github.com/wailsapp/wails
★
★
★
★
★
3
reviews
80
Security
13
Quality
35
Maintenance
48
Overall
v1.16.9
Go
Go
Dec 10, 2021
No Known Issues
This package has a good security score with no known vulnerabilities.
32744
GitHub Stars
2.7/5
Avg Rating
Community Reviews
CAUTION
Promising concept but v1 has steep learning curve and limited tooling
Wails v1 lets you build desktop apps with Go backends and web frontends, which sounds great in theory. However, the day-to-day development experience has friction points. The initial setup works fine with the CLI scaffolding, but debugging becomes challenging when things go wrong. Error messages often point to JavaScript bundling issues or bridge communication problems without clear guidance on resolution.
The documentation covers basic examples but falls short on real-world scenarios like custom window management, complex state synchronization, or handling platform-specific quirks. The binding system between Go and JavaScript works but feels fragile - type mismatches or incorrect function signatures result in cryptic runtime errors rather than compile-time safety.
Community support is hit-or-miss. GitHub issues get responses but many remain open for extended periods. Stack Overflow has minimal coverage, so you're mostly relying on GitHub discussions. Note that v2 is now the actively developed version with breaking changes, making v1 resources increasingly outdated and the migration path non-trivial.
The documentation covers basic examples but falls short on real-world scenarios like custom window management, complex state synchronization, or handling platform-specific quirks. The binding system between Go and JavaScript works but feels fragile - type mismatches or incorrect function signatures result in cryptic runtime errors rather than compile-time safety.
Community support is hit-or-miss. GitHub issues get responses but many remain open for extended periods. Stack Overflow has minimal coverage, so you're mostly relying on GitHub discussions. Note that v2 is now the actively developed version with breaking changes, making v1 resources increasingly outdated and the migration path non-trivial.
CLI scaffolding quickly generates working project structure with sensible defaults
Simple Go-to-JavaScript binding for basic function calls and data passing
Built-in development mode with hot reload for frontend changes
Cryptic error messages when Go-JS bridge fails, especially with type mismatches
Limited documentation on advanced patterns like custom dialogs or IPC optimization
v1 is effectively deprecated with v2 requiring significant refactoring to migrate
Best for: Simple internal tools or prototypes where you need basic desktop UI with Go backend logic and can tolerate occasional debugging headaches.
Avoid if: You need production-ready desktop apps with complex UI requirements or require stable long-term support without major version migrations.
CAUTION
Powerful concept but v1 shows its age with rough edges and unclear migration path
Wails v1 offers an interesting approach to building desktop apps with Go backends and web frontends, but the developer experience has notable friction points. The initial setup with `wails init` works smoothly, and the basic Hello World runs fine. However, once you move beyond examples, you'll encounter cryptic error messages that don't clearly indicate whether issues are in your Go code, the JavaScript bridge, or the build process itself.
The documentation covers basics adequately but lacks depth for real-world scenarios like complex state management between Go and JS, handling async operations cleanly, or debugging runtime issues. When things go wrong, you're often left inspecting browser DevTools and Go logs separately with little guidance on how they connect. GitHub issues show maintainers are responsive, but many problems lack clear resolutions.
The major concern is that v1 is essentially deprecated with v2 being a complete rewrite using different APIs. This means investing time in v1 feels like learning a dead-end technology, while v2 (though promising) is a fundamentally different framework requiring separate evaluation.
The documentation covers basics adequately but lacks depth for real-world scenarios like complex state management between Go and JS, handling async operations cleanly, or debugging runtime issues. When things go wrong, you're often left inspecting browser DevTools and Go logs separately with little guidance on how they connect. GitHub issues show maintainers are responsive, but many problems lack clear resolutions.
The major concern is that v1 is essentially deprecated with v2 being a complete rewrite using different APIs. This means investing time in v1 feels like learning a dead-end technology, while v2 (though promising) is a fundamentally different framework requiring separate evaluation.
