Comments 3

I once was interested in your framework and have some questions to ask:


  1. Security. The only authorization on your Neutralino-server is a token which can be easily sniffed from raw HTTP traffic. Is there any plans to make Neutraline more secure?
  2. Cross-browser development. You run apps on HTML engines which version developer can't know. And there's now HTML5 available in MSHTML, you know. You mention it nowhere but everywhere there is a phrase "minimal bundle size". Developers would use pollyfills to use some modern ES6 features and you force them to use ES3 instead. Is there any plans to stabilize versions of HTML and JS engines?
  3. API. Why don't you use node-like promises? Why you force developers to make hooks to handle "finally" case? Are you planing to give developers more flexible way to interact with files and other OS features like Net?
  4. Native. Electron or NW.js allow developers to make tray icons, context menus and other GUI integration. Are you planing to give this integrations?
  5. No prerequirements. GTK is a requirement. If I use Arch with Xorg only, your server wouldn't work. If I use WinXP your default WebView will be an IE6. So there are prerequirements. Why do you bypass this moment?
  6. Desired archive format. On windows EXE is always a desired archive format for apps. In linux AppImage is a good archive format. If user is forced to install or unarchive and application it's not a portable application. Are you planing to build your own builder to make EXE and linux binaries?
  7. Server. You've forked http servers for windows and linux. Are you planing to unify servers' code? And are there any plans to give some plugin api for servers to extend it's functionality?

I know that this comment is full of anger. But I think you can give us a good framework if you wouldn't tell us just advertising headlines and say in official way for what this project can be used for.

Hi… Nice questions.


  1. Security. The only authorization on your Neutralino-server is a token which can be easily sniffed from raw HTTP traffic. Is there any plans to make Neutraline more secure?

Currently it uses a simple token. There can be several approaches to improve this further. We could you a one-time token per request or we can only accept requests from the local machine.


  1. Cross-browser development. You run apps on HTML engines which version developer can't know. And there's now HTML5 available in MSHTML, you know. You mention it nowhere but everywhere there is a phrase "minimal bundle size". Developers would use pollyfills to use some modern ES6 features and you force them to use ES3 instead. Is there any plans to stabilize versions of HTML and JS engines?

There is no big issue with webkit-gtk on Linux. But Neutralino uses an IE component on Windows. IE doesn't support latest features of Javascript and HTML so there is a plan to introduce EdgeHTML to solve this issue. We use a c++ header file called webview as a wrapper for browser components and webview developers are currently working on it to add EdgeHTML support. So I think Neutralino has to wait and update webview header file thereafter.


  1. API. Why don't you use node-like promises? Why you force developers to make hooks to handle "finally" case? Are you planing to give developers more flexible way to interact with files and other OS features like Net?

We used JQuery like callback since IE need polyfills to run the Promise feature. If we solve the issue with EdgeHTML support we can introduce Promises based development instead those simple callbacks


  1. Native. Electron or NW.js allow developers to make tray icons, context menus and other GUI integration. Are you planing to give this integrations?

We currently offer some dialog boxes support and there is a feature-request for tray icon support already. Yes I think better to introduce more GUI related features as you mentioned.


  1. No prerequirements. GTK is a requirement. If I use Arch with Xorg only, your server wouldn't work. If I use WinXP your default WebView will be an IE6. So there are prerequirements. Why do you bypass this moment?

Usually people use Ubuntu and Mint like distros for Linux. In other hand almost all windows users are usually on Windows 8 or 10 I guess. So for those kind of users, neither GTK nor MSHTML is a pre-requirement


  1. Desired archive format. On windows EXE is always a desired archive format for apps. In linux AppImage is a good archive format. If user is forced to install or unarchive and application it's not a portable application. Are you planing to build your own builder to make EXE and linux binaries?

I think even Electron doesn't support single executable without an installation wizard. Also I think there is no issue if a portable application has multiple files other than executable. Anyway There is a feature request to make a CLI based packaging too like as in Electron. Also we think it is better to minify or encrypt js source files when we package Neutralino apps


  1. Server. You've forked http servers for windows and linux. Are you planing to unify servers' code? And are there any plans to give some plugin api for servers to extend it's functionality?

Yes there is a plan to re-write a proper code base for Entire server implementation. Initially Neutralino started as a simple POC by merging two server implementations into one. Actually the internal code looks not that much manageable or flexible for modifications.


These are really good questions. I will add those as issues or feature requests into the main repo


Thanks

Only those users with full accounts are able to leave comments. Log in, please.