Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
create-expo-app
Advanced tools
The fastest way to create universal React apps
# Usage for bun, npm, pnpm, and yarn
npx create-expo
bun create expo
pnpm create expo
yarn create expo
# Output help information with all available options
npx create-expo --help
Once you're up and running with Create Expo App, visit this tutorial for more information on building mobile apps with React.
Create Expo App prepares an empty Expo project by default. You can choose to use a project with more prepared functionality. For that, you can start Create Expo App with the --template
flag.
# Pick from Expo's templates
npx create-expo --template
# Pick the expo-template-tabs template
npx create-expo --template tabs
Expo publishes all templates through npm packages, versioned by Expo SDK. You can create your own npm templates with npm pack
, or by publishing to npm.
# Create from npm
npx create-expo --template tabs # Short for expo-template-tabs
npx create-expo --template expo-template-tabs
# Create from npm using a semver of the template
npx create-expo --template expo-template-blank@50
# Create from local tarball created with `npm pack`
npx create-expo --template ./path/to/template.tgz
Create Expo App does not support private registries. In order to use a private template, use the local tarball option.
Besides the templates provided by Expo, you can also create your own or use a 3rd party template directly from GitHub. The --template
flag supports GitHub URLs, including branch, tag, or even specific commit.
# Create from repository
npx create-expo --template https://github.com/:owner/:repo
# Create from repository using the `:ref` branch or tag
npx create-expo --template https://github.com/:owner/:repo/tree/:ref
# Create from repository using the `sdk-50` branch, and "templates/expo-template-bare-minimum" subdirectory
npx create-expo --template https://github.com/expo/expo/tree/sdk-50/templates/expo-template-bare-minimum
Create Expo App customizes the name of the created app by replacing certain placeholder values in the template with the name specified by the user. Most users won't have to think about this process, but it may be relevant for users offering their own templates.
Renaming the app is a two-step process:
By convention, Expo templates use several placeholder values to be searched for and replaced:
Hello App Display Name
→ The name of the project, without modifications (example Android)HelloWorld
→ The name of the project with sanitization as described below (example Android, iOS)helloworld
→ The lower-cased name of the project with sanitization as described below (example Android)Although all file and folder names are rewritten, only files specified by the "rename config" have their contents rewritten. This is determined by the defaultRenameConfig
constant in ./src/Template.ts.
Some characters aren't allowed in certain places, that's why Create Expo App applies sanitization to the project name.
\W
and underscore _
characters.NFD
.u0300-u036f
.Due to some limitations with npm pack
, some files are handled differently.
gitignore
→ Renamed to .gitignore
due to npm pack
skipping .gitignore
files, see npm/npm#1862FAQs
Create universal Expo apps
The npm package create-expo-app receives a total of 39,077 weekly downloads. As such, create-expo-app popularity was classified as popular.
We found that create-expo-app demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.