They could use NW.js instead, which stays up-to-date with the latest Chromium version, including security updates. They usually release on the same day as Chromium. https://nwjs.io/blog/

This is interesting, I feel like NW.js has lost the war against Electron, but I haven't closely been following the topic. Can anyone summarize the latest common opinion on the subject?

There was a period in late 2014-early 2015 where NW.js stagnated, but since then it's been very actively developed. I found this 2016 comparison pretty even-handed and comprehensive; it'd be nice to see an updated version for 2017. http://tangiblejs.com/posts/nw-js-and-electron-compared-2016...

I suspect most electron devs haven't even heard of NW.js even though it came first, so there wouldn't even be any comparison to begin with.

Good answer. Some are just good at putting down solutions, and don't even have the courage to suggest alternatives.

Wire is a competitive messenger. One employee there writes a native app with Rust and Gtk. Seems to be something like a voluntary 20% protect though.

https://github.com/wireapp/coax

So you are suggesting they drop a battle-tested, production ready solution currently powering hundreds of apps (https://electron.atom.io/apps/) for one in beta that the developers warn in large capital letters "use at your own risk, still under development"?!

They could try not writing it in javascript and actually make a native application instead hiding behind semantics.

Still not anwering the question though, are you?

Write native code without Electron, Chrome, other random attack vectors?

In what, specifically? Name just one platform without these "random attack vectors".