Tauri 2.x vs Electron 2026 — Desktop App Framework Decision for Privacy-First AI Products

Executive Summary

Tauri 2.x has crossed from “promising alternative” to “production-grade default” for privacy-first, local-first desktop applications. In 2026, the framework gap between Tauri and Electron has widened in Tauri’s favor on every performance axis: binary size (8–15 MB vs 80–244 MB), RAM at idle (30–50 MB vs 200–300 MB), startup time (<500 ms vs 1–2 s), and attack surface (Rust + native WebView vs full bundled Chromium). Electron retains clear advantages in ecosystem maturity, cross-platform rendering consistency, build speed (~16 s vs ~80 s for Tauri’s initial Rust compile), and team ramp-up time for JavaScript-only shops.

For Moklabs specifically — building Remindr, Neuron, and Argus as privacy-first, local-first AI products — Tauri 2.x is the recommended framework. The combination of minimal RAM footprint (critical when RAM competes with local LLM inference), a fine-grained permission system that enforces privacy by architecture, a production-ready sidecar model for LLM processes, and active community growth (82K+ GitHub stars, 35% YoY adoption growth) outweighs the steeper initial Rust learning curve and the narrower npm ecosystem. The recommendation comes with a concrete risk mitigation plan.

1. Framework Overview

Tauri 2.x

Attribute	Detail
Latest stable version	2.6.0 (as of early 2026)
Initial stable 2.0 release	October 2, 2024
Language	Rust backend + any JS/TS frontend
Rendering	OS-native WebView (WebView2/Edge on Windows, WKWebView/Safari on macOS, WebKitGTK on Linux)
Mobile support	iOS + Android (stable since Tauri 2.0)
Governance	Tauri Programme Ltd + community Board (3–7 Directors); CrabNebula as official commercial partner
GitHub stars	82,800+ (gained 16K+ in 2024 alone)
Discord members	17,700+
Companies using	~404 tracked on TheirStack; includes Cloudflare, ABBYY, Cboe Global Markets

Tauri took over two years to build from the 1.x baseline to the 2.0 stable release. The rewrite introduced a redesigned IPC layer with raw payloads for fast large-data transfer, a new capability-based permission system, mobile-first plugin architecture, and HMR extended to Android/iOS simulators. Version 2.6.0 (released 2026) added an x11 Cargo feature enabling Wayland-only builds to trim binary size further.

Source: Tauri 2.0 Stable Release, tauri@2.6.0 release notes, TheirStack Tauri companies

Electron

Attribute	Detail
Latest stable version	v41.0.3 (released March 17, 2026)
Release cadence	Every 8 weeks, aligned with every other Chromium major release
Language	Node.js (main process) + Chromium (renderer)
Rendering	Full bundled Chromium — consistent across all platforms
Mobile support	None (desktop-only)
Governance	OpenJS Foundation; key maintainers employed by Microsoft and Slack/Salesforce
Chromium version (v41)	134.0.6998.44
V8 version	13.5
Notable apps	VS Code, Slack, Discord, Signal, WhatsApp Desktop, Notion, Postman, ChatGPT Desktop, Claude Desktop

Electron shipped 6 major versions in 2025, and in 2026 continues on its 8-week cadence. The OpenJS Foundation’s Sovereign Tech Agency partnership is funding security infrastructure improvements across the ecosystem. Electron v35+ (March 2025) brought significant JS performance improvements via V8 13.5.

Source: Electron Releases, Electron 35 changelog, OpenJS Foundation 2025 Board

2. Performance Comparison

2.1 Binary / Installer Size

Metric	Tauri 2.x	Electron
Minimal app	2–3 MB	85+ MB
Typical production app	8–15 MB	80–120 MB
Real-world example (Hopp app)	8.6 MiB	244 MiB
CodeQuill (migration case)	20 MB	200+ MB

The delta is structural, not tunable: Electron must bundle the full Chromium engine and Node.js runtime regardless of app complexity. Tauri uses the OS WebView, which is already present on every supported platform.

