This is a comprehensive reference for building production Electron apps with React, covering the security fundamentals that keep XSS from escalating to remote code execution. It walks through context isolation, sandbox mode, and type-safe IPC patterns using the invoke/handle model, plus practical guidance on electron-vite for dev tooling and Electron Forge for packaging with code signing. The anti-patterns table alone is worth having on hand, calling out common mistakes like exposing ipcRenderer directly or skipping CSP headers. If you're generating Electron code or setting up a desktop app project, this gives you the modern security-first architecture and avoids the legacy patterns that still float around in outdated tutorials.
npx skills add https://github.com/jwynia/agent-skills --skill electron-best-practices