Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@expo/cli
Advanced tools
@expo/cli is a command-line tool that helps developers build, develop, and manage React Native projects using the Expo framework. It simplifies the process of creating, running, and deploying mobile applications.
Creating a new Expo project
This command initializes a new Expo project with a default template. You can choose from various templates like blank, tabs, or minimal.
expo init my-new-project
Running the project
This command starts the development server and opens the Expo DevTools in the browser. It allows you to run your app on an emulator, simulator, or physical device.
expo start
Building the project
This command builds the project for Android. You can also build for iOS using `expo build:ios`. It generates the APK or IPA files needed for distribution.
expo build:android
Publishing the project
This command publishes your project to Expo's hosting service, making it available to anyone with the Expo Go app. It uploads your app's JavaScript bundle and assets.
expo publish
Ejecting from Expo
This command ejects your project from the managed workflow to the bare workflow, giving you full control over the native code. This is useful if you need to add custom native modules.
expo eject
The React Native CLI is a command-line tool for managing React Native projects. It offers similar functionalities to @expo/cli, such as initializing projects, running them on emulators or devices, and building for production. However, it does not provide the same level of managed services and ease of use as Expo.
Ignite CLI is a command-line tool for creating and managing React Native projects with a focus on best practices and scalability. It provides a set of boilerplates and plugins to kickstart development. Compared to @expo/cli, Ignite offers more opinionated setups and additional tools for state management and navigation.
Create React Native App (CRNA) is a tool to create a React Native project with no build configuration. It is similar to `expo init` but focuses solely on the initial setup. CRNA has been integrated into Expo CLI, making @expo/cli a more comprehensive tool.
The fastest way to build and run universal React Native apps for Android, iOS, and the web
📚 Read the Documentation | Contribute to Expo CLI
The @expo/cli
package is a CLI binary that should be used via the expo
package, like npx expo start
(or npx expo
for short).
npx expo
⭐️ Be sure to star the Expo GitHub repo if you enjoy using the project!
This CLI has the following purposes:
login
, logout
, whoami
, register
. Standard web CLIs don't have authentication commands because they either don't set up https or they use emulation via packages like devcert
.Simulator.app
, Android Studio, ADB, etc. to make native builds as painless as possible. run:ios
, run:android
commands.prebuild
command that can reliably work with a project for long periods of time. Prebuild is like a bundler for native code, it generates the ios
, android
folders based on the project Expo config (app.json
).
npx expo config
is auxiliary to npx expo prebuild
and used for debugging/introspection.npx expo install
this is a minimal utility born out of pure necessity since versioning in React Native is hard to get right.To develop the CLI run (defaults to watch mode):
yarn build
We highly recommend setting up an alias for the Expo CLI so you can try it in projects all around your computer. Open your .zshrc
or other config file and add:
alias nexpo="/path/to/expo/packages/@expo/cli/build/bin/cli"
Then use it with nexpo
like nexpo config
. You can also set up a debug version:
alias expo-inspect="node --inspect /path/to/expo/packages/@expo/cli/build/bin/cli"
Then you can run it and visit chrome://inspect/#devices
in Chrome, and press "Open dedicated DevTools for Node" to get a debugger attached to your process. When debugging the CLI, you'll want to disable workers whenever possible, this will make all code run on the same thread, this is mostly applicable to the start
command, i.e. expo-inspect start --max-workers 0
.
CHANGELOG.md
with changes for every PR. You only need to add the message, our GitHub bot will automatically suggest adding your name and PR number to the diff.async
functions with Async
like runAsync
. This is just how we format functions at Expo.CommandError
instead of Error
-- this helps with debugging and making the experience feel more coherent.Log
module instead of console.log
.Something happened (foo: bar, baz: foz)
.
Something happened: bar, foz
or Something happened: foo=bar, baz=foz
.expo start
), arguments (--port
), and --help
messages should be modified internally, by the Expo team to ensure the developer experience is unified across Expo tooling. External contributions modifying these core aspects may be rejected.profile
utility method with the EXPO_PROFILE=1
environment variable to measure execution time.isOffline
boolean.taskr
+ swc
, this is partially inspired by Next.js' local CLI.process.env.__EXPO_VERSION
instead of reading the local package.json
at runtime.expo
meaning the SDK Version is always present.
@expo/cli
.@expo/config
method getConfig
does not need the skipSDKVersionRequirement
in any case since expo
should always be installed. Ex: getConfig('...', { skipSDKVersionRequirement: true });
shouldn't be used.node_modules
folder.
expo
package as these may kill the running process. Features that need this pattern (like expo upgrade
) should live in standalone global tools.There are two testing scripts:
yarn test
: Controlled unit and integration tests.yarn test:e2e
: End to end testing for CLI commands. This requires the files to be built with yarn build
--watch
flag. Example: yarn test --watch config
.it
blocks. Example it(works
)
.packages/@expo/cli/
folder (i.e. no yarn.lock
modifications, etc.) then most native CI tests will be skipped, making CI pass faster in PRs.nock
for network requests.describe
blocks that wrap all the tests in a file.describe
block instead of a stringified function name:
describe(foobar, () => {})
instead of describe('foobar', () => {})
fs
via memfs
whenever possible.npx expo prebuild
and npx expo start
commands for instance, we utilize a helper method that will default to reusing a project + node_modules when run locally. This can be toggled off to bootstrap a fresh project every time.os.tmpdir()
as this folder is automatically cleaned up when the computer restarts.TL;DR:
expo-cli
was 'make it work', whereas@expo/cli
is 'make it right, make it fast'.
The legacy global expo-cli
package was deprecated in favor of this versioned @expo/cli
package for the following reasons:
expo-cli
was too big and took way too long to install. This made CI frustrating to set up since you needed to also target global node modules for caching.expo-cli
worked for almost all versions of the expo
package, meaning it was getting more complex with every release.expo-cli
combined service commands (like the legacy build
, submit
, publish
) with project-level commands like expo start
. We've since divided services into eas-cli
and project commands into npx expo
(@expo/cli
). This structure is more optimal/faster for developers since they can install/update commands when they need them.$EDITOR
instead of the custom $EXPO_EDITOR
environment variable. Also transitioning away from $EXPO_DEBUG
and more towards $DEBUG=expo:*
. These types of changes make Expo CLI play nicer with existing tooling.expo start:web
and expo web
commands have been rolled into npx expo start
as we now lazily load platforms until the device requests them.expo-cli
may still be getting migrated over to this new CLI. For a more comprehensive breakdown see the start command PR.FAQs
The Expo CLI
The npm package @expo/cli receives a total of 624,458 weekly downloads. As such, @expo/cli popularity was classified as popular.
We found that @expo/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 27 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.