Source: Hopp app benchmark, Oflight benchmark, DEV Community migration

2.2 RAM Usage

Scenario	Tauri 2.x	Electron
Idle / single window	30–50 MB	200–300 MB
Startup (app loading)	50–150 MB	200–500 MB
6 concurrent windows (Hopp test)	~172 MB	~409 MB
Heavy usage with multiple processes	100–200 MB	400–800 MB

For Moklabs products that will co-locate a local LLM (requiring 1–8 GB RAM depending on model size), Tauri’s ~150–250 MB RAM savings per running app instance directly translates to larger usable context windows or the ability to run a more capable quantized model.

Source: Hopp benchmark (6-window test), Oflight comparison, RaftLabs comparison

2.3 Startup Time

Framework	Cold start	Notes
Tauri 2.x	< 500 ms	Native binary; no runtime bootstrapping
Electron	1–2 seconds (mid-range hardware)	Chromium init overhead
2026 benchmark	Tauri 40% faster than Electron	Real-time data processing scenario

Source: 2026 Tauri vs Electron benchmark, RaftLabs real-world test

2.4 CPU Usage

Condition	Tauri 2.x	Electron
Idle	0–1%	2–5%
Active use	Lower, more consistent	Occasional spikes

2.5 Build Times (Developer Impact)

Phase	Tauri	Electron
Initial build (cold)	~80 seconds (Rust compile)	~16 seconds
Incremental frontend change	Near-instant (HMR)	Near-instant (HMR)
Full rebuild after Rust change	15–40 seconds	~16 seconds

Tauri’s initial build time is a real developer friction point, especially in CI. The offset is that incremental builds after frontend-only changes are nearly identical to Electron because Rust recompilation is skipped.

Source: Hopp blog build time data

3. Developer Experience

3.1 Project Setup

Both frameworks now offer excellent scaffolding:

Tauri: npm create tauri-app@latest — interactive wizard, supports React, Vue, Svelte, SolidJS, Angular, Vanilla JS, and more. Experience compared favorably to create-next-app.
Electron: npx create-electron-app — similar experience, slightly less opinionated.

3.2 Hot Reload

Both support HMR for frontend changes. Tauri 2.0 extended HMR to mobile simulators (iOS/Android), a significant advantage for teams building cross-platform. Rust backend changes require recompilation; a typical incremental Rust compile is 5–20 seconds.

3.3 Debugging

Electron:

Full Chromium DevTools in renderer process
Node.js debugger in main process
Mature tooling across the board

Tauri:

Web inspector via right-click or Ctrl+Shift+I / Cmd+Option+I
tauri-plugin-log for structured logging
CrabNebula DevTools (third-party, purpose-built for Tauri): performance, errors, and warnings inspector
Framework-specific devtools (Vue Devtools standalone, React DevTools) work as with any browser app
Known friction: WKWebView on macOS does not support the same debugging workflow as WebView2 on Windows

Source: Tauri Debug docs, CrabNebula DevTools

3.4 Plugin Ecosystem

Tauri official plugins (plugins-workspace):

tauri-plugin-updater — in-app updates
tauri-plugin-store — persistent key/value storage
tauri-plugin-sql — SQLite/MySQL/PostgreSQL via SQLx
tauri-plugin-http — Rust-backed HTTP client
tauri-plugin-fs — filesystem access
tauri-plugin-notification — native OS notifications
tauri-plugin-deep-link — custom URL scheme handlers
tauri-plugin-global-shortcut — system-wide keybindings
tauri-plugin-geolocation, tauri-plugin-nfc, tauri-plugin-haptics (mobile)
tauri-plugin-log — structured logging

Notable community plugins:

tauri-plugin-llm (CrabNebula) — load and run LLMs directly
tauri-plugin-velesdb — native vector database (70 µs semantic search, ≥95% recall, hybrid BM25+vector)
tauri-plugin-aptabase — privacy-first analytics
tauri-plugin-clipboard — read/write clipboard with image support

Electron: Access to the entire npm ecosystem (~2.5M packages). This is Electron’s strongest ecosystem advantage — any Node.js library works with zero adaptation.

