DEV Community

Daniel Thompson-Yvetot for Tauri

Posted on

We want smaller, faster, more secure native apps

The Situation Room

In 2019, the manufacture of native-apps from compile-to-javascript user-interface frameworks has become easier and more accessible than ever before. All the same, beginners and seasoned developers alike are confronted with tough choices in a rapidly changing landscape of security and privacy. This is especially true in the semi-trusted environment of user devices, where vendors fragment the already diverse ecosystem with their proprietary "solutions".

The fragmentation of the app landscape doesn't end with devices though, as there are not only innumerable front-end frameworks like React, Angular, Vue and Svelte ... but also a range of packagers like Capacitor, Electron, Proton-Native and others popping up daily. Multiply this with insecure dependency management and incomplete vulnerability remediation, and we are left with a fractured ecosystem where the winners are merely the lucky ones who haven't gotten hit - yet.

The fact is that most of these frameworks were never conceived to exist outside of the browser sandbox and have been suddenly thrust into a very hostile environment where development teams resort to applying workarounds like shipping shared certs, hacking on-device registries or stooping to the unfortunately common integration of localhost servers on the devices themselves.

Alt Text

A Paradigm Shift

Tauri approaches these issues head on, as it was designed from the ground up to embrace novel patterns for secure development and creative flexibility that leverage the language features of Rust and enable you to grow your app using any front-end framework you like. And all of that in a much more secure distribution environment.

With Tauri as a component in your toolchain, you will be able to design, build, audit and deploy tiny, fast, robust and secure native applications for the major Desktop and Mobile platforms in record time. You can do all this within your preferred dev environment, using any framework and without even needing to know the Rust programming language. If you know Rust, however, you will be empowered to make even more amazing integrations with the underlying operating system and hardware.

The Tauri-Team has already completed some initial proofs of concept using WebViews (with really encouraging results such as < 3MB binaries on MacOS, Windows and Linux). At the moment we are finalizing the API, preparing smoke-tests, investigating cross-compilation tools and even building a binary evaluation harness. However, we are not totally satisfied with the WebView approach, and are investigating alternatives like Servo and Webkit.

Get in Touch

Tauri apps aren't quite ready for prime-time and there is a lot of work needed in the codebase and the governance structure to get to that point. Nevertheless, in our quest for transparency and community involvement, we are taking this opportunity to invite everyone from the Rust, Appsec and Dev communities to come around and find out where the project is at, where it is going and how to get involved in the working groups.

Tauri is an organization that seeks to follow the best practices of the SFOSC principles. It is our duty and pleasure to humbly invite you to visit our public GitHub project page, hang out at our Discord chat server, donate money at our Open Collective page or simply follow our Tweets.

About the Author

Daniel Thompson-Yvetot is the principal architect and security engineer behind Tauri. He has been an open source evangelist for the last 13 years and is an active member of the Sustainable Free and Open Source Communities (SFOSC).

Top comments (0)