March 27, 2026·10 min read

Monorepos with Expo: Metro, workspaces, and shared packages

Sharing code between apps sounds great until Metro won’t resolve `packages/ui`. You’ll touch watchFolders, symlinks, and sometimes `expo-router` paths. Here’s what usually breaks first. The goal is one React tree, predictable imports, and packages that do not import your app’s navigators back.

Single version of React

Duplicate React in nested node_modules causes the infamous hooks errors. Hoist carefully; use package manager overrides when needed.

Document the supported workspace tool—pnpm vs yarn matters.

Metro config

Watch local packages, map aliases, and reset caches when you add a new internal dependency. CI should match local resolution.

Native modules in shared packages still need autolinking awareness.

Boundaries

Not everything belongs in `shared`. Keep app-specific navigation out of generic UI packages to avoid circular imports.

Version internal packages or use `workspace:*` consistently.

First-day setup that saves weeks

Commit a working Metro config snippet for your workspace layout, add `watchFolders` for `packages/*`, and script `expo start -c` after internal package changes. In CI, run the same Node and package manager versions as dev.

When hooks errors appear, check duplicate React before you rewrite business logic—nine times out of ten it is resolution.

Workspace tooling choices

pnpm, Yarn Berry, and npm workspaces differ in hoisting and symlink behavior—pick one and document why. Duplicate React often stems from hoisting misconfiguration; use overrides or `resolutions` deliberately. Keep Node and package manager versions pinned in CI to match dev. Educate contributors on workspace commands—confusion breeds duplicate installs.

Metro configuration essentials

`watchFolders` must include local packages; `resolver.extraNodeModules` may help with odd layouts. Reset caches when adding packages. Symlinks sometimes need `unstable_enableSymlinks` or similar flags per Metro version—verify against current docs. Align Babel config across packages to avoid transform mismatches.

Package boundaries

Shared UI packages should not import app navigators. Enforce with lint rules or TypeScript project references. Version internal packages or use `workspace:*` consistently. Publish changelogs for shared packages—even internal—so apps know what changed. Circular dependencies between packages signal boundary problems—fix architecture, not imports hacks.

Native modules in shared packages

Autolinking must see native code; document pod install and Gradle steps for consumers. Test consuming apps on both platforms when shared packages change native surface. Consider peer dependencies for `react-native` to avoid duplicates. Communicate breaking native changes loudly.

CI caching and reproducibility

Cache `node_modules` carefully—invalidate on lockfile changes. Parallelize builds across apps sharing packages when safe. Use deterministic installs. Surface diffs in generated native projects when prebuild changes—unexpected churn wastes time.

Developer experience

Provide scripts for bootstrap, clean, and typecheck across workspaces. Document common failure modes—duplicate React, Metro resolution errors—with fixes. Onboard new hires with a diagram of package relationships. Good DX pays back in fewer Slack interruptions.

Migration tactics

Moving into a monorepo incrementally reduces risk: extract shared code first, stabilize, then add second app. Avoid big-bang moves during release crunch. Measure build times before and after—sometimes monorepos need caching investments to feel worthwhile.

Shipping and reliability habits (1)

Splash screens and launch gates should reflect honest readiness: fonts, theme, session, critical remote config—not every SDK under the sun. Infinite splash is worse than a slightly longer branded hold. Match native and JS background colors to avoid flashes; respect reduced motion for animations.

JWT and session refresh flows need single-flight refresh, clear logout semantics, and secure storage for refresh tokens when appropriate. Parallel 401s should not stampede refresh endpoints. Clock skew and biometrics policies belong in explicit product decisions, not accidental implementation details.

Platform differences worth rehearsing (2)

Testing onboarding changes with funnel metrics beats debating opinions. Segment by acquisition channel and platform; back behavior differs. Skip paths must be genuine—dark patterns may win short metrics and destroy brand trust. Localization length tests prevent clipped CTAs in verbose languages.

Background execution policies change with OS updates—revalidate after major iOS and Android releases. Misused background modes invite rejection. Persist user work frequently; the OS can kill you anytime after backgrounding. Uploads and timers should tolerate pause and resume without corrupting state.

Security, privacy, and data handling (3)

Shipping React Native features is less about any single API and more about the system around it: typed boundaries, predictable navigation, and telemetry that tells you what broke in production. Prefer boring, explicit modules over clever metaprogramming that the next hire cannot grep. When platform vendors change behavior in point releases, your defense is automated smoke tests on real devices and a short internal changelog of native assumptions you rely on.