Source: Tauri plugins-workspace, awesome-tauri

3.5 Learning Curve

Skill needed	Tauri	Electron
Frontend framework	Same for both	Same for both
Backend language	Rust (steep: 5–6 months to proficiency)	Node.js (most web devs already know it)
Minimum viable app	Minimal Rust required; most logic in JS	Pure JS/TS throughout
Custom native features	Rust required	Node.js + native addons (N-API)

Tauri’s Rust requirement is the largest barrier for teams without prior systems programming experience. However, for teams building privacy-first AI tools (where the backend will do meaningful work — file indexing, encryption, model inference coordination), Rust becomes a feature, not just a tax.

Source: Tauri developer experience survey, Rust learning curve 2025

4. Security Model

4.1 Architectural Comparison

Dimension	Tauri 2.x	Electron
Backend language	Rust — memory-safe by design	Node.js — GC-managed, larger attack surface
Attack surface	OS WebView + Rust core	Full Chromium engine + Node.js runtime
Default posture	Deny-all; explicit allow per command	Node APIs accessible unless explicitly restricted
IPC model	Typed Rust commands; raw payloads for performance	contextBridge over IPC; requires careful configuration
Permission granularity	Per-window capabilities, per-command permissions, parameter-level scopes	contextIsolation + sandbox flags; developer-configured
Memory safety	Rust compile-time guarantees (no buffer overflows, use-after-free)	V8 sandbox + process isolation; CVEs in Chromium still apply

4.2 CVE History and Vulnerability Surface

Electron CVEs (selected 2024–2025):

CVE-2025-10585: V8 engine vulnerability affecting Electron apps requiring sandboxed build + contextIsolation mitigation. CISA added to Known Exploited Vulnerabilities list.
Ongoing: contextIsolation bypass vulnerabilities — apps using both contextIsolation: true and nodeIntegrationInSubFrames: true remain vulnerable to context isolation bypass, allowing renderer-world code to reach Electron’s isolated context.
Electron’s practice of bundling a fixed Chromium version means apps lag behind upstream security patches until the next Electron release (the “patch gap”).

Tauri CVE history: Significantly smaller. Tauri does not ship a browser engine; it relies on the OS WebView, which is updated by the OS vendor independently. The reduced attack surface means fewer CVEs attributable to the framework itself. The Rust backend eliminates entire classes of memory safety vulnerabilities by construction.

Source: Electron CVE list (OpenCVE), CVE-2025-10585 analysis, Sonar Electron security research

4.3 Tauri’s Capability System (v2)

Tauri 2.0 introduced a three-layer security model:

Permissions — on/off toggles per Tauri command (e.g., fs:read-files)
Scopes — parameter validation for commands (e.g., only allow reads within $APPDATA)
Capabilities — binding permissions+scopes to specific Windows/WebViews

This maps naturally to privacy-first product requirements: each Moklabs product can precisely declare what filesystem paths, network sockets, or OS APIs it accesses — and nothing more.

Source: Tauri Security docs, Tauri Capabilities docs

5. Distribution and Updates

5.1 Output Formats

Platform	Tauri 2.x	Electron
Windows	EXE (NSIS), MSI	EXE (Squirrel, NSIS), MSI
macOS	DMG, .app bundle	DMG, .pkg
Linux	.deb, AppImage, RPM, Flatpak, Snap, AUR	.deb, AppImage, RPM, Snap
iOS	IPA (App Store)	Not supported
Android	APK / AAB (Google Play)	Not supported

Limitation: Tauri currently generates EXE and MSI for Windows only — no native MSIX/APPX bundle. Microsoft Store distribution requires wrapping the unpacked EXE, which is less seamless than Electron’s full MSIX support. This was one reason DoltHub deferred migration.

