Expo Application Services
API Reference

Using private npm packages

EAS Build comes with full support for using private npm packages in your project. These can either be published to npm (if you have the Pro/Teams plan) or to a private registry (for example, using self-hosted verdaccio).
You will need to configure your project and/or provide EAS Build with your npm token before you start the build.

Default npm configuration

By default, EAS Build uses a self-hosted npm cache that speeds up installing dependencies for all builds. Every EAS Build worker is configured with an ~/.npmrc that looks something like this:



If your project is using private packages published to npm, you need to provide EAS Build with a read-only npm token so we can install your dependencies successfully.
The recommended way is to add the NPM_TOKEN secret to your account or project's secrets. See the secret environment variables docs to learn how to do this.
Secret creation UI filled
When EAS detects that the NPM_TOKEN environment variable is available during a build, it automatically creates the following .npmrc:
However, this only happens when you don't already have a .npmrc in your project's root directory. If you do already have this file, you need to update it manually.
You can verify it worked by viewing build logs and looking for the Prepare project build phase:
.npmrc created

If you're using a private npm registry like self-hosted verdaccio, you will need to configure the .npmrc file manually.
Create an .npmrc file in your project's root directory with the following contents:
If your registry requires authentication, you will also need to provide the token. Assuming your registry URL is

This is an advanced example, and you will probably never use it. Private npm packages are always scoped (see npm docs). Let's assume that your npm username is johndoe and your private self-hosted registry URL is If you want to install dependencies from both sources, create the following .npmrc in your project's root directory: