Electron.exe[..., node.exe, ...] or nah?


do electron apps ship nodejs, within thier files or are they installed and used without installing node on the user computer ?


Node is contained inside the Electron application, the end user shouldn’t need to install it themselves.


so, does node open up port 4000 on any users computer ? and wouldn’t that be a vulnerability ?


Not that I know of. It’s really hard to talk about vulnerabilities in hypothetical situations that don’t have many specifics. Technically, having your computer on is a vulnerability.