5.2 Auto-Updates

Tauri’s tauri-plugin-updater provides:

Cryptographically signed update manifests (Ed25519 — cannot be disabled)
Public key embedded in tauri.conf.json; private key never distributed
GitHub Releases as first-class update backend
CrabNebula Cloud as managed CDN with channel support (stable/beta/nightly) and download analytics
Differential updates (delta patches) available

Electron’s auto-update ecosystem (Squirrel, electron-updater from electron-builder) is mature and battle-tested at massive scale (VS Code, Slack), but requires more configuration to achieve cryptographic verification equivalent to Tauri’s enforced default.

5.3 Code Signing

Platform	Tauri	Electron
macOS notarization	Supported; required for Gatekeeper	Supported; required
Windows Authenticode	Supported; required to pass SmartScreen	Supported; same requirement
Cross-compilation signing	Custom sign command required for Windows on Linux/macOS	Similar constraints

Source: Tauri Distribution docs, Tauri Windows signing, Tauri macOS signing, Tauri Microsoft Store, Oflight auto-update guide

6. Ecosystem Maturity

6.1 Community Metrics (March 2026)

Metric	Tauri	Electron
GitHub stars	82,800+	~115,000+
Weekly npm downloads	~450 (npm only; most installs via cargo)	~1.4M
Discord members	17,700+	Large (no public count)
Stack Overflow activity	Growing but smaller	Extensive; years of Q&A
YoY adoption growth	+35% (2024–2025)	Stable/mature
Companies tracked using it	~404	Thousands
Maintainer backing	CrabNebula (commercial), community contributors	Microsoft, Slack/Salesforce, OpenJS Foundation

6.2 npm Package Compatibility

This is Electron’s defining ecosystem advantage. The entire Node.js npm ecosystem (~2.5M packages) works in Electron’s main process without modification. In Tauri:

Frontend packages: full npm compatibility (runs in WebView like a browser)
Backend (Rust): use crates.io (~160K crates); many popular Node.js libraries have Rust equivalents
Node.js-specific packages: not available in Tauri’s Rust backend
Notable gaps: some advanced desktop integration packages (complex window management, certain OS APIs) have fewer Rust alternatives

6.3 Documentation Quality

Tauri: Excellent official docs at v2.tauri.app, well-organized with API reference, guides, and plugin docs. Rust crate docs at docs.rs.
Electron: Mature, extensive docs at electronjs.org, years of tutorials, Stack Overflow Q&A, and blog posts. Generally considered better for onboarding JS-only developers.

Source: Tauri GitHub, npm trends, TheirStack

7. AI/ML Integration

7.1 Tauri Sidecar Architecture for Local LLMs

Tauri’s built-in sidecar system is purpose-built for the exact architecture required by local AI apps:

Frontend (JS/TS/React)
    ↕ IPC (typed Rust commands)
Tauri Rust Core
    ↕ managed sidecar lifecycle
LLM Sidecar Binary (candle-vllm / llama.cpp / Python FastAPI)

The tauri-plugin-shell sidecar API handles:

Process lifecycle (spawn, kill, restart)
Stdout/stderr streaming back to frontend
Path bundling — sidecar binaries are included in the app bundle and referenced via $SIDECAR/ at runtime

7.2 Implementation Patterns in Production (2025)

Pattern A: Rust-native inference (fastest)

Use candle (HuggingFace’s Rust ML library) or llama.cpp Rust bindings
Inference runs directly in the Tauri backend process
No IPC overhead for token streaming; direct memory access
Projects: tauri-mistral-chat (GitHub: danielbank/tauri-mistral-chat)

Pattern B: llama.cpp binary sidecar (most compatible)

Bundle prebuilt llama.cpp server binary as a sidecar
Tauri Rust backend spawns and manages the process
Frontend streams tokens via SSE or WebSocket to localhost
Supports GGUF model format; hardware-accelerated (CUDA, Metal, ROCm)

Pattern C: Python sidecar (most flexible, highest overhead)

FastAPI/Flask backend handles: model status checks, HuggingFace downloads, chat streaming
Tauri manages Python process via sidecar
Higher RAM overhead (~200–400 MB for Python runtime on top of model)
Most flexible for integrating Python ML ecosystem

Official plugin: tauri-plugin-llm (CrabNebula) — load and interact with most LLMs natively within the Tauri backend, without a separate sidecar process.

