Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@bycedric/create-expo
Advanced tools
The fastest way to create universal React apps
# Usage for bun, npm, pnpm, and yarn
npx create-expo
bun create expo
pnpm create expo
yarn create expo
# Output help information with all available options
npx create-expo --help
Once you're up and running with Create Expo App, visit this tutorial for more information on building mobile apps with React.
Create Expo App prepares an empty Expo project by default. You can choose to use a project with more prepared functionality. For that, you can start Create Expo App with the --template
flag.
# Pick from Expo's templates
npx create-expo --template
# Pick the expo-template-tabs template
npx create-expo --template tabs
Expo publishes all templates through npm packages, versioned by Expo SDK. You can create your own npm templates with npm pack
, or by publishing to npm.
# Create from npm
npx create-expo --template tabs # Short for expo-template-tabs
npx create-expo --template expo-template-tabs
# Create from npm using a semver of the template
npx create-expo --template expo-template-blank@50
# Create from local tarball created with `npm pack`
npx create-expo --template ./path/to/template.tgz
Create Expo App does not support private registries. In order to use a private template, use the local tarball option.
Besides the templates provided by Expo, you can also create your own or use a 3rd party template directly from GitHub. The --template
flag supports GitHub URLs, including branch, tag, or even specific commit.
# Create from repository
npx create-expo --template https://github.com/:owner/:repo
# Create from repository using the `:ref` branch or tag
npx create-expo --template https://github.com/:owner/:repo/tree/:ref
# Create from repository using the `sdk-50` branch, and "templates/expo-template-bare-minimum" subdirectory
npx create-expo --template https://github.com/expo/expo/tree/sdk-50/templates/expo-template-bare-minimum
Create Expo App customizes the name of the created app by replacing certain placeholder values in the template with the name specified by the user. Most users won't have to think about this process, but it may be relevant for users offering their own templates.
Renaming the app is a two-step process:
By convention, Expo templates use several placeholder values to be searched for and replaced:
Hello App Display Name
→ The name of the project, without modifications (example Android)HelloWorld
→ The name of the project with sanitization as described below (example Android, iOS)helloworld
→ The lower-cased name of the project with sanitization as described below (example Android)Although all file and folder names are rewritten, only files specified by the "rename config" have their contents rewritten. This is determined by the defaultRenameConfig
constant in ./src/Template.ts.
Some characters aren't allowed in certain places, that's why Create Expo App applies sanitization to the project name.
\W
and underscore _
characters.NFD
.u0300-u036f
.Due to some limitations with npm pack
, some files are handled differently.
gitignore
→ Renamed to .gitignore
due to npm pack
skipping .gitignore
files, see npm/npm#1862FAQs
Built-in fetch test
We found that @bycedric/create-expo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.