fix: upgrade Electron for Node 24.16+/26 install compatibility

[Astro-Han]

Summary

Fix Electron's silent installation failure on Node 24.16.0+ and 26.x by upgrading Electron from 40.8.0 to 40.10.3, which includes the upstream fix (electron/electron#51886) that replaces extract-zip with @electron-internal/extract-zip. Remove the now-unnecessary Node version guard.

Why

PR #1346 added a check-node.mjs guard that blocked bun install on Node ≥25. That guard was a workaround: the real issue is extract-zip → yauzl@2.x → fd-slicer@1.x, which has a broken stream lifecycle on newer Node versions, causing Electron's postinstall to silently skip binary extraction.

Electron 40.10.3 includes the official fix (electron/electron#51886) that replaces extract-zip entirely. This is cleaner than a transitive dependency override.

Related Issue

• Installing Electron fails under Node.js 26.1.0+ and 24.16.0+ electron/electron#51619 (upstream issue)
• refactor: use @electron-internal/extract-zip in the npm package electron/electron#51886 (upstream fix, backported to 40-x-y)
• PR fix: guard dependency installs on unsupported Node versions #1346 (original Node version guard)
• Issue [Bug] bun run dev cannot launch Electron inside a git worktree — dist binary is a 244K stub (vs 274M in main checkout) #1329 (worktree Electron install failure)

Human Review Status

Pending

Review Focus

Check that Electron 40.10.3 upgrade doesn't introduce regressions, and that the CI install matrix covers both Node 24 and 26.

Risk Notes

• Electron 40.8.0 → 40.10.3 is a patch-level upgrade within the same major.minor line. The upstream changelog shows only install-related fixes and the @electron/get v5 upgrade.
• The repair-electron-install.mjs --assert-complete flag is a new exported function that reuses existing internal checks. It does not change the repair flow.
• No visible UI changed; no platform/packaging surface changed; no docs or release notes needed.

Migration for existing worktrees

If you have an existing worktree or local checkout with a broken Electron dist (244K stub, missing path.txt or Frameworks):

# Option 1: clean reinstall
rm -rf node_modules && bun install --frozen-lockfile

# Option 2: repair without full reinstall
node packages/desktop-electron/scripts/repair-electron-install.mjs

How To Verify

bun install --frozen-lockfile: passes (lockfile is in sync)
git diff --check: clean
node ./scripts/repair-electron-install.mjs --assert-complete: passes

Node 26 fresh install verification (completed locally):
  Node: v26.3.0
  Electron: 40.10.3
  Steps: trash node_modules && bun install --frozen-lockfile
  path.txt: exists, contains "Electron.app/Contents/MacOS/Electron"
  Electron.app/Contents/Frameworks/: exists (Electron Framework.framework + Helpers)
  dist size: 275M

CI coverage:
  - desktop-smoke: pre-repair assertion via --assert-complete
  - install-matrix: Node 24 + 26 fresh install + assertion

Screenshots or Recordings

Not applicable — CLI/install output only.

Checklist

• Type label — this PR carries exactly one of bug, enhancement, task, documentation. Type labels are author-added; the labeler bot does NOT assign them. Add the label in the GitHub UI, then tick this.
• Routing labels — this PR carries at least one of app, ui, platform, harness, ci. The labeler bot assigns these on PR open based on changed paths. Confirm the bot's choice (or override if wrong), then tick this.
• Priority label — this PR carries exactly one of P0, P1, P2, P3. The priority-triage bot suggests one on PR open. Confirm or override, then tick this.
• Human Review Status above is set to Pending, Approved by @<reviewer>, or Not required: <reason> (default is Pending; "not required" is restricted to bot-authored low-risk PRs).
• I linked the related issue, or stated in Summary why there is no issue.
• I described the review focus and any meaningful risks.
• I replaced the example block in How To Verify with the real verification steps and the key result for each.
• I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope.
• (conditional) I manually checked visible UI or copy changes when needed, with screenshots or recordings. Leave unticked only if no visible UI or copy changed.
• (conditional) I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes. Leave unticked only if no platform/packaging surface was touched.
• (conditional) I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant. Leave unticked only if none of those surfaces was touched.
• I reviewed the final diff for unrelated changes and suspicious dependency changes.
• I am targeting dev, and my PR title and commit messages use Conventional Commits in English.

[coderabbitai]

📝 Walkthrough

Walkthrough

Removes the Node version guard script (script/check-node.mjs), its test file, and the associated preinstall/test:install-guard npm scripts, along with the corresponding CI step in the typecheck job. Adds a pre-repair Electron install verification step to the desktop smoke workflow and pins yauzl to 3.3.1 in overrides.

Changes

CI Tooling Changes

Layer / File(s)	Summary
Remove Node version guard and CI step package.json, .github/workflows/ci.yml, script/check-node.mjs, script/check-node.test.mjs	preinstall and test:install-guard scripts removed from package.json; the install guard unit CI step dropped from the typecheck job; check-node.mjs and its test file deleted entirely.
Electron pre-repair assertion and yauzl override .github/workflows/desktop-smoke.yml, package.json	New step added before the repair phase in the desktop smoke workflow: imports isElectronInstallComplete, validates path.txt content, and emits a workflow error with exit code 1 on any missing or incorrect condition. yauzl pinned to 3.3.1 in package.json overrides.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

desktop, dependencies

Poem

🐇 Hop hop, the Node guard is gone today,
No more checking versions along the way!
But Electron must pass the pre-repair test,
path.txt checked — only the best!
The rabbit tidies CI with a cheerful bounce. 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The pull request description is comprehensive and well-structured, following the required template with all major sections completed.
Title check	✅ Passed	The title 'fix: upgrade Electron for Node 24.16+/26 install compatibility' directly addresses the main change: replacing a Node version guard with a yauzl dependency override to fix Electron installation on Node 24.16+ and 26.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch pawwork/yauzl-override-node-compat

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request adds the yauzl dependency to package.json and removes the restriction preventing Node versions 25 and above from installing dependencies in script/check-node.mjs, updating the corresponding tests to allow Node 26. The reviewer suggests pinning the yauzl dependency to an exact version (3.3.1) instead of using a caret range to maintain consistency with other pinned dependencies and ensure reproducible builds.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

Warning

Gemini encountered an error creating the review. You can try again by commenting /gemini review.

[github-actions]

Suggested priority: P2 (includes non-doc, non-test paths outside the low-risk bucket).

P1/P0 are reserved for maintainer confirmation. Please relabel manually if this is a release blocker, security issue, data-loss risk, or updater/runtime failure.