npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

electron-notarize-dmg

v1.0.0

Published

Notarize your Electron DMG

Downloads

136

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

hugozaphugozap

Keywords

Readme

Electron Notarize fork for notarizing dmg files

Fork update notes

This fork changes a few lines to allow notarizing dmg files.

  • Does not zip the dmg file before sending it to apple.
  • Changes appPath parameter to dmgPath.
  • added boolean parameter "staple" (default: true)

Keep in mind that stapling the dmg file changes its contents so you have to update the blockmap and auto update files.

(You can notarize and not staple to keep the file intact. This would require end users to have connectivity to validate the file)

Usage:

(Use dmgPath instead of appPath)

return await notarize({
    appBundleId: THE APP BUNDLE ID TO USE,
    dmgPath: dmgPath,
    appleId: THE APPLE ID,
    appleIdPassword: PASSWORD,
    staple: true,
  });

Using as a hook with electron builder

Create a new file and set it as a hook after building all artifacts.

Example:

require("dotenv").config();
const { notarize } = require("electron-notarize-dmg");
const config = require("../package.json");

exports.default = async function notarizing(context) {
  console.log("Notarizing DMG...");

  const dmgPath = context.artifactPaths.find(p => p.endsWith(".dmg"));
  if(!dmgPath)
    return;

  return await notarize({
    appBundleId: config.build.appId,
    dmgPath: dmgPath,
    appleId: process.env.APPLEID,
    appleIdPassword: process.env.APPLEIDPASS
  });
};

The rest of the code is the same.

---------------Original README--------------------

Notarize your Electron apps seamlessly for macOS

CircleCI status NPM package

Installation

# npm
npm install electron-notarize --save-dev

# yarn
yarn add electron-notarize --dev

What is app "notarization"?

From Apple's docs in XCode:

A notarized app is a macOS app that was uploaded to Apple for processing before it was distributed. When you export a notarized app from Xcode, it code signs the app with a Developer ID certificate and staples a ticket from Apple to the app. The ticket confirms that you previously uploaded the app to Apple.

On macOS 10.14 and later, the user can launch notarized apps when Gatekeeper is enabled. When the user first launches a notarized app, Gatekeeper looks for the app’s ticket online. If the user is offline, Gatekeeper looks for the ticket that was stapled to the app.

Apple has made this a hard requirement as of 10.15 (Catalina).

Prerequisites

For notarization, you need the following things:

  1. Xcode 10 or later installed on your Mac.
  2. An Apple Developer account.
  3. An app-specific password for your ADC account’s Apple ID.
  4. Your app may need to be signed with hardened-runtime and the following entitlements:
    1. com.apple.security.cs.allow-jit
    2. com.apple.security.cs.allow-unsigned-executable-memory

API

Method: notarize(opts): Promise<void>

  • options Object
    • appBundleId String - The app bundle identifier your Electron app is using. E.g. com.github.electron
    • appPath String - The absolute path to your .app file
    • ascProvider String (optional) - Your Team Short Name.
    • There are two methods available: user name with password:
      • appleId String - The username of your apple developer account
      • appleIdPassword String - The password for your apple developer account
    • ... or apiKey with apiIssuer:
      • appleApiKey String - Required for JWT authentication. See Note on JWT authentication below.
      • appleApiIssuer String - Issuer ID. Required if appleApiKey is specified.

Safety when using appleIdPassword

  1. Never hard code your password into your packaging scripts, use an environment variable at a minimum.
  2. It is possible to provide a keychain reference instead of your actual password (assuming that you have already logged into the Application Loader from Xcode). For example:
const password = `@keychain:"Application Loader: ${appleId}"`;

Another option is that you can add a new keychain item using either the Keychain Access app or from the command line using the security utility:

security add-generic-password -a "AC_USERNAME" -w <app_specific_password> -s "AC_PASSWORD"

where AC_USERNAME should be replaced with your Apple ID, and then in your code you can use:

const password = `@keychain:AC_PASSWORD`;

Notes on JWT authentication

You can obtain an API key from Appstore Connect. Create a key with App Manager access. Note down the Issuer ID and download the .p8 file. This file is your API key and comes with the name of AuthKey_<api_key>.p8. This is the string you have to supply when calling notarize.

Based on the ApiKey, altool will look in the following places for that file:

  • ./private_keys
  • ~/private_keys
  • ~/.private_keys
  • ~/.appstoreconnect/private_keys

Notes on your Team Short Name

If you are a member of multiple teams or organizations, you have to tell Apple on behalf of which organization you're uploading. To find your team's short name), you can ask iTMSTransporter, which is part of the now deprecated Application Loader as well as the newer Transporter.

With Transporter installed, run:

/Applications/Transporter.app/Contents/itms/bin/iTMSTransporter -m provider -u APPLE_DEV_ACCOUNT -p APP_PASSWORD

Alternatively, with older versions of Xcode, run:

/Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/itms/bin/iTMSTransporter -m provider -u APPLE_DEV_ACCOUNT -p APP_PASSWORD

Example Usage

import { notarize } from 'electron-notarize';

async function packageTask () {
  // Package your app here, and code sign with hardened runtime
  await notarize({
    appBundleId,
    appPath,
    appleId,
    appleIdPassword,
    ascProvider, // This parameter is optional
  });
}