Default configuration creates a project that exposes the entire electron API to the renderer by default.

### Describe the bug

To reproduce:
```bash
npm create @quick-start/electron@latest
# accept defaults
```
`src/preload/index.js` contains this line:
```js
    contextBridge.exposeInMainWorld('electron', electronAPI)
```
According to the [electron tutorial](https://www.electronjs.org/docs/latest/tutorial/tutorial-preload#:~:text=Notice,code), exposing just the ipcRenderer module is highly dangerous, let alone the entire Electron API. This should be changed to a more secure default.

I can open a PR but I'm not sure if there are other places in the project with the same vulnerability.

### Used Scaffolding

create-electron

### Used Package Manager

npm

### Validations

- [x] Follow the [Code of Conduct](https://github.com/alex8088/quick-start/blob/master/CODE_OF_CONDUCT.md).
- [x] Read the [Contributing Guidelines](https://github.com/alex8088/quick-start/blob/master/CONTRIBUTING.md).
- [x] Read the [docs](https://github.com/alex8088/quick-start#readme).
- [x] Check that there isn't [already an issue](https://github.com/alex8088/quick-start/issues) that reports the same bug to avoid creating a duplicate.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Default configuration creates a project that exposes the entire electron API to the renderer by default. #66

Describe the bug

Used Scaffolding

Used Package Manager

Validations

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Default configuration creates a project that exposes the entire electron API to the renderer by default. #66

Description

Describe the bug

Used Scaffolding

Used Package Manager

Validations

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions