feature, which automatically creates a running copy of the app for every pull request. This makes it easy for reviewers to view the actual effects of a pull request on a live copy of the site.

🙏 感谢贡献者​

¥🙏 Thanks to Contributors

我们还要特别感谢世界各地所有贡献时间和精力来帮助改进 Electron 的朋友们。开源社区的热情为 Electron 的成功做出了巨大的贡献。谢谢！

¥We'd like to give special thanks to all the folks around the world who have contributed their own time and energy to help improve Electron. The passion of the open-source community has helped immeasurably in making Electron a success. Thank you!

已发现 Google Chromium 中存在一个远程代码执行漏洞，该漏洞影响 Electron 所有最新版本。任何访问远程内容的 Electron 应用都容易受到此漏洞的攻击，无论是否启用了 沙盒选项。

¥A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabled.

我们已发布 Electron 的两个新版本 1.7.8 和 1.6.14，均包含针对此漏洞的修复。我们敦促所有 Electron 开发者立即将其应用更新到最新稳定版本：

¥We've published two new versions of electron 1.7.8 and 1.6.14, both of which include a fix for this vulnerability. We urge all Electron developers to update their apps to the latest stable version immediately:

npm i electron@latest --save-dev

要了解有关保护 Electron 应用安全的最佳实践的更多信息，请参阅我们的 安全教程。

¥To learn more about best practices for keeping your Electron apps secure, see our security tutorial.

如果你想报告 Electron 中的漏洞，请联系 security@electronjs.org。

¥Please contact security@electronjs.org if you wish to report a vulnerability in Electron.

electron npm 软件包现在包含一个 TypeScript 定义文件，该文件提供了整个 Electron API 的详细注释。即使你编写的是原生 JavaScript，这些注解也可以提升你的 Electron 开发体验。只需安装 npm install electron，即可在你的项目中获取最新的 Electron 类型。

¥The electron npm package now includes a TypeScript definition file that provides detailed annotations of the entire Electron API. These annotations can improve your Electron development experience even if you're writing vanilla JavaScript. Just npm install electron to get up-to-date Electron typings in your project.

TypeScript 是由微软创建的一种开源编程语言。它是 JavaScript 的一个超集，通过添加对静态类型的支持来扩展 JavaScript 语言。TypeScript 社区近年来发展迅速，在最近的 Stack Overflow 开发者调查中，TypeScript 跻身 最受欢迎的编程语言 之列。TypeScript 被描述为 "可扩展的 JavaScript"，GitHub、Slack 和 微软 的团队都在使用它来编写可扩展的 Electron 应用，这些应用的用户多达数百万。

¥TypeScript is an open-source programming language created by Microsoft. It's a superset of JavaScript that extends the language by adding support for static types. The TypeScript community has grown quickly in recent years, and TypeScript was ranked among the most loved programming languages in a recent Stack Overflow developer survey. TypeScript is described as "JavaScript that scales", and teams at GitHub, Slack, and Microsoft are all using it to write scalable Electron apps that are used by millions of people.

TypeScript 支持 JavaScript 中的许多较新的语言特性，例如类、对象解构和 async/await，但其真正的区别在于类型注解。声明程序所需的输入和输出数据类型可以帮助你在编译时发现错误，而注解也可以作为正式的声明。

¥TypeScript supports many of the newer language features in JavaScript like classes, object destructuring, and async/await, but its real differentiating feature is type annotations. Declaring the input and output datatypes expected by your program can reduce bugs by helping you find errors at compile time, and the annotations can also serve as a formal declaration of how your program works.

当库是用原生 JavaScript 编写时，类型通常是在编写文档时事后才模糊地定义的。函数通常可以接受比文档中更多的类型，或者函数可能存在未记录的不可见约束，这可能导致运行时错误。

¥When libraries are written in vanilla Javascript, the types are often vaguely defined as an afterthought when writing documentation. Functions can often accept more types than what was documented, or a function can have invisible constraints that are not documented, which can lead to runtime errors.

