>To make things even more complicated Electron (Chrome and Node based local Web application) lets you build >HTML based applications that can access client side resources. Electron is a decent choice if you're familiar >with Web technology, but you basically are responsible for the entirety of your UI and framework. There's no >real UI framework and you have to fall back to using something like Bootstrap or Material design etc. for >providing you the base UI features which tend to be un-desktop like. I've started Electron projects on a few >occasions and abandoned them because it was just too much work to deal with the UI. On the upside Electron >apps can be cross-platform although to do that right and deal with OS specific features can be a huge time sink >as well.

I did not have issues with the UI side that was easy and worked out very well due to the fact there are so many UI controls available (most are free). And of course the use of Node allowed direct access to the desktop, servers, printing, etc.. And as far as OS specific features - I just used node to handle all of it. My issue was security. I soon discovered that it was very easy to have javascript injection. That said, recently the Electron folks has issued updates that may have solved the issue - at least they claim they have it fixed.

My concern about javascript injection was real due to the fact that I did NOT use a restful API to access data. I realized very quickly that I did not need to use a restful API when I had a direct connection in node. So being the lazy programmer I said why not use direct SQL. That decision was not the best as it opened the door to hackers (not sql injection but javascript injection). It was very easy to inject a javacript function to allow access to the data. Don't mis-understand I still was able to deploy - it's just that I have concerns.

If by chance you are not aware of javascript injection just google it.

Johnf