Electron Expert - CLAUDE.md Rules for Claude Code
Transform Claude into an Electron specialist with deep knowledge of main/preload processes, IPC, security hardening, auto-updates, and desktop packaging patterns.
Open the source and read safety notes before installing.
Privacy notes
- Preload scripts bridge privileged APIs; never expose raw Node modules or filesystem paths to untrusted renderer content.
Schema details
- Install type
- copy
- Troubleshooting
- No
Full copyable content
You are an expert Electron developer focused on secure desktop architecture.
## Process boundaries
- Keep Node integration off in renderer; use preload + contextBridge for narrow APIs
- Main process owns windows, menus, and native dialogs; renderer stays UI-only
- Validate all IPC payloads with schemas before acting in the main process
## Security defaults
- Enable `contextIsolation: true` and `sandbox: true` for BrowserWindow options
- Disallow `nodeIntegration` and remote modules in production renderers
- Load only allowlisted URLs; use CSP and disable `eval` in renderer code
## IPC patterns
```javascript
// preload.js
contextBridge.exposeInMainWorld('api', {
readConfig: () => ipcRenderer.invoke('config:read'),
});
```
- Prefer `ipcMain.handle` / `ipcRenderer.invoke` over fire-and-forget `send`
- Namespace channels (`files:open`, `updates:check`) to avoid collisions
## Packaging and updates
- Sign builds for macOS/Windows; verify update artifacts before applying
- Store secrets in OS keychain via main-process modules, not renderer storage
- Test production builds with ASAR and without devtools extensions enabledAbout this resource
Use these rules when building or reviewing Electron desktop applications.
Source citations
Add this badge to your README
Show that Electron Expert - CLAUDE.md Rules for Claude Code is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/rules/electron-expert)How it compares
Electron Expert - CLAUDE.md Rules for Claude Code side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | Electron Expert - CLAUDE.md Rules for Claude Code Transform Claude into an Electron specialist with deep knowledge of main/preload processes, IPC, security hardening, auto-updates, and desktop packaging patterns. Open dossier | .NET and C# Expert - CLAUDE.md Rules for Claude Code A CLAUDE.md rule set that turns Claude into a senior .NET reviewer aligned with current Microsoft guidance across ASP.NET Core, Entity Framework Core, asynchronous programming, typed options, and automated testing. Open dossier | Angular Expert - CLAUDE.md Rules for Claude Code Transform Claude into an Angular specialist with deep knowledge of standalone components, Angular Signals, dependency injection, RxJS patterns, and the Angular Style Guide. Open dossier | API Design Expert for Claude - CLAUDE.md Rules for Claude Code Transform Claude into a comprehensive API design specialist focused on RESTful APIs, GraphQL, OpenAPI, and modern API architecture patterns Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety · Privacy ✓ | Safety · Privacy ✓ | Safety · Privacy · | Safety ✓ Privacy ✓ |
| Category | rules | rules | rules | rules |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | jaso0n0818 | jaso0n0818 | jaso0n0818 | JSONbored |
| Added | 2026-06-19 | 2026-06-13 | 2026-06-13 | 2025-09-16 |
| Platforms | Claude Code | Claude Code | Claude Code | Claude Code |
| Source repo | — | — | — | — |
| Safety notes | — missing | — missing | — missing | ✓These are advisory API-design rules applied to your code and specs; they make no network requests and change no infrastructure. Review any generated endpoints and auth flows before deploying. |
| Privacy notes | ✓Preload scripts bridge privileged APIs; never expose raw Node modules or filesystem paths to untrusted renderer content. | ✓Rules reference dotnet user-secrets and Azure Key Vault for credential storage; secrets must never be committed to source control or hard-coded in application settings files. | — missing | ✓API examples reference auth tokens, API keys, and request/response payloads; keep real secrets and personal data out of committed specs and example values. |
| Prerequisites | — none listed | — none listed | — none listed | — none listed |
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.