Simple project initialization with sensible defaults gets you running quickly
Binding Go functions to JavaScript is straightforward for basic use cases
Cross-platform compilation works reliably once configured
Lightweight compared to Electron for distributing Go-based desktop apps
Error messages during build or runtime are often vague and difficult to trace
Documentation lacks comprehensive examples for production patterns and edge cases
V1 is effectively deprecated with v2 being incompatible rewrite, creating uncertainty
Best for: Existing v1 projects requiring maintenance or developers comfortable navigating immature tooling to experiment with Go-based desktop apps.
Avoid if: You need a stable, well-documented framework for production desktop applications or are starting a new project (consider Wails v2 or Electron instead).
CAUTION
Outdated v1 branch with security concerns for desktop app development
Wails v1 (this branch) feels abandoned and has significant security considerations when building desktop applications. The bridge between Go backend and JavaScript frontend lacks robust input validation by default, requiring manual sanitization of all cross-boundary calls. Error messages from Go often leak implementation details directly to the frontend without filtering mechanisms.
The TLS/crypto story is concerning when making external requests - there's no enforced certificate pinning or secure defaults for HTTP clients exposed to the frontend. The authentication/authorization layer between frontend and backend is essentially non-existent; any exposed Go method can be called from the JavaScript context without built-in access controls. You must implement your own security layer.
Dependency management is problematic with older transitive dependencies that may contain known CVEs. The webkit/webview bindings vary significantly across platforms, making consistent security posture difficult. The project has moved to v2 (different import path), making this version effectively EOL without security patches.
The TLS/crypto story is concerning when making external requests - there's no enforced certificate pinning or secure defaults for HTTP clients exposed to the frontend. The authentication/authorization layer between frontend and backend is essentially non-existent; any exposed Go method can be called from the JavaScript context without built-in access controls. You must implement your own security layer.
Dependency management is problematic with older transitive dependencies that may contain known CVEs. The webkit/webview bindings vary significantly across platforms, making consistent security posture difficult. The project has moved to v2 (different import path), making this version effectively EOL without security patches.
Simple Go struct method binding to JavaScript reduces boilerplate
Native system dialogs (file picker, message boxes) work reliably across platforms
Embedded asset bundling keeps binaries self-contained
No input validation or sanitization between Go and JavaScript boundaries
Error handling exposes internal Go stack traces and paths to frontend by default
Effectively unmaintained with last release in 2021, security patches unlikely
No built-in authentication layer between frontend calls and backend methods
Best for: Internal tools or prototypes where the security model assumes complete trust of the frontend code and local environment.
Avoid if: You need a maintained framework, handle sensitive data, or require security-by-default patterns for desktop applications.
Write a Review
Sign in to write a review
Sign In
Dependencies
github.com/Masterminds/semver
v1.4.2
github.com/abadojack/whatlanggo
v1.0.1
github.com/fatih/color
v1.7.0
github.com/go-playground/colors
v1.2.0
github.com/gorilla/websocket
v1.4.1
github.com/jackmordaunt/icns
v1.0.0
github.com/kennygrant/sanitize
v1.2.4
github.com/leaanthony/slicer
v1.4.0
github.com/leaanthony/spinner
v0.5.3
github.com/mattn/go-colorable
v0.1.1
github.com/mattn/go-isatty
v0.0.7
github.com/nfnt/resize
v0.0.0-20180221191011-83c6a9932646
github.com/pkg/browser
v0.0.0-20180916011732-0a3d74bf9ce4
github.com/pkg/errors
v0.8.1
github.com/sirupsen/logrus
v1.8.1
github.com/stretchr/testify
v1.3.0
github.com/syossan27/tebata
v0.0.0-20180602121909-b283fe4bc5ba
golang.org/x/image
v0.0.0-20200430140353-33d19683fad8
golang.org/x/net
v0.0.0-20200625001655-4c5254603344
golang.org/x/sys
v0.0.0-20211025201205-69cdffdb9359
and 3 more