Skip to main content
Information on this page has been adapted from the official @electron/fuses integration and Electron tutorial.

What are Fuses?

For a subset of Electron functionality, it makes sense to disable certain features for an entire application. For example, 99% of apps don’t make use of ELECTRON_RUN_AS_NODE, and these applications want to ship a binary that is incapable of using that feature. Fuses are “magic bits” in the Electron binary that can be flipped when packaging your Electron app to enable or disable certain features and restrictions. Because they are flipped at package time before you code sign your app, the operating system becomes responsible for ensuring those bits aren’t flipped back via OS-level code signing validation (Gatekeeper / App Locker).

Configuration

electron-builder leverages the official @electron/fuses module to make flipping fuses easy. You can configure fuses using the electronFuses configuration property.

Using electronFuses Configuration

The true/false values below are just examples. Customize your configuration to match your own requirements.
electronFuses: {
  runAsNode: false,
  enableCookieEncryption: true,
  enableNodeOptionsEnvironmentVariable: false,
  enableNodeCliInspectArguments: false,
  enableEmbeddedAsarIntegrityValidation: true,
  onlyLoadAppFromAsar: true,
  loadBrowserProcessSpecificV8Snapshot: false,
  grantFileProtocolExtraPrivileges: false
}

Using afterPack Hook

You can also configure fuses in the afterPack hook for more advanced customization. electron-builder exposes a convenience method in the PlatformPackager that accepts an AfterPackContext and a FuseConfig object. This method allows you to:
  • Provide custom FuseConfig objects
  • Use strictlyRequireAllFuses to monitor your fuses and stay up-to-date as new fuses are released
  • Force override the version of @electron/fuses in electron-builder
afterPack.ts
const { FuseConfig, FuseVersion, FuseV1Options } = require("@electron/fuses")

exports.default = function (context: AfterPackContext) {
  const fuses: FuseConfig = {
    version: FuseVersion.V1,
    strictlyRequireAllFuses: true,
    [FuseV1Options.RunAsNode]: false,
    // ... all other flags must be specified since `strictlyRequireAllFuses = true`
  }
  await context.packager.addElectronFuses(context, fuses)
}

Available Fuses

runAsNode
boolean
Disables the ELECTRON_RUN_AS_NODE environment variable, which allows running the Electron app as a Node.js script.
enableCookieEncryption
boolean
Enables encryption for cookies stored by Electron.
enableNodeOptionsEnvironmentVariable
boolean
Controls whether the NODE_OPTIONS environment variable is respected.
enableNodeCliInspectArguments
boolean
Controls whether Node.js CLI inspect arguments (like --inspect) are enabled.
enableEmbeddedAsarIntegrityValidation
boolean
Enables validation of the ASAR archive integrity to prevent tampering.
onlyLoadAppFromAsar
boolean
Forces the app to load only from the ASAR archive, ignoring unpacked files.
loadBrowserProcessSpecificV8Snapshot
boolean
Loads a browser-process-specific V8 snapshot for faster startup.
grantFileProtocolExtraPrivileges
boolean
Controls whether the file protocol has extra privileges.

Validating Fuses

You can validate that fuses have been flipped correctly or check the fuse status of any Electron app using the fuses CLI: 
npx @electron/fuses read --app /Applications/Foo.app

Next Steps

Configuration Reference

View all configuration options including electronFuses

Build Hooks

Learn more about afterPack and other build hooks

Build docs developers (and LLMs) love

Get started for freeTalk to us