We're excited to announce that the Secure Electron Adapter, contributed by ChartIQ, is now available as a FINOS hosted project at https://github.com/finos/secure-electron-adapter, with the accompanying documentation website here: https://sea.finos.org/
Authors: Kris West & Ian Mesner - ChartIQ
The Secure Electron Adapter (SEA) targets the need for a completely open source means of developing secure, enterprise-class desktop applications. This technology is the means to host Web technology based (HTML5) applications directly on a computer desktop (versus within a consumer Web browser like Chrome or Edge). Specifically, this contribution offers a means to use Electron in a secured manner, making its use appropriate for the financial institution.
SEA provides a secure alternative to working directly with the Electron API. It acts as a firewall, intermediating API calls within a permission structure that obviates the risk of running third party content in a desktop agent.
It is open source, requiring no commercial software, relying exclusively on Electron and other NPM dependencies. Please see the `validate-license` npm script for an audit of the licenses used among dependencies.
The SEA project adheres to all of Electron's security recommendations by default and allows a developer to easily use common functionality that would otherwise require writing custom IPC messages in order to adhere to these recommendations.
Architecturally, SEA is a JavaScript adapter, giving access to Electron window-manipulation and OS capabilities, via a disintermediation of the actual Electron APIs for security reasons. Access to the Node main process is restricted and security profiles have been provided and configured according to recommended practice. The framework provides an inter-application communication facility hosted from within the Electron main process.
Interested in this FINOS open source project, or any of our other projects? Click the link below to see how to get involved in the FINOS Community.