Using private npm packages
EAS Build comes with full support for using private npm packages in your project. These can either be published to npm (if you have the Pro/Teams plan
) or to a private registry (e.g. using self-hosted verdaccio
You will need to configure your project and/or provide EAS Build with your npm token before you start the build.
By default, EAS Build uses a self-hosted npm cache that speeds up installing dependencies for all builds. Every EAS Build worker is configured with an
~/.npmrc that looks something like this:
If your project is using private packages published to npm, you need to provide EAS Build with a read-only npm token
so we can install your dependencies successfully.
The recommended way is to add the
secret to your account or project's secrets. See the secret environment variables
docs to learn how to do this.
When EAS detects that the
NPM_TOKEN environment variable is available during a build, it automatically creates the following
However, this only happens when you don't already have an
.npmrc in your project's root directory. If you do already have this file, you need to update it manually.
You can verify it worked by viewing build logs and looking for the
Prepare project build phase:
If you're using a private npm registry like self-hosted verdaccio
, you will need to configure the
.npmrc file in your project's root directory with the following contents:
If your registry requires authentication, you will also need to provide the token. Assuming your registry URL is
This is an advanced example, and you will probably never use it. Private npm packages are always scoped (see npm docs
). Let's assume that your npm username is
and your private self-hosted registry URL is
. If you want to install dependencies from both sources, create the following
in your project's root directory: