Setting sandbox to false so that bytecode plugin works is a security threat

[kotasudhakar]

Describe the bug

I understand that it was asked to turn the sandbox option to false in order to protect source code using bytecode plugin as it uses the nodevm, however it is kinda dangerous tbh to do so although there are still other options like contextIsolation to prevent render process accessing the main process.

Can we do in any other alternative way so that we no need to set the sandbox value to false for browserWindow options and improving security? may be using something like Jailed/Hermes

https://electron-vite.org/guide/source-code-protection

Electron-Vite Version

2.0.0

Electron Version

32.0.0

Vite Version

Not using specifially in my dependencies, i think it comes with the vite-electron

Validations

• [X] Follow the Code of Conduct.
• [X] Read the Contributing Guidelines.
• [X] Read the docs.
• [X] Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.

[hifron]

Ubuntu in next version 24.10 releases Security Centre with Prompting for permission, but in 24.04 is not it enabled or installable due experimental nature of snapd(from 24.10) in 24.04 and therefore backport of snapd or such possibility to make snap install security-center and prompting-client is not yet fully possible as stable option...