Thanks for the confirmation. After quite some digging I found out how to sign the dependency.
(For anyone else encountering this issue I added "asarUnpack": ["**/*.node"] to the build > mac key in the package.json file which takes all .node binary files out of the asar package, otherwise even if it is signed Apple can't read the signature and will throw an error).
So the signing part is taken care of, and the code signature error is gone but now something is happening that I don't know how to interpret.
A) Packaging Electron apps: Electron does not package apps for distribution directly. Instead they recommend a third party packaging utility called electron-builder. You add configuration to a package.json file to build for a target platform, in this case the Mac App Store, then run the build utility. It will return (1) an executable app for that configuration, and (2) the same app inside a .pkg file ready for submission to the Mac App Store for review. From my understanding the two apps are identical, but one happens to be wrapped in a pkg installation file.
B) Incorporating Node packages (i.e., libraries) in an app: Electon is build on top of Node.js and Chromium, both of which are included in the app. If your app needs third-party Node.js packages (referred to as native dependencies) such as Sqlite3 to use sqlite database then they will be installed as binary executable files having a .node extension. Getting these signed was my original problem.
To test my app I created a second "volume" on my Mac running on Catalina OS with no developer certificates so simulating some random user. Until now I have been getting the same results whether I execute the generated app or install it from the .pkg file. But in this case, if I launch the generated app it opens with no errors. But if I use the .pkg version to install it first then launch I now get this error:
Error: dlopen(/path/to/node_sqlite3.node, 1): no suitable image found.
Did find: /path/to/node_sqlite3.node: stat() failed with errno=13
So I am still having some issue with the third party node package/library. And it's not specific to Sqlite, I installed a different node package and got this same error only for that package.
I don't know what errno 13 means. From search engines I found this unofficial explanation: "when stat() fails with errno=13, usually it's a permissions problem."
So if that's true what would be causing it? I confirmed the binary is signed in both the generated app and the one installed from the .pkg file. In either case, if I run:
codesign --display --verbose ./path/to/node_sqlite3.node
Format=Mach-O thin (x86_64)
CodeDirectory v=20200 size=15436 flags=0x0(none) hashes=475+5 location=embedded
Signed Time=Jan 29, 2020 at 2:06:51 PM
Internal requirements count=1 size=192
Is it possible I am getting this error because I didn't install it from the Mac App Store and if I submitted the pkg file as is to Apple for review they would not get this error?
Anyway, not sure what the problem is or how to proceed. Any help will be greaaatly appreciated. Thanks.