A tool to hash native dependencies for React Native & Expo projects
DepHash is a tool that allows you to automate the hashing of native dependencies for React Native and Expo projects. It can be used to easily track changes in dependencies and ensure reproducibility.
Installation · CLI · Usage · ContributeTo install Dephash, simply use your favourite Node.js package manager.
yarn add -D dephash
npm install --save-dev dephash
Dephash exposes a CLI for you to generate a hash.
yarn dephash --raw
Generates a hash based off the dependencies & files from the current working directory.
Options:
--root-directory will be where the the scan begins for files
--algorithm <xxhash|sha1> [default: 'sha1'] which algorithm to use
--exclude-ios will not consider native ios changes
--exclude-android will not consider native android changes
--exclude-expo-config will not consider expo changes (ie. *.plugin.js, app.config.js, etc.)
--factor-all-changes will generate a new hash even if the changes are non-native
--additional-patterns <pattern> glob patterns seperated by ","
--raw, -r whether to just return the raw value in stdout
--output <path>, -o <path> a path with a path to write out
--eas-only whether or not to only run on eas
-h, --help display help for command
Dephash allows you to hash the dependencies in the current working directory as a string. The following is an example usage.
import { hashDependencies } from "dephash";
const hash = hashDependencies();
console.log(hash);
This will hash the dependencies in the current working directory and print the resulting hash as a string to the console.
You can pass options to hashDependencies to customize its behaviour.
Where the scan for files that will contribute to the hash will come from.
An array of Platform enums that allows you to exclude the native dependencies of specific platforms. The possible values of this enum are:
Platform.AndroidPlatform.IosA boolean value that allows you to exclude the Expo configuration files from the hash.
A boolean value that allows you to factor in all dependency changes into the hash, including those outside of native dependencies.
An array of additional glob patterns to include in the dependency hashing.
Here's an example of using the options:
import { hashDependencies, Platform } from "dephash";
const options = {
excludePlatforms: [Platform.Ios],
excludeExpoConfig: true,
factorAllDependencyChanges: false,
additionalPatterns: ["**/someFolder/*"],
};
const hash = hashDependencies(options);
console.log(hash);
Feel free to contribute to the repository. Pull requests and issues with feature requests are super welcome!
FAQs
Hashes native dependencies for React Native & Expo projects
The npm package dephash receives a total of 21 weekly downloads. As such, dephash popularity was classified as not popular.
We found that dephash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.
Security News
CISA’s 2025 draft SBOM guidance adds new fields like hashes, licenses, and tool metadata to make software inventories more actionable.