Tauri Foundations and Futures

Rate this content
Bookmark

Tauri is a rust-based, security-first, open-source application construction framework built on the philosophy of shipping better projects without compromising on our climate goals. This talk will introduce key components and benchmarks of the stable release of the fully-audited framework. Further it will discuss its future as a means of not only delivering desktop and mobile apps, but also its mission of backfitting servo in order to make a fully fledged all-platform webview provider. Finally, we will present our award for "2022's most secure modern web-framework" in the context of webview-based Tauri apps.

This talk has been presented at JSNation 2022, check out the latest edition of this JavaScript Conference.

FAQ

Tauri is a tool designed to enhance application development ecosystems by focusing on security and efficient resource use. It was created as a response to the limitations observed in platforms like Electron, aiming to provide a lighter, more secure framework for building applications.

Tauri consists of three main components: Tau, Rai, and the Tauri API itself. Tau handles the creation of application windows and system interactions. Rai allows the injection of a web view into the Tau window. The Tauri API integrates these components to provide access to system resources and functionalities securely.

Tauri emphasizes security by limiting the opportunities for attackers to exploit by isolating front-end and back-end components and minimizing vulnerabilities. It also includes features like a new kind of iFrame interaction that prevents unauthorized API calls, enhancing the security of applications built with Tauri.

Yes, Tauri is designed to be cross-platform, supporting deployment on Windows, macOS, Linux, iOS, and Android platforms. This flexibility allows developers to create applications that can operate on multiple device types using the same codebase.

Tauri offers multiple benefits including enhanced security, reduced bundle sizes leading to more efficient applications, and dual licensing under MIT and Apache 2. It also supports various programming environments, making it versatile for different development needs.

Yes, Tauri provides the ability to integrate with different back-end languages such as Python, C, Go, Nim, and C++. As long as the language has interoperability with C, it can be utilized within Tauri's framework.

Tauri contributes to environmental sustainability by minimizing the application bundle sizes, which in turn reduces the energy consumption during downloads and operations. The project encourages developers to optimize resources like images and to consider the environmental impact of their software.

The Tauri community is active on Discord, where developers can join discussions, seek support, and contribute to the project. Tauri also has an Open Collective for donations, which fund project developments like security audits and trademark registrations.

Daniel Thompson-Yvetot
Daniel Thompson-Yvetot
22 min
16 Jun, 2022

Comments

Sign in or register to post your comment.

Video Summary and Transcription

Tauri is a tool built to improve the JS ecosystem, providing a lightweight alternative to Electron. It integrates the stack, focuses on security, and offers cross-platform compatibility. Security measures include a new iFrame interaction and a thorough audit. The importance of taking care of the planet and reducing app consumption is emphasized. Tauri's community, licensing, and future plans are discussed, as well as the challenges of web view support and the aim to create a consistent engine using Servo.
Available in Español: Fundamentos y Futuros de Tauri

1. Introduction to Tauri

Short description:

Three years ago, I came to JS Nation for the first time. Today, I want to give you an introduction to Tauri, a tool we built to make our ecosystem better.

Hey, you know, three years ago I came to JS Nation for the first time and it was about a month or two after we started working on Tauri. So it's kind of an amazing feeling to be back here, especially after these past couple of years, which have been really weird, right?

Like, these, these meetups have been kind of modified by the screen so we didn't even have this distance, right? We didn't have this way to look across. Where are we going? Where did we come from? And I think today, what I want to do in the talk is give you an introduction to Tauri. There's going to be a short video, then I'll talk about the parts of our important stack and then bridge into our philosophy about it. So time's short. I'm just going to move ahead. There's questions later. But I'm waiting for my Wi-Fi. So while the video is loading, and if it doesn't load, I'll just skip ahead, but we built Tauri in order to address a bunch of concerns and none of them were our ecosystem is bad. We built a tool to make our ecosystem better.

2. Building Secure Applications with Rust

Short description:

Out of Adam grew Electron, which is a mixed bag. It allows you to do a lot of things, but it's heavy and ships an outdated browser and runtime. To address this, we built Tauri with Rust at the core. Tauri has three components: Tau, which creates windows and provides menus and system trays; Rai, which injects a web view into the Tau window; and an ecosystem that brings together systems-level engineers and front-end developers. Tauri integrates the stack, provides API access to the file system and build tools, and focuses on security and the basics.

When we look at how applications have been built, it all started, I think, in this context with Adam. I don't know if you remember that. It just got sunset a couple days ago. Out of Adam grew Electron and anyone who's been reading the Twitterati, they all know that Electron is kind of this mixed bag. It allows you to do a lot of things. But I guess I will skip the video. It allows you to do a lot of things, but it's very heavy. Basically, with Electron, with that system, you're shipping a browser that's generally out of date the moment you ship it. You're shipping an entire run time and also your JavaScript.

Now, there's this whole idea in the JavaScript community that isomorphic code is great. I mean it is generally good for the ease of use, and we're gonna get into the security implications of having everything easy later. But what also happens is attackers can jump from the JavaScript front-end to the JavaScript back-end, and you hear about terrible vulnerabilities and attacks all the time. So we decided to look at how we can rebuild this idea using Rust at the core. And so we have basically three components for Tauree, and it starts with a window. You know whether you're on Mac, Windows, Linux, or iOS, or Android, you need to have a window to put content into. And that's Tau. It allows you to create a window, it gives you menus, system trays, keyboard accelerators, and that's kind of like the skeleton, if you will.

The next part is Rai, and Rai allows you to inject a web view into the Tau window that you've already created. And what the important thing to remember here is that we built these libraries on Rust, but other people can use them too, not just Tauree. So for example, the Rai library is being used by Astrodon, which as you might know is a project to build applications with Deno. We've helped them, and they've helped us, and I think that that's something that we're going to keep on coming back to in the talk, and that is that this ecosystem of Tauree is kind of unique in my experience because we're bringing not only systems-level engineers into the project, but also front-end people from all different disciplines, whether it's React or Vue or Svelte, or from the Rust side Dominator and U. And this all kind of comes together in Tauree.

So basically what you get with Tauree is it integrates all of this stack. It gives you API access to, for example, the file system from the WebVue, and also the build tools, so that you get, if you need to assign the macOS binary, it'll do that for you. It will provide a system for automatic updates that you can give your users. And it's kind of the glue that holds it all together. So the features of Tauri are that you can bring your brownfield project, and it'll work. Of course, if you do a lot of things in Node.js, in Electron, you're gonna have to do some porting, but we really focus on security and the very basics. And I mentioned this earlier. It's super important for us that you, as developers, as engineering teams, have a baseline security that you know is there and that is verified and verifiable.

QnA