The people I trust to give good security recommendations (e.g., the leader of the Secureblue project) tell me I should completely avoid Electron (at least on Linux) because of how insecure it is. E.g., the typical Electron app pulls in many NPM packages, for which Electron does zero sandboxing.