A guide on using Bun with Expo and EAS.
To create a new app using Bun, install Bun on your local machine by running the command:
curl -fsSL https://bun.sh/install | bash
Now, create your new Expo project:
bun create expo my-app
You can also run any package.json script with
bun run ios
To install any Expo library, you can use
bun expo install:
bun expo install expo-av
EAS decides which package manager to use based on the lockfile in your codebase. If you want EAS to use Bun, run
bun install in your codebase and ensure it creates a bun.lockb — the Bun lockfile. Make sure to delete any other lockfiles. As long as this lockfile is in your codebase, Bun will be used as the package manager for your builds.
email@example.com by default. If you need to use a particular version of Bun, you can configure the exact version in each build in your eas.json:
It is currently not possible to import another package manager's lockfile into Bun (though this feature is being worked on). Until this is done, there is an element of risk to switching over to Bun on an existing project.
The purpose of a lockfile is to lock down your dependency tree. If there is a library in package.json whose version number starts with a
~, you are likely to end up with a different version of the package.
^ means you're opting into future minor and patch versions
~ means you're opting into future patch versions only
According to Semantic Versioning (SemVer), minor and patch versions do not include breaking changes. Unfortunately, breaking changes can still slip through. Since a lockdown file contains specific versions of dependencies, you will not get updates unless you explicitly opt-in. By deleting the lockfile, you are losing that safety and getting the latest versions available of all the packages as defined in your package.json.
To migrate to using Bun (use at your own risk):
rm -rf node_modules
rm yarn.lock pnpm-lock.yaml package-lock.json
Unlike other package managers, Bun does not automatically execute lifecycle scripts from installed libraries, as this is considered a security risk. However, if a package you are installing has a
postinstall script that you want to run, you have to explicitly state that by including that library in your
trusted dependencies array in your package.json.
For example, if you install
packageA, which has a dependency on
packageB has a
postinstall script, you must add
packageB in your
To add a trusted dependency in your package.json, add:
Then, remove your lockfile and re-install the dependencies:
rm -rf node_modules
If you're using
@sentry/react-native, these depend on
@sentry/cli, which updates source maps to Sentry during your build. The
@sentry/cli package has a
postinstall script which needs to run for the "upload source maps" script to become available.
To fix this, add
@sentry/cli to your trusted dependencies array in package.json: