Skip to content

Any Windows Target

The top-level win key contains set of options instructing electron-builder on how it should build Windows targets. These options applicable for any Windows target.

  • target = nsis String | TargetConfiguration - The target package type: list of nsis, nsis-web (Web installer), portable (portable app without installation), appx, msi, squirrel, 7z, zip, tar.xz, tar.lz, tar.gz, tar.bz2, dir. AppX package can be built only on Windows 10.

    To use Squirrel.Windows please install electron-builder-squirrel-windows dependency.

  • icon = build/icon.ico String | “undefined” - The path to application icon.

  • legalTrademarks String | “undefined” - The trademarks and registered trademarks.


  • signingHashAlgorithms = ['sha1', 'sha256'] Array<“sha256” | “sha1”> | “undefined” - Array of signing algorithms used. For AppX sha256 is always used.
  • sign String | (configuration: CustomWindowsSignTaskConfiguration) => Promise - The custom function (or path to file or module id) to sign Windows executable.
  • certificateFile String | “undefined” - The path to the *.pfx certificate you want to sign with. Please use it only if you cannot use env variable CSC_LINK (WIN_CSC_LINK) for some reason. Please see Code Signing.
  • certificatePassword String | “undefined” - The password to the certificate provided in certificateFile. Please use it only if you cannot use env variable CSC_KEY_PASSWORD (WIN_CSC_KEY_PASSWORD) for some reason. Please see Code Signing.
  • certificateSubjectName String | “undefined” - The name of the subject of the signing certificate, which is often labeled with the field name issued to. Required only for EV Code Signing and works only on Windows (or on macOS if Parallels Desktop Windows 10 virtual machines exits).
  • certificateSha1 String | “undefined” - The SHA1 hash of the signing certificate. The SHA1 hash is commonly specified when multiple certificates satisfy the criteria specified by the remaining switches. Works only on Windows (or on macOS if Parallels Desktop Windows 10 virtual machines exits).
  • additionalCertificateFile String | “undefined” - The path to an additional certificate file you want to add to the signature block.
  • rfc3161TimeStampServer = http://timestamp.digicert.com String | “undefined” - The URL of the RFC 3161 time stamp server.
  • timeStampServer = http://timestamp.digicert.com String | “undefined” - The URL of the time stamp server.

  • publisherName String | Array<String> | “undefined” - The publisher name, exactly as in your code signed certificate. Several names can be provided. Defaults to common name from your code signing certificate.
  • verifyUpdateCodeSignature = true Boolean - Whether to verify the signature of an available update before installation. The publisher name will be used for the signature verification.
  • requestedExecutionLevel = asInvoker “asInvoker” | “highestAvailable” | “requireAdministrator” | “undefined” - The security level at which the application requests to be executed. Cannot be specified per target, allowed only in the win.
  • signAndEditExecutable = true Boolean - Whether to sign and add metadata to executable. Advanced option.
  • signDlls = false Boolean - Whether to sign DLL files. Advanced option. See: https://github.com/electron-userland/electron-builder/issues/3101#issuecomment-404212384 Deprecated:
  • signExts Array<String> | “undefined” - Explicit file extensions to also sign. Advanced option. See: https://github.com/electron-userland/electron-builder/issues/7329

And all common platform-specific options.

Common Questions

How do delegate code signing?

Use sign option. Please also see why sign.js is called 8 times.

"win": {
  "sign": "./customSign.js"
}

File customSign.js in the project root directory:

exports.default = async function(configuration) {
  // your custom code
}

How do use a custom verify function to enable nsis signature verification alternatives instead of powershell?

Use the verifyUpdateCodeSignature interface:

/**
*  return null if verify signature succeed
*  return error message if verify signature failed
*/
export type verifyUpdateCodeSignature = (publisherName: string[], path: string) => Promise<string | null>

Pass a custom verify function to the nsis updater. For example, if you want to use a native verify function, you can use win-verify-signature.

import { NsisUpdater } from "electron-updater"
import { verifySignatureByPublishName } from "win-verify-signature"
// Or MacUpdater, AppImageUpdater

export default class AppUpdater {
    constructor() {
        const options = {
            requestHeaders: {
                // Any request headers to include here
            },
            provider: 'generic',
            url: 'https://example.com/auto-updates'
        }

        const autoUpdater = new NsisUpdater(options)
        autoUpdater.verifyUpdateCodeSignature = (publisherName: string[], path: string) => {
            const result = verifySignatureByPublishName(path, publisherName);
            if(result.signed) return Promise.resolve(null);
            return Promise.resolve(result.message);
        }
        autoUpdater.addAuthHeader(`Bearer ${token}`)
        autoUpdater.checkForUpdatesAndNotify()
    }
}

How do create Parallels Windows 10 Virtual Machine?

Disable “Share Mac user folders with Windows”

If you use Parallels, you must not use “Share Mac user folders with Windows” feature and must not run installers from such folders.

You don’t need to have Windows 10 license. Free is provided (expire after 90 days, but it is not a problem because no additional setup is required).

  1. Open Parallels Desktop.
  2. File -> New.
  3. Select “Modern.IE” in the “Free Systems”.
  4. Continue, Continue, Accept software license agreement.
  5. Select “Microsoft Edge on Windows 10”.
  6. The next steps are general, see Installing Windows on your Mac using Parallels Desktop from “Step 6: Specify a name and location”.

Parallels Windows 10 VM will be used automatically to build AppX on macOS. No need even start VM — it will be started automatically on demand and suspended after build. No need to specify VM — it will be detected automatically (first Windows 10 VM will be used).

How do create VirtualBox Windows 10 Virtual Machine?

If you are not on macOS or don’t want to buy Parallels Desktop, you can use free VirtualBox.

  1. Open Download virtual machines.
  2. Select “MSEdge on Win10 (x64) Stable”.
  3. Select “VirtualBox” platform.
  4. Download. See installation instructions.

The password to your VM is Passw0rd!.

VirtualBox is not supported by electron-builder for now, so, you need to setup build environment on Windows if you want to use VirtualBox to build AppX (and other Windows-only tasks).