MōBrowser 2.12.0
MōBrowser 2.12.0 adds Browser.capturePage() for capturing the rendered page as an image, Touch ID support on macOS via the WebAuthn API, signed and HTTPS-enforced auto-updates with a new mobrowser signkey command, and Info.plist customization for macOS bundles.
What’s new
Page capture
You can now capture the currently rendered page as an Image using the new browser.capturePage() method. The captured image covers the visible browser content, and its pixel size is scaled by the display scale factor. The page can be captured even when the browser window is hidden, as long as the page has been rendered at least once.
import { Browser, BrowserWindow } from '@mobrowser/api';
const win = new BrowserWindow()
const browser: Browser = win.browser
await browser.loadUrl('https://example.com')
const image = await browser.capturePage()
const pixels = image.asBitmap(1.0)
You can also export the captured image as a PNG data URL:
const dataURL = image.asDataURL(1.0)
Touch ID on macOS
Websites and web apps running in your MōBrowser app can now use the macOS Touch ID platform authenticator via the WebAuthn API (navigator.credentials). This allows you to build apps with biometric authentication without any extra JavaScript libraries.
To enable Touch ID, sign your app with the keychain-access-groups entitlement and provide an embedded provisioning profile. Add provisioningProfile to the bundle.macOS section of mobrowser.conf.json pointing to your .provisionprofile file:
{
"app": {
"bundle": {
"macOS": {
"codesignIdentity": "Developer ID Application: ...",
"codesignEntitlements": "assets/entitlements.plist",
"provisioningProfile": "assets/MyApp.provisionprofile"
}
},
...
}
}
Your entitlements.plist must declare the keychain-access-groups entitlement:
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)com.company.myapp</string>
</array>
MōBrowser validates the configuration at signing time — if keychain-access-groups is declared in the entitlements but no provisioning profile is set, the build fails with a clear error before producing a broken bundle.
Secure auto-updates
Auto-update packages are now cryptographically signed with Ed25519, and the update feed must be served over HTTPS. A tampered feed or man-in-the-middle can no longer push a malicious update to your users.
Signing key management. Use the new mobrowser signkey command to generate and manage your update-signing key:
# Generate the key if absent and print its public key.
npm run mobrowser signkey
# Print the public key of the existing key.
npm run mobrowser -- signkey --print
# Export the private key to a file for use as a CI secret.
npm run mobrowser -- signkey --export <file>
Running npm run pack now warns you if no signing key is found, so you can opt in to signed updates at your own pace.
HTTPS-only update feed. app.checkForUpdate(source) now rejects URLs that do not use HTTPS. Plain HTTP is still accepted for localhost, which allows testing against a local update server during development.
Signed and notarized DMG on macOS. npm run pack now automatically codesigns and notarizes the generated DMG if your signing credentials are configured in mobrowser.conf.json.
Info.plist customization on macOS
You can now inject your own keys into the app bundle’s Info.plist on macOS without patching SDK internals. This is useful when your app needs usage description strings (such as NSSpeechRecognitionUsageDescription) or background-mode flags (such as LSUIElement).
Add extraInfo to the bundle.macOS section of mobrowser.conf.json, pointing to a .plist file:
"bundle": {
"macOS": {
"codesignIdentity": "Developer ID Application: ...",
"extraInfo": "assets/extra-info.plist"
}
}
Keys from your file are merged into the bundle’s Info.plist after branding, overriding any SDK defaults:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>NSSpeechRecognitionUsageDescription</key>
<string>This app uses speech recognition to transcribe your notes.</string>
<key>LSUIElement</key>
<true/>
</dict>
</plist>
The CLI validates the file with plutil before merging, so a malformed plist is caught at build time rather than producing a broken bundle.
Fixes and improvements
- Restored DevTools docking inside
BrowserView. After the introduction ofBaseWindowandBrowserView, the DevTools panel could only open as a separate window. The dock/undock toggle in the DevTools UI now works as expected inside aBrowserView. - Improved the performance of
npm run genfor projects that include a native C++ module. The CLI now ships a prebuilt static Protobuf library and uses it by default in development mode, eliminating the several-minute Protobuf compilation step on a clean checkout. Production builds still compile Protobuf from source.