macOS has a somewhat fine-grained permission system to control what applications are allowed to do, and since nut.js tries to immitate human behavior, it needs to be able to:
- capture the screen
- simulate keyboard and mouse events
Thus, nut.js needs to request permissions to do so.
Back in its early days, nut.js has handled this by instructing users to give the respective processes these permissions in the readme. But I'm sure you can image how carefully people have been paying attention to this, and how often I had to ask people whether they had given the necessary permissions.
With version 2.3.0, nut.js introduced an automatic permission check. It'd check whether the necessary permissions are granted, depending on the operation being performed, and if not, it would request them. This solved quite a lot of headaches, both for me and for users, since it ruled out the missing permissions as a problem.
However, this still had a major drawback: It happens automatically, with no direct way to check for permissions or request them manually. For plain automation scripts, this is not a big deal, but for more complex applications, like one of our customers is building, this turns out to be a problem.
Depending on the structure and architecture of your application, it might cause a permission request with no clear intent, because some things are set up in the background. For users, this can be confusing, because why would you need to give permissions for something that you didn't even ask for?
So with the latest release v5.2.0, nut.js now offers a new API to request permissions:
import { system } from "@nut-tree/nut-js";
console.log(system.permissions.macOS.hasAccessibilityPermission());
system.permissions.macOS.requestAccessibilityPermission();
console.log(system.permissions.macOS.hasScreenRecordingPermission());
system.permissions.macOS.requestScreenRecordingPermission();The new API allows you to check whether a permission is granted and to request it manually.
This allows you to avoid automatic permission requests and makes it possible to shield actions that require permissions until they are explicitly requested.
An improvement for both users and developers.
Let me know what you think and if you have any suggestions for improvements!
Best regards,
Simon