7.3 Vector Database Integration

The tauri-plugin-velesdb community plugin provides a native vector database:

70 µs semantic search
≥95% recall
Hybrid BM25 + vector search
All data on-device — no cloud dependency

Alternative: embed sqlite-vss or qdrant as a sidecar binary, or use pgvector via PostgreSQL sidecar.

7.4 Inference Performance Numbers

Hardware	Inference speed (llama.cpp, Q4 GGUF)
Modern CPU only	10–20 tokens/second
GPU (consumer)	100+ tokens/second
Model memory footprint	~1–2 GB (7B Q4), ~4–5 GB (13B Q4)

7.5 Electron for AI: The RAM Problem

With Electron consuming 200–300 MB at idle, a local LLM desktop app faces real constraints on 8–16 GB RAM machines:

Electron baseline: ~300 MB
Python sidecar: ~300 MB
7B Q4 model: ~4 GB
OS + other processes: ~2 GB
Total: ~6.6 GB on an 8 GB machine — leaving ~1.4 GB for context

With Tauri:

Tauri baseline: ~50 MB
llama.cpp sidecar: ~100 MB
Same 7B Q4 model: ~4 GB
OS + other processes: ~2 GB
Total: ~6.15 GB — leaving ~1.85 GB for context (32% more headroom)

Source: Local AI with Tauri blueprint, tauri-local-lm, tauri-plugin-llm, offline vector DB with Tauri, Electric SQL local AI blog

8. Notable Apps Built With Each Framework

Tauri (2025–2026)

App / Company	Category	Notes
LangForge	EdTech / AI	Privacy-first language learning, local data
World Monitor	OSINT / Security	Local LLM + OSINT, no cloud AI dependency
Swiss medical publisher (unnamed)	Healthcare software	Lightweight signed packages; regulatory traceability
Swiss fintech (unnamed)	Internal tooling	Prototype in one session; CI/CD simplified
Swiss energy company	Operations dashboard	Near-instant hot reload cut feedback loop from minutes to seconds
Various open-source apps	See awesome-tauri	100+ listed projects on awesome-tauri

Electron (2025–2026)

App	Company	Notes
Visual Studio Code	Microsoft	~100M users; proves Electron scales
Slack	Salesforce	50% memory reduction via engineering optimizations
Discord	Discord Inc.	~500M users; complex media/voice processing
Signal Desktop	Signal Foundation	Privacy-first messaging; open source
Notion	Notion Labs	Knowledge management; $10B valuation
Postman	Postman Inc.	API development platform
ChatGPT Desktop	OpenAI	Released 2024
Claude Desktop	Anthropic	Released 2024
WhatsApp Desktop	Meta	Cross-platform messaging

Source: Electron apps showcase, Tauri company list, awesome-tauri

9. Migration Stories

9.1 DoltHub (November 2025)

DoltHub evaluated migrating their Electron-based database GUI (Dolt) to Tauri.

Findings:

Tauri APIs felt more natural than Electron’s IPC for their use case
App size drop was substantial (Electron baseline ~150 MB eliminated)
Sidecar complication: their GraphQL server needed to be compiled to a binary (pkg) vs. running natively in Electron’s Node.js runtime
Blockers for migration: (1) No APPX/MSIX for Microsoft Store; (2) macOS universal binary creation issues; (3) double codesigning complications
Decision: Deferred — migration branch left open for revisiting

Source: DoltHub Electron vs Tauri blog

9.2 Hopp App (Tauri greenfield, 2025)

Hopp chose Tauri over Electron for a screen-sharing/collaboration tool.