TypeScript 使用定义文件解决了这个问题。TypeScript 定义文件描述了库的所有函数及其预期的输入和输出类型。当库作者将 TypeScript 定义文件与其发布的库打包在一起时，该库的使用者可以立即 直接在内部探索其 API 编辑器 并开始使用它，通常无需查阅库的文档。

¥TypeScript solves this problem with definition files. A TypeScript definition file describes all the functions of a library and its expected input and output types. When library authors bundle a TypeScript definition file with their published library, consumers of that library can explore its API right inside their editor and start using it right away, often without needing to consult the library's documentation.

许多热门项目，例如 Angular、Vue.js、node-github（现在还有 Electron！），都编译了自己的定义文件，并将其与已发布的 npm 包打包在一起。对于未打包自身定义文件的项目，可以使用 DefinitelyTyped，这是一个由社区维护的定义文件的第三方生态系统。

¥Many popular projects like Angular, Vue.js, node-github (and now Electron!) compile their own definition file and bundle it with their published npm package. For projects that don't bundle their own definition file, there is DefinitelyTyped, a third-party ecosystem of community-maintained definition files.

安装​

¥Installation

从 1.6.10 版本开始，每个 Electron 版本都包含自己的 TypeScript 定义文件。当你从 npm 安装 electron 包时，electron.d.ts 文件会自动与已安装的包打包在一起。

¥Starting at version 1.6.10, every release of Electron includes its own TypeScript definition file. When you install the electron package from npm, the electron.d.ts file is bundled automatically with the installed package.

用于安装 Electron 的 最安全的方式 使用确切的版本号：

¥The safest way to install Electron is using an exact version number:

npm install electron --save-dev --save-exact

或者，如果你正在使用 yarn：

¥Or if you're using yarn:

yarn add electron --dev --exact

如果你已经在使用 @types/electron 和 @types/node 等第三方定义，你应该将它们从你的 Electron 项目中删除，以防止任何冲突。

¥If you were already using third-party definitions like @types/electron and @types/node, you should remove them from your Electron project to prevent any collisions.

定义文件源自我们的 结构化 API 文档，因此它将始终与 Electron API 文档 保持一致。只需安装 electron，你将始终获得与你正在使用的 Electron 版本同步的 TypeScript 定义。

¥The definition file is derived from our structured API documentation, so it will always be consistent with Electron's API documentation. Just install electron and you'll always get TypeScript definitions that are up to date with the version of Electron you're using.

用法​

¥Usage

如需了解如何安装和使用 Electron 新的 TypeScript 注释，请观看此简短的演示截屏视频：

¥For a summary of how to install and use Electron's new TypeScript annotations, watch this short demo screencast:

如果你正在使用 Visual Studio Code，则说明你已经内置了 TypeScript 支持。社区维护的 Atom、Sublime、vim 和 其他编辑器 插件也同样如此。

¥If you're using Visual Studio Code, you've already got TypeScript support built in. There are also community-maintained plugins for Atom, Sublime, vim, and other editors.

一旦你的编辑器配置为 TypeScript，你将开始看到更多上下文感知行为，例如自动补齐建议、内联方法引用、参数检查等等。

¥Once your editor is configured for TypeScript, you'll start to see more context-aware behavior like autocomplete suggestions, inline method reference, argument checking, and more.

TypeScript 入门​

¥Getting started with TypeScript

如果你是 TypeScript 新手，并且想要了解更多信息，那么这篇 来自微软的介绍视频 文章会很好地概述这门语言的诞生原因、工作原理、使用方法以及未来发展方向。

¥If you're new to TypeScript and want to learn more, this introductory video from Microsoft provides a nice overview of why the language was created, how it works, how to use it, and where it's headed.

TypeScript 官方网站上也有 handbook 和 playground 模块。

¥There's also a handbook and a playground on the official TypeScript website.

由于 TypeScript 是 JavaScript 的超集，因此你现有的 JavaScript 代码已经是有效的 TypeScript。这意味着你可以逐步将现有的 JavaScript 项目过渡到 TypeScript，并根据需要添加新的语言特性。

¥Because TypeScript is a superset of JavaScript, your existing JavaScript code is already valid TypeScript. This means you can gradually transition an existing JavaScript project to TypeScript, sprinkling in new language features as needed.

