Complete Guide to Electron App Packaging: Deployment Strategies with electron-builder

Choosing Electron Packaging Tools: electron-builder vs electron-forge

When packaging Electron applications into distributable formats, two primary tools are available: electron-builder and electron-forge. electron-builder adopts a configuration-based approach, automatically executing the build process based on specifications in package.json or dedicated configuration files. electron-forge, conversely, features a plugin-centric design enabling more flexible customization. Software companies in Shinagawa and Minato wards have high adoption rates of electron-builder, particularly valuing its ability to support diverse platforms with simple configuration. electron-builder supports NSIS, Squirrel, and MSI for Windows, DMG and PKG for macOS, and various Linux package formats, easily achieving cross-platform builds. When prioritizing development efficiency, electron-builder is often the optimal choice.

Basic electron-builder Configuration and Project Structure

To implement electron-builder, first install it as a development dependency using npm or yarn. In the "build" section of package.json, define basic information such as application ID, product name, copyright information, and output directory. The appId serves as a unique identifier, used for macOS bundle ID and Windows application identification, typically specified in "com.company.appname" format. Startups in Shibuya ward increasingly use domain-based appIds for branding purposes. File placement control utilizes "files" and "extraResources" options to clearly define included and excluded files in distribution packages. Excluding unnecessary packages from node_modules can significantly reduce installer size.

Creating and Customizing Windows Installers

For Windows platforms, multiple installer formats are available including NSIS, Squirrel.Windows, and MSI. NSIS is the most common choice, offering high customizability with fine control over installation wizard appearance and behavior. Squirrel.Windows has strong compatibility with auto-update features, providing seamless update experiences. MSI is suitable for enterprise environment group policy deployment, with medium-sized companies in Setagaya and Meguro wards selecting MSI format for centralized IT department deployment. The electron-builder "win" section configures target architectures (x64, ia32, arm64), installer icons, signing certificates, and file associations. The "nsis" option controls detailed behaviors including installation directory customization, start menu registration, and desktop shortcut creation.

Building macOS DMG and PKG Installers

macOS application distribution primarily uses two formats: DMG (disk images) and PKG (installer packages). DMG is most common, with simple installation completed by dragging the application to the Applications folder. electron-builder allows customization of DMG background images, window sizes, and icon placement. PKG is used when system-level installation or uninstall script execution is required. Security companies in Minato ward and research institutions in Ota ward adopt PKG format for applications requiring specific system settings or permissions. macOS-specific settings in the "mac" section specify categories, minimum OS versions, hardware acceleration, and Retina display support. Additionally, application notarization is supported and mandatory for distribution on macOS Catalina and later.

Importance of Code Signing and Security Considerations

Code signing is a critical security mechanism that proves application trustworthiness and guarantees distributor legitimacy. Unsigned applications trigger warnings from Windows SmartScreen and macOS Gatekeeper, potentially damaging user trust. Windows uses code signing certificates (PFX or PEM files) obtained from trusted certificate authorities. Certificates typically come in two types: Standard Code Signing and Extended Validation (EV) Code Signing, with EV certificates immediately trusted while Standard certificates may display warnings until sufficient reputation is established. Software companies in Shinagawa ward increasingly adopt EV certificates prioritizing customer trust. macOS requires Apple Developer Program registration and uses Developer ID Application certificates for application signing. Furthermore, macOS 10.15 and later require notarization, with malware scanning executed on Apple servers.

Windows Code Signing Implementation Procedures

To implement Windows code signing, first purchase a code signing certificate from a trusted certificate authority (DigiCert, Sectigo, GlobalSign, etc.). After obtaining the certificate file (typically PFX format) and password, add them to electron-builder configuration. The common approach uses environment variables to set CSC_LINK (certificate file path) and CSC_KEY_PASSWORD (certificate password), avoiding direct inclusion of this information in source code for security reasons. Security-conscious companies in Shibuya ward manage certificate information using encrypted secret stores in CI/CD environments. The signing process executes automatically during builds, and after completion, right-clicking the exe file and checking properties reveals signature information in the "Digital Signatures" tab. Timestamp server configuration is also important, proving signature validity even after certificate expiration.

