This "running-a-websocket-server-on-localhost-for-the-electron-app" thing is becoming a trend nowdays, but I'm not sure if most developers are aware that any website can access it, even though its just ment to be a local (not so secure) API in 99% of the cases.