致谢​

¥Thanks

如果没有 Electron 开源维护者社区的帮助，这个项目是不可能实现的。感谢 Samuel Attard、Felix Rieseberg、Birunthan Mohanathas、Milan Burda、Brendan Forster 以及其他许多开发者修复了错误、改进了文档并提供技术指导。

¥This project would not have been possible without the help of Electron's community of open-source maintainers. Thanks to Samuel Attard, Felix Rieseberg, Birunthan Mohanathas, Milan Burda, Brendan Forster, and many others for their bug fixes, documentation improvements, and technical guidance.

支持​

¥Support

如果你在使用 Electron 的新 TypeScript 定义文件时遇到任何问题，请在 electron-typescript-definitions 代码库中提交问题。

¥If you encounter any issues using Electron's new TypeScript definition files, please file an issue on the electron-typescript-definitions repository.

祝你 TypeScript 愉快！

¥Happy TypeScripting!

本周，我们采访了 Jasper 的创建者，Jasper 是一款基于 Electron 的 GitHub 通知管理工具。

¥This week we interviewed the creator of Jasper, an Electron-based tool for managing GitHub notifications.

你好！你是谁？​

¥Hello! Who are you?

我是 Ryo Maruyama，日本的一名软件开发者。我正在开发 Jasper 和 ESDoc。

¥I'm Ryo Maruyama, a software developer in Japan. I am developing Jasper and ESDoc.

什么是 Jasper？​

¥What is Jasper?

Jasper 是一个灵活而强大的 GitHub 问题阅读器。它支持 github.com 和 GitHub Enterprise 上的 issue 和 pull request。

¥Jasper is a flexible and powerful issue reader for GitHub. It supports issues and pull requests on github.com and GitHub Enterprise.

为什么要这样做？​

¥Why did you make it?

当人们在工作或 OSS 活动中使用 GitHub 时，他们往往每天都会收到许多通知。作为订阅通知的方式，GitHub 提供了电子邮件和 网页通知。我使用了这些版本几年，但遇到了以下问题：

¥When people use GitHub in their job or OSS activities, they tend to receive many notifications on a daily basis. As a way to subscribe to the notifications, GitHub provides email and web notifications. I used these for a couple of years, but I faced the following problems:

• 我很容易忽略别人提到我、我评论过或我正在关注的问题。

  ¥It's easy to overlook issues where I was mentioned, I commented, or I am watching.

• 我把一些问题记在脑子里，以便以后检查，但有时我会忘记它们。

  ¥I put some issues in a corner of my head to check later, but I sometimes forget about them.

• 为了避免忘记问题，我会在浏览器中保持多个标签页打开。

  ¥To not forget issues, I keep many tabs open in my browser.

• 很难检查所有与我相关的问题。

  ¥It's hard to check all issues that are related to me.

• 很难掌握团队的所有活动。

  ¥It's hard to grasp all of my team's activity.

我花费了大量时间和精力来避免这些问题，因此我决定为 GitHub 创建一个问题阅读器来有效地解决这些问题，并开始开发 Jasper。

¥I was spending a lot of time and energy trying to prevent those problems, so I decided to make an issue reader for GitHub to solve these problems efficiently, and started developing Jasper.

谁在使用 Jasper？​

¥Who's using Jasper?

Jasper 已被多家使用 GitHub 的公司的开发者、设计师和经理所采用。当然，一些 OSS 开发者也在使用它。GitHub 上的一些人也在使用它！

¥Jasper is used by developers, designers, and managers in several companies that are using GitHub. Of course, some OSS developers also are using it. And it is also used by some people at GitHub!

Jasper 如何工作？​

¥How does Jasper work?

Jasper 配置完成后，将出现以下屏幕。从左到右，你可以看到 "流列表"、"问题列表" 和 "问题正文"。

¥Once Jasper is configured, the following screen appears. From left to right, you can see "streams list", "issues list" and "issue body".

此 "stream" 是 Jasper 的核心功能。例如，如果你想查看 "在 electron/electron 代码库中分配给 @zeke 的问题"，你可以创建以下流：

¥This "stream" is the core feature of Jasper. For example, if you want to see "issues that are assigned to @zeke in the electron/electron repository", you create the following stream:

repo:electron/electron assignee:zeke is:issue

创建流并等待几秒钟后，你可以看到符合条件的问题。

¥After creating the stream and waiting for a few seconds, you can see the issues that meet the conditions.