macOS Code Signing and Notarization Process

macOS application code signing executes using the codesign tool installed with Xcode. electron-builder automatically detects Developer ID Application certificates stored in the keychain for signing. When multiple certificates are installed, the "mac.identity" option can specify particular certificates. Post-signing, applications must be submitted to Apple's notarization service. The notarization process uses xcrun altool or xcrun notarytool commands, with electron-builder supporting automation through "afterSign" hooks. Integrating libraries like electron-notarize or @electron/notarize incorporates notarization into build pipelines. App development companies in Meguro ward commonly use App-specific passwords for automated notarization. Upon completion, Apple sends email notifications, and the xcrun stapler command staples notarization tickets to applications, enabling verification of notarization status even without internet connectivity.

Implementing Auto-Update Functionality: Leveraging autoUpdater

Electron's autoUpdater module is the official API for implementing automatic application updates. macOS uses Squirrel.Mac, while Windows uses Squirrel.Windows or electron-builder's proprietary NSIS autoUpdater implementation. The basic flow queries the update server for the latest version upon application startup, downloading and installing when new versions are available. When combined with electron-builder, the "publish" section configures update delivery methods. GitHub Releases, Amazon S3, and custom HTTP servers are supported, with SaaS companies in Setagaya ward frequently using private S3 buckets according to security requirements. Client-side implementation imports the electron-updater library and controls the update process by calling methods like checkForUpdates, downloadUpdate, and quitAndInstall. To enhance user experience, implementing UI elements like update notification dialogs, download progress displays, and background updates is recommended.

Delta Updates and Staging Release Strategies

For large Electron applications, full installer downloads are time-consuming, making delta update implementation crucial. electron-builder supports delta updates for Windows NSIS targets and macOS, significantly reducing update time and network bandwidth by downloading only differences from previous versions. Enabling delta updates requires referencing previous release artifacts during builds. Additionally, staged release strategies are recommended, initially distributing new versions to internal users and beta testers before full user rollout after confirming stability. Enterprise software companies in Minato ward operate multiple distribution channels including stable, beta, and alpha using channel functionality. electron-updater supports mechanisms that read channel settings upon application startup and retrieve the latest version for the corresponding channel. Implementing rollback functionality is also important, establishing systems enabling rapid reversion to previous versions when issues occur.

Building CI/CD Pipelines and Automation

Establishing continuous integration and continuous delivery (CI/CD) pipelines enables complete automation of Electron application build, test, signing, and distribution processes. Major CI/CD platforms including GitHub Actions, GitLab CI, CircleCI, and Azure Pipelines support Electron builds. Achieving multi-platform builds requires preparing runner environments corresponding to each OS. GitHub Actions enables builds for all platforms with a single workflow definition by combining ubuntu-latest, macos-latest, and windows-latest runners. DevOps-advanced companies in Ota ward operate fully automated pipelines executing automatic builds and E2E tests for each pull request, generating release builds post-merge. From a security perspective, code signing certificates and API tokens are securely managed using repository secret functionality. Build artifacts automatically upload to artifact stores like GitHub Releases, S3, or Artifactory, establishing environments where users can always access the latest versions.

Electron Deployment Support by Oblight Corporation

Oblight Corporation, based in Shinagawa ward, possesses extensive experience in Electron application packaging, code signing, and auto-update implementation. The company provides end-to-end deployment solutions from efficient build pipeline construction using electron-builder to code signing acquisition support for Windows/macOS platforms and CI/CD environment design and implementation. Particularly for companies with stringent security requirements, Oblight has track records building private update distribution infrastructure and implementing internal distribution systems using enterprise certificates. We broadly support companies throughout Tokyo including Shinagawa, Minato, Shibuya, Setagaya, Meguro, and Ota wards, from technical consulting to implementation assistance. For challenges with Electron application distribution and update strategies, please contact Oblight Corporation. We will construct reliable deployment environments based on the latest best practices.