Results (measured):

Bundle: 8.6 MiB vs 244 MiB (Electron)
RAM at 6 windows: 172 MB vs 409 MB
Rust backend enabled efficient WebRTC without separate process management
Decision confirmed correct; no plans to revert

Source: Hopp blog: Tauri vs Electron

9.3 Digital Agency (Client Desktop Tool, 2025)

Anonymous agency migration from Electron to Tauri for a client-facing desktop tool:

App size: 130 MB → 8 MB
Download completion rate improved; user adoption increased
Deployment time dropped 40%
Support tickets decreased

Source: Oflight migration case study

9.4 Individual Developer (CodeQuill)

Electron version: 200+ MB
Tauri version: < 20 MB
Self-reported: “10x faster, 97% reduction in bundle size, more native feel”

Source: DEV Community migration post

9.5 Aptabase (Greenfield, Tauri-first)

Aptabase chose Tauri for its analytics SDK because:

Privacy requirement: no bundled tracking runtime
Size constraint: analytics SDK must not bloat the host app
Rust’s memory safety aligned with security posture

Source: Aptabase: Why we chose Tauri

10. Recommendation for Moklabs

10.1 Product Context

Product	Core function	Key constraint
Remindr	Meeting AI — recording, transcription, action items	Real-time audio processing; local AI inference; privacy-critical
Neuron	PKM — knowledge graph, note-taking, local RAG	Vector search; large local file indexes; offline-first
Argus	Security monitoring	Low-resource footprint critical; system-level access; trustworthy binary

All three products share: privacy-first (no cloud data exfiltration), local-first (offline capable), AI-enabled (local model inference), and security-sensitive (user trust is the product).

10.2 Framework Decision: Tauri 2.x

Recommendation: Tauri 2.x for all three products.

Why Tauri Wins for Each Product

Remindr (Meeting AI):

Real-time audio processing benefits from Rust’s zero-copy performance
Local Whisper-based transcription via llama.cpp/candle sidecar stays within RAM budget on typical MacBooks (16 GB)
Tauri’s 50 MB baseline vs Electron’s 300 MB baseline = more headroom for the audio pipeline + model
Fine-grained permission model: microphone access declared explicitly, no accidental exfiltration
Tauri sidecar for audio processing is more efficient than Node.js child_process

Neuron (PKM):

tauri-plugin-velesdb provides native vector search at 70 µs — critical for real-time semantic search
tauri-plugin-sql with SQLite covers local graph storage
Rust backend handles file watching and indexing without the GC pauses that afflict Node.js
Local RAG pipeline fits the candle/llama.cpp sidecar pattern exactly
Lower memory footprint means Neuron can run in background without taxing the system

Argus (Security Monitoring):

Security monitoring tool must itself be trustworthy — Rust’s memory safety eliminates buffer overflow and UAF classes of vulnerabilities in the tool itself
Tauri’s capability system maps directly to the principle of least privilege
Smaller binary = smaller attack surface; fewer components = fewer CVE exposure points
No bundled Chromium means no Chromium CVE exposure in a security product
System-level monitoring via Rust’s native OS APIs is more efficient than via Node.js

10.3 Concrete Technical Recommendations

Architecture pattern for all three products:

Frontend (React/SolidJS + TypeScript)
    ↕ Tauri IPC (typed commands + event streams)
Tauri Rust Core
    ↕ tauri-plugin-llm or sidecar management
AI Inference Layer (llama.cpp binary OR candle Rust crate)
    ↕ tauri-plugin-sql / tauri-plugin-velesdb
Local Storage (SQLite + vector DB)

Plugin stack:

tauri-plugin-updater — auto-updates with cryptographic signing
tauri-plugin-sql (SQLite) — structured data
tauri-plugin-velesdb — vector search for Neuron/Remindr
tauri-plugin-log — structured logging
tauri-plugin-llm or candle-based inference — AI layer
tauri-plugin-store — lightweight key-value config
tauri-plugin-global-shortcut — system-wide activation shortcuts

Distribution:

macOS: DMG + App Store (Apple Developer Program required)
Windows: NSIS EXE + MSI; defer Microsoft Store until Tauri adds MSIX support
Linux: AppImage + Flatpak (Flathub) for maximum reach

