takazudo/dev-electron
skills/dev-electron/SKILL.md
Electron app development patterns for thin wrapper apps around dev servers. Use when: (1) Building Electron apps as thin wrappers around web apps, (2) Managing dev server processes in Electron, (3) Handling nodenv/anyenv PATH issues in spawned processes, (4) Packaging with electron-builder, (5) Sharing modules across multiple Electron apps (extraResources), (6) Dynamic project root resolution in packaged apps, (7) Opening external links in default browser.
$ install --global
skillsauthnpx skillsauth add takazudo/claude-resources dev-electronInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 8, 2026, 4:26 AM154.2s4 files scanned
SKILL.md
- name:
- dev-electron
- description:
- Electron app development patterns for thin wrapper apps around dev servers. Use when: (1) Building Electron apps as thin wrappers around web apps, (2) Managing dev server processes in Electron, (3) Handling nodenv/anyenv PATH issues in spawned processes, (4) Packaging with electron-builder, (5) Sharing modules across multiple Electron apps (extraResources), (6) Dynamic project root resolution in packaged apps, (7) Opening external links in default browser.
Electron Development
Common Pattern: Thin Wrapper App
Electron as thin wrapper around a dev server (e.g., Vite, Docusaurus):
- Show splash screen
- Spawn dev server as background process
- Wait for server ready
- Show BrowserWindow pointing to localhost URL
- Clean up server on quit
See references/background-process.md for implementation.
BrowserWindow Setup
Load the dev server URL directly in BrowserWindow (no webview, no tabs):
const { BrowserWindow, shell } = require("electron");
function createMainWindow(devServerUrl) {
const win = new BrowserWindow({
width: 1200,
height: 800,
title: "My App",
show: false,
webPreferences: {
nodeIntegration: false,
contextIsolation: true,
},
});
win.loadURL(devServerUrl);
win.once("ready-to-show", () => win.show());
// Open external links in default browser
const devServerOrigin = new URL(devServerUrl).origin;
win.webContents.setWindowOpenHandler(({ url }) => {
try {
const parsed = new URL(url);
if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
return { action: "deny" };
}
if (parsed.origin !== devServerOrigin) {
shell.openExternal(url);
return { action: "deny" };
}
} catch {
// Invalid URL
}
return { action: "deny" };
});
return win;
}
Key points:
- Use
nodeIntegration: false+contextIsolation: true(secure defaults) - Standard
{ role: "reload" }menu items work correctly (they reload the BrowserWindow content directly) - No need for custom IPC, globalShortcut, or webview tags
Menu
Use standard Electron menu roles. No custom IPC needed:
const template = [
{
label: "View",
submenu: [
{ role: "reload" },
{ role: "forceReload" },
{ role: "toggleDevTools" },
],
},
{
label: "Edit",
submenu: [
{ role: "undo" }, { role: "redo" },
{ type: "separator" },
{ role: "cut" }, { role: "copy" }, { role: "paste" },
{ role: "selectAll" },
],
},
{
label: "Window",
submenu: [
{ role: "minimize" },
{ role: "close" },
],
},
];
Packaging & Build
electron-builder: Keep as devDependency (DO NOT use pnpm dlx)
electron-builder has 300+ sub-dependencies. Using pnpm dlx downloads them all on every invocation, making builds extremely slow. Always install it as a devDependency:
{
"devDependencies": {
"electron": "^35.7.5",
"electron-builder": "^26.8.0"
},
"scripts": {
"build": "electron-builder --mac",
"build:dir": "electron-builder --mac --dir"
}
}
Shared Modules: Use extraResources, NOT files glob
// WRONG - shared module won't be in the asar
"files": ["main.js", "../../../shared/module/**/*"]
// CORRECT - copies to app's Resources directory
"extraResources": [{ "from": "../../../shared/module", "to": "module" }]
Then resolve dynamically in main.js:
function getSharedCorePath() {
if (app.isPackaged) {
return path.join(process.resourcesPath, 'electron-app-core');
}
return path.join(__dirname, '..', '..', '..', 'shared', 'electron-app-core');
}
Dynamic Project Root (Don't Hardcode Paths)
Walk up from app.getPath("exe") checking each directory for package.json with the expected project name. This is robust against repo moves and directory restructuring — no fragile .. counting.
function findProjectRootFromExePath() {
let dir = path.dirname(app.getPath("exe"));
const root = path.parse(dir).root;
while (dir !== root) {
if (isProjectRoot(dir)) return dir;
dir = path.dirname(dir);
}
return null;
}
See references/packaging.md for full pattern including isProjectRoot helper.
Critical Pitfalls
Open External Links in Default Browser (Cmd+Click)
Electron doesn't open links in the system browser by default. Use setWindowOpenHandler to intercept Cmd+click and route external URLs to the default browser via shell.openExternal. See BrowserWindow Setup above.
Validate URL protocol (allow only http: and https:) to prevent javascript: or other protocol injection.
Dev Server: Kill Stale Port Before Start
When the app crashes or is force-quit, the old dev server process may survive and hold the port. On next launch the new server can't bind, causing a timeout. Kill any existing process on the port before spawning:
const { execSync } = require("child_process");
function killProcessOnPort(port) {
try {
const output = execSync(`lsof -ti tcp:${port}`, { encoding: "utf-8" });
const pids = output.trim().split("\n").filter(Boolean);
for (const pid of pids) {
process.kill(Number(pid), "SIGKILL");
}
} catch {
// No process on port - fine
}
}
Dev Server: Health Check Must Not Require HTTP 200
When the dev server framework uses a non-root baseUrl (e.g., Docusaurus with baseUrl: "/pj/app/doc/"), the root path / returns 404. Accept any HTTP response as proof the server is alive:
// WRONG - breaks when baseUrl is not "/"
(res) => resolve(res.statusCode === 200)
// CORRECT - any response means server is up
(res) => resolve(res.statusCode > 0)
Dev Server: Default URL Must Include baseUrl
When the framework uses a non-root baseUrl, the default URL must include the full path. Otherwise the app opens to a 404 page:
// WRONG - opens to 404 when baseUrl is "/pj/app/doc/"
const defaultUrl = "http://localhost:3000";
// CORRECT - include the full baseUrl path
const defaultUrl = "http://localhost:3000/pj/app/doc/";
Dev Server: Avoid Transient Errors During File Regeneration
When regenerating files that a running dev server watches, write new files before deleting stale ones. If you delete first, the dev server sees missing files and shows errors.
nodenv/anyenv PATH Issues
Spawned processes don't inherit version managers. Source shell profile first. See references/background-process.md.
Detailed References
- Packaging & build: references/packaging.md - pnpm dlx, extraResources, dynamic project root
- Background process & dev server: references/background-process.md - Spawn, wait, cleanup
Related Skills
takazudo/dev-linkify-cc-resources
development
VerifiedTrustedCommunity
Link Claude Code skill names mentioned in a CodeGrid article (data/{series}/{n}.md) to the author's public claude-resources repo, pinned to the latest commit hash so links don't rot. Use when: (1) user says 'linkify cc resources', 'link the skills', 'link skill names', or invokes /dev-linkify-cc-resources; (2) editing a CodeGrid article that mentions `/commits`, `/pr-complete`, `/skill-creator` or other Claude Code skills and they should point to claude-resources. Only links skills that actually exist in the public repo; skips hypothetical examples and code blocks.
10SKILL.mdUpdated Jun 2, 2026
takazudo/opus-2nd
development
VerifiedTrustedCommunity
Second opinion from Claude Opus on a plan or approach. Use when: (1) Planning phase of /big-plan needs a higher-quality review than /codex-2nd / /gco-2nd, (2) User says 'opus 2nd' or 'opus opinion', (3) Wanting Anthropic's larger model to critique a plan. Spawns a general-purpose Agent with model: opus that reads the plan file and returns structured feedback. Anthropic quota — not free.
10SKILL.mdUpdated May 29, 2026
takazudo/dev-ai-based-test
tools
VerifiedTrustedCommunity
AI-based testing via subagent + a per-task test-flow skill. Use when the user wants to verify something that mechanical assertions can't fully capture — image recognition, visual size/position comparison, animation smoothness, multi-step manual flows that need AI judgment. Triggers: 'AI-based test', 'AI test', 'visual verify', 'image recognition test', 'manual operation test', 'human-eye check', 'verify visually', 'compare screenshots', 'looks the same', 'looks correct'. The skill's job is to (1) author a focused test-flow skill that captures the exact procedure + verdict criteria, then (2) dispatch a verification subagent via the Agent tool that loads BOTH the test-flow skill AND a browser-driving skill (/verify-ui primary, /headless-browser fallback) so the subagent has clear context and consistent verdicts. NEVER uses `claude -p` — subagent dispatch goes through the Agent tool exclusively.
10SKILL.mdUpdated May 29, 2026
takazudo/cleanup-resources
development
VerifiedTrustedCommunity
End-of-workflow audit of touched GitHub issues, PRs, and branches via a Sonnet subagent. Use when: (1) /big-plan, /x-as-pr, or /x-wt-teams finishes its main work and needs to verify every touched resource is in the right state (closed when done, kept when ongoing, deleted when dead), (2) User says 'cleanup resources', 'audit cleanup', or 'check what should be closed', (3) A long workflow ends and the manager wants a structured paper trail of what it closed/kept/deleted. Auto-execute by default — the Sonnet agent proposes, the manager (you) executes safe actions and prints a final report.
10SKILL.mdUpdated May 29, 2026