我们能用流做什么？​

¥What can we do with streams?

我将介绍哪些类型的条件可用于流。

¥I will introduce what kind of conditions can be used for stream.

用户和团队​

¥Users and Teams

involves 表示 mention、author、assignee 或 commenter

¥involves means mention, author, assignee or commenter

代码库和组织​

¥Repositories and Organizations

org 与 user 相同

¥org is same as user

属性​

¥Attributes

审核状态​

¥Review Status

你可能已经注意到，流可以使用 GitHub 的搜索查询。有关如何使用流和搜索查询的详细信息，请参阅以下 URL。

¥As you may have noticed by looking at these, streams can use GitHub's search queries. For details on how to use streams and search queries, see the following URLs.

• jasperapp.io/doc.html#stream

• help.github.com/articles/searching-issues

• help.github.com/articles/search-syntax

Jasper 还具有未读问题管理、未读评论管理、标记星标、通知更新、问题过滤、键盘快捷键等功能。

¥Jasper also has features for unread issue management, unread comment management, marking stars, notification updating, filtering issues, keyboard shortcuts, etc.

Jasper 是付费产品吗？费用是多少？​

¥Is Jasper a paid product? How much does it cost?

Jasper 售价 12 美元。但是，你可以使用 免费试用版 30 天。

¥Jasper is $12. However you can use the free trial edition for 30 days.

为什么选择在 Electron 上构建 Jasper？​

¥Why did you choose to build Jasper on Electron?

我喜欢 Electron 的以下几个方面：

¥I like the following aspects of Electron:

• 应用可以使用 JavaScript/CSS/HTML 开发。

  ¥Apps can be developed with JavaScript/CSS/HTML.

• 应用可以构建于 Windows、Mac 和 Linux 平台。

  ¥Apps can be built for Windows, Mac, and Linux platforms.

• Electron 正在积极开发中，并拥有庞大的社区。

  ¥Electron is actively developed and has a large community.

这些功能使快速简便的桌面应用开发成为可能。太棒了！如果你有任何产品创意，请务必考虑使用 Electron。

¥These features enable rapid and simple desktop application development. It is awesome! If you have any product idea, you should consider using Electron by all means.

在开发 Jasper 的过程中，你遇到了哪些挑战？​

¥What are some challenges you've faced while developing Jasper?

我费了好大劲才弄清楚 "stream" 的概念。起初我考虑使用 GitHub 的 通知 API。但是我注意到它不支持某些用例。之后，除了通知 API 之外，我还考虑使用 问题 API 和 拉取请求 API。但它从未达到我的预期。然后，在思考各种方法时，我意识到轮询 GitHub 的 搜索 API 将提供最大的灵活性。我花了大约一个月的时间进行实验才达到这个目标，然后我用两天时间实现了一个带有流概念的 Jasper 原型。

¥I had a hard time figuring out the "stream" concept. At first I considered using GitHub's Notifications API. However I noticed that it does not support certain use cases. After that I considered using the Issues API and Pull Requests API, in addition to the Notification API. But it never became what I wanted. Then while thinking about various methods, I realized that polling GitHub's Search API would offer the most flexibility. It took about a month of experimentation to get to this point, then I implemented a prototype of Jasper with the stream concept in two days.

注意：轮询次数最多限制为每 10 秒一次。这对于 GitHub API 的限制来说已经足够了。

¥Note: The polling is limited to once every 10 seconds at most. This is acceptable enough for the restriction of GitHub API.

下一步计划是什么？​

¥What's coming next?

我计划开发以下功能：

¥I have a plan to develop the following features:

• 过滤流：流中包含一些经过过滤的流，用于过滤流中的问题。它就像 SQL 的视图。

  ¥A filtered stream: A stream has some filtered stream that filter issues in the stream. It is like as view of SQL.

• 多个账户：你将能够同时使用 github.com 和 GHE

  ¥Multiple accounts: you will be able to use both github.com and GHE

• 提升性能：目前，WebView 的加载速度比普通浏览器慢。

  ¥Improve performance: For now the loading a issue in WebView is low speed than normal browser.

在 Twitter 上关注 @jasperappio 获取最新动态。

¥Follow @jasperappio on Twitter for updates.