10.4 When Electron Would Be the Right Call Instead

Choose Electron if any of these apply:

The team has zero Rust experience and the 12-month roadmap requires shipping immediately
A critical dependency is a Node.js-only native addon with no Rust equivalent
Microsoft Store is mandatory from Day 1 (Tauri’s MSIX gap is a real blocker)
Consistent cross-platform CSS/rendering is non-negotiable and you cannot QA three WebView implementations

11. Risk Assessment

11.1 Tauri Risks and Mitigations

Risk	Severity	Likelihood	Mitigation
Rust learning curve slows initial development	High	High (if team is JS-only)	Hire/contract one Rust-experienced engineer; start with minimal Rust (plugins cover most needs)
WebView rendering inconsistency (macOS vs Windows vs Linux)	Medium	Medium	Allocate QA budget for cross-platform testing; use CSS reset targeting all three WebViews
macOS universal binary complications	Medium	Medium	Use GitHub Actions matrix builds (arm64 + x64 separate) rather than universal binary
Microsoft Store blockers	Low	High (if Store required)	Ship direct download first; revisit when Tauri adds MSIX (tracked issue on GitHub)
Community/maintainer risk	Low	Low	CrabNebula as commercial backer; 82K+ star project; OpenSSF participation
Plugin immaturity for niche OS features	Medium	Medium	Evaluate per-feature; fallback to custom Rust plugin or Electron for that specific product

11.2 Electron Risks (if chosen instead)

Risk	Severity	Likelihood	Mitigation
RAM competition with local LLM inference	High	Certain	Can’t be engineered away; structural Chromium overhead
CVE patch gap (Chromium vulnerabilities)	High	Recurring	Subscribe to Electron security releases; automate update deployment
contextIsolation bypass vulnerabilities	High	Medium	Enforce strict CSP; never enable nodeIntegration in renderer
Bundle size perception (privacy product)	Medium	High	Users of security tools notice 200 MB downloads; affects trust
Long-term: Tauri ecosystem will mature further	Medium	Certain	Not a risk for Electron per se, but compounds switching cost over time

12. Data Points and Numbers Summary

Data Point	Value	Source
Tauri latest version	2.6.0	v2.tauri.app/release
Electron latest version	v41.0.3 (March 17, 2026)	releases.electronjs.org
Tauri GitHub stars	82,800+	github.com/tauri-apps/tauri
Tauri 2024 stars gained	16,000+	github.com/tauri-apps/tauri
Tauri YoY adoption growth	+35%	TheirStack / RaftLabs
Tauri Discord members	17,700+	Tauri blog
Tauri bundle size (typical)	8–15 MB	Hopp, Oflight
Electron bundle size (typical)	80–244 MB	Hopp, Oflight
Tauri RAM at idle	30–50 MB	RaftLabs, Oflight
Electron RAM at idle	200–300 MB	RaftLabs, Oflight
Tauri RAM (6 windows)	172 MB	Hopp measured
Electron RAM (6 windows)	409 MB	Hopp measured
Tauri startup time	< 500 ms	RaftLabs, Oflight
Electron startup time	1–2 seconds	RaftLabs, Oflight
Tauri CPU at idle	0–1%	Oflight
Electron CPU at idle	2–5%	Oflight
Tauri initial build time	~80 seconds	Hopp
Electron build time	~16 seconds	Hopp
Tauri 2.0 stable release date	October 2, 2024	v2.tauri.app/blog/tauri-20
Migration time (50K LOC)	2–3 months	Oflight
DoltHub decision	Deferred (MSIX + universal binary gaps)	dolthub.com
CodeQuill app size reduction	200 MB → 20 MB	DEV Community
Agency tool size reduction	130 MB → 8 MB	Oflight
Inference speed (CPU, 7B Q4)	10–20 tokens/s	tauri-local-lm
tauri-plugin-velesdb search speed	70 µs	crates.io
Electron release cadence	Every 8 weeks	electronjs.org
CVE-2025-10585	V8 RCE affecting Electron, CISA KEV	meetcyber/medium