A guide on using Bun with Expo and EAS.
Bun is a JavaScript runtime and a drop-in alternative for Node.js. In Expo projects, Bun can be used to install npm packages and run Node.js scripts. The benefits of using Bun are faster package installation than npm, pnpm, or yarn and at least 4x faster startup time compared to Node.js, which gives a huge boost to your local development experience.
To create a new app using Bun, install Bun on your local machine.
To create a new project, run the command:
- bun create expo my-appYou can also run any package.json script with bun run:
- bun run iosTo install any Expo library, you can use bun expo install:
- bun expo install expo-avEAS decides which package manager to use based on the lockfile in your codebase. If you want EAS to use Bun, run bun install in your codebase and ensure it creates a bun.lockb — the Bun lockfile. Make sure to delete any other lockfiles. As long as this lockfile is in your codebase, Bun will be used as the package manager for your builds.
Bun is installed by default when using EAS. See the Android server images section and iOS server images section to learn which version of Bun is used by your build's image.
If you need to use a specific version of Bun, you can configure the exact version in each build in your eas.json:
{
"build": {
"test": {
"bun": "1.0.0"
%%placeholder-start%%... %%placeholder-end%%
}
%%placeholder-start%%... %%placeholder-end%%
}
}
It is currently not possible to import another package manager's lockfile into Bun (though this feature is being worked on). Until this is done, there is an element of risk to switching over to Bun on an existing project.
The purpose of a lockfile is to lock down your dependency tree. If there is a library in package.json whose version number starts with a ^ or ~, you are likely to end up with a different version of the package.
^ means you're opting into future minor and patch versions~ means you're opting into future patch versions onlyAccording to Semantic Versioning (SemVer), minor and patch versions do not include breaking changes. Unfortunately, breaking changes can still slip through. Since a lockdown file contains specific versions of dependencies, you will not get updates unless you explicitly opt-in. By deleting the lockfile, you are losing that safety and getting the latest versions available of all the packages as defined in your package.json.
To migrate to using Bun (use at your own risk):
- rm -rf node_modules- rm yarn.lock pnpm-lock.yaml package-lock.json- bun installUnlike other package managers, Bun does not automatically execute lifecycle scripts from installed libraries, as this is considered a security risk. However, if a package you are installing has a postinstall script that you want to run, you have to explicitly state that by including that library in your trustedDependencies array in your package.json.
For example, if you install packageA, which has a dependency on packageB and packageB has a postinstall script, you must add packageB in your trustedDependencies.
To add a trusted dependency in your package.json, add:
"trustedDependencies": ["your-dependency"]
Then, remove your lockfile and re-install the dependencies:
- rm -rf node_modules- rm bun.lockb- bun installIf you're using sentry-expo or @sentry/react-native, these depend on @sentry/cli, which updates source maps to Sentry during your build. The @sentry/cli package has a postinstall script which needs to run for the "upload source maps" script to become available.
To fix this, add @sentry/cli to your trusted dependencies array in package.json:
"trustedDependencies": ["@sentry/cli"]