Skip to main content
The @overlayed/app/security module provides security utilities for Electron applications.

assertNoProhibitedArgs

Checks for prohibited command line arguments and aborts the app if any are found.
  • Type 
    function assertNoProhibitedArgs(options?: Partial<ProhibitedArgumentsOptions>): void;
  • Details This function checks command line arguments for potentially dangerous command line arguments. If any prohibited arguments are found, the application will exit. Important Notes:
    • It’s strongly recommended to call this function before any other code is executed
    • You may want to only call this function in production via import.meta.env.PROD or similar
    • Individual argument checks can be disabled by passing them in the options object
  • Example 
    import { assertNoProhibitedArgs } from "@overlayed/app/security";

// Block all prohibited arguments
assertNoProhibitedArgs();

// Allow specific arguments
assertNoProhibitedArgs({
	args: {
		"--inspect": false, // Don't block --inspect
	},
});

ProhibitedArgumentsOptions

Configuration options for assertNoProhibitedArgs.
  • Type 
    interface ProhibitedArgumentsOptions {
	args: Partial<Record<ProhibitedArguments, boolean>>;
}

type ProhibitedArguments =
	| "--inspect"
	| "--inspect-brk"
	| "--inspect-port"
	| "--remote-debugging-port"
	| "--remote-debugging-address"
	| "--remote-debugging-pipe"
	| "--remote-allow-origins"
	| "--auto-open-devtools-for-tabs"
	| "--devtools"
	| "--disable-web-security"
	| "--allow-file-access-from-files"
	| "--allow-running-insecure-content"
	| "--unsafely-treat-insecure-origin-as-secure"
	| "--load-extension"
	| "--proxy-server"
	| "--proxy-bypass-list"
	| "--no-sandbox"
	| "--disable-gpu-sandbox";
  • Details The args property is a record where:
    • Keys are prohibited argument names
    • Values are booleans indicating whether to check for that argument
    • true (default) means the argument is prohibited
    • false means the argument is allowed
  • Example 
    import { assertNoProhibitedArgs } from "@overlayed/app/security";

// Allow --inspect and --inspect-brk, block everything else
assertNoProhibitedArgs({
	args: {
		"--inspect": false,
		"--inspect-brk": false,
	},
});