"With Electron you have full access to Node APIs, so a hacker could easily exploit the very powerful Node APIs."
This is not true, `nodeIntegration` has been disabled by default years ago in Electron 5.0 [1]. The default in Electron 20 will be a sandboxed renderer process that can't even read files from disk [2]. Security in Electron is great if you follow their security guidelines [3].
Having worked on an electron app for several years I can tell you that that's really just laziness by respective dev teams. It's not pretty to use contextBridge and IPC, it just requires some extra work. Electron itself did a great job making this easier and easier over the years.
Having worked as a developer for several years I can tell you that you should never underestimate both the time pressure our professional peers are under and their laziness. If I can hit the deadline by sitting that bool true, vs spend a week learning a new tech while I have 4 other "Critical" tickets in queue. I'll probably set the bool to true and so penance for it later.
Yeah, it's a sad reality. Thankfully the market is good enough that we have the chance to choose a job where we can make these decisions ourselves and live up to a higher standard.
This is not true, `nodeIntegration` has been disabled by default years ago in Electron 5.0 [1]. The default in Electron 20 will be a sandboxed renderer process that can't even read files from disk [2]. Security in Electron is great if you follow their security guidelines [3].
[1] https://www.electronjs.org/docs/latest/breaking-changes#plan...
[2] https://www.electronjs.org/docs/latest/breaking-changes#plan...
[3] https://www.electronjs.org/docs/latest/tutorial/security