Edit this page
Learn how to configure EAS Build to use private npm packages.
EAS Build has full support for using private npm packages in your project. These can either be published to npm (if you have the Pro/Teams plan) or to a private registry (for example, using self-hosted Verdaccio).
Before starting the build, you will need to configure your project to provide EAS Build with your npm token.
By default, EAS Build uses a self-hosted npm cache that speeds up installing dependencies for all builds. Every EAS Build builder is configured with a .npmrc file for each platform:
registry=http://npm-cache-service.worker-infra-production.svc.cluster.local:4873
registry=http://10.254.24.8:4873
If your project is using private packages published to npm, you need to provide EAS Build with a read-only npm token so that it can install your dependencies successfully.
The recommended way is to add the NPM_TOKEN secret to your account or project's secrets:
For more information on how to do that, see secret environment variables.
When EAS detects that the NPM_TOKEN environment variable is available during a build, it automatically creates the following .npmrc:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
registry=https://registry.npmjs.org/
However, this only happens when .npmrc is not in your project's root directory. If you already have this file, you need to update it manually.
You can verify if it worked by viewing build logs and looking for the Prepare project build phase:
If you're using a private npm registry such as self-hosted Verdaccio, you will need to configure the .npmrc manually.
Create a .npmrc file in your project's root directory with the following contents:
registry=__REPLACE_WITH_REGISTRY_URL__
If your registry requires authentication, you will need to provide the token. For example, if your registry URL is https://registry.johndoe.com/, then update the file with:
//registry.johndoe.com/:_authToken=${NPM_TOKEN}
registry=https://registry.johndoe.com/
This is an advanced example.
Private npm packages are always scoped. For example, if your npm username is johndoe, the private self-hosted registry URL is https://registry.johndoe.com/. If you want to install dependencies from both sources, create a .npmrc in your project's root directory with the following:
//registry.npmjs.org/:_authToken=${NPM_TOKEN}
@johndoe:registry=https://registry.npmjs.org/
registry=https://registry.johndoe.com/
If you have a submodule in a private repository, you will need to initialize it by setting up an SSH key. For more information, see submodules initialization.