Performance work should start with measurement, not instinct. Watch JS thread versus UI thread separately; they bottleneck differently. Lists, images, and animations dominate most regressions—optimize those before micro-optimizing pure functions. Hermes, JSC, and bridge internals evolve; re-profile after every major upgrade instead of trusting last year’s numbers. Battery and thermal throttling on mid devices reveal issues flagship phones hide.

Performance and measurement discipline (4)

Push notifications walk a line between helpful and intrusive. Prime users with context, respect notification channels on Android, and measure opt-outs after campaigns—spikes mean copy or frequency problems. Payload design affects background behavior; test killed and locked-device states. Tokens belong server-side with rotation strategies; never treat the client as authoritative for subscription state.

Images and maps look simple in mocks and expensive in production. Decode sizes should match display sizes; static map thumbnails are not interchangeable with interactive MapView gestures. Quotas, API keys, and offline behavior need explicit fallbacks—addresses as text, retry buttons, and calm error copy. Monitor vendor dashboards for spikes that indicate bugs or abuse.

Team process and long-term maintenance (5)

Type-safe navigation pays off when routes multiply. Keep param lists near navigators, validate external URLs, and avoid serializing non-JSON-safe values through params. Renaming routes is a cross-cutting change—update analytics, push payloads, and E2E selectors in the same release train.

FlatList performance is configuration as much as code. Stable keys, reasonable `windowSize`, and memoized rows beat switching to a different list primitive blindly. Nested virtualized lists are a last resort—redesign first. Profile with production-like data volumes; dev placeholders lie.

Shipping and reliability habits (6)

Reanimated and gesture libraries earn their place when profiling proves UI-thread work and your team can maintain native upgrades. Worklets have constraints—read errors carefully. Respect reduced motion and test Android timing differences—identical JS does not guarantee identical feel.

Analytics schema governance prevents warehouse disasters: version events, avoid high-cardinality strings, and align names across iOS, Android, and web. Consent gating must stop network calls, not just UI. Separate dev and prod projects to avoid polluting dashboards.

Platform differences worth rehearsing (7)

Project structure should make ownership obvious: routes as backbone, feature folders for product areas, thin screens, and shared infrastructure that is deliberately named. Refactor in vertical slices with device-tested releases—big-bang rewrites without tests are how teams lose weeks.

Helper modules concentrate glue code—storage, navigation, permissions—so screens stay readable. Split helpers by topic before files become merge-conflict magnets, and document each module’s contract. Good helpers answer ‘where do we save tokens?’ in one glance—not ‘ask Sarah.’

Security, privacy, and data handling (8)

Native modules are product decisions disguised as engineering tasks. You inherit Xcode and Gradle upgrades, store review scrutiny, and security obligations. Prefer maintained Expo modules and config plugins before writing JNI or Swift glue from scratch. When you must go native, budget pairing time with platform specialists and write runbooks for on-call—crashes in native code bypass many JS safeguards.

Deep links are a cross-team system: marketing URLs, hosted association files, entitlements, router params, and analytics query preservation. Debug with structured logging of raw URLs (scrub secrets) and reproduce cold-start races with auth hydration. Staging and production should be obviously separated—accidentally opening prod from a QA link erodes trust and pollutes data.

Performance and measurement discipline (9)

OTA updates are powerful and risky: runtime compatibility, rollback plans, and user-visible behavior changes need governance. Channels should map to release maturity—staging versus production—with access controls on publish credentials. Large assets over cellular need care; silent failures erode trust more than a frank ‘update failed, retry’ message.

Keyboard and form UX separate polished apps from ‘works on desktop simulators.’ Platform differences in soft input modes matter; test smallest phones and Android gesture navigation. Primary actions must remain reachable when the keyboard is visible—scroll containers and keyboard controllers exist because this problem is universal.

Team process and long-term maintenance (10)

Expo SDK upgrades are integration projects: `expo doctor`, aligned community packages, regenerated native projects, and device smoke tests for camera, push, and IAP. Freeze unrelated native refactors during the upgrade window and keep rollback paths hot. Document surprises for the next upgrade while memory is fresh.

Hermes versus JSC is not a lifestyle choice—profile your app. Hermes usually wins on startup; some libraries still assume JSC quirks. Engine toggles are not substitutes for fixing quadratic renders in your own code. Upgrade notes matter: Intl support and debugging tooling evolve.

Shipping and reliability habits (11)

Platform differences worth rehearsing (12)

Environment variables should be classified: public-by-design, sensitive-with-mitigations, or never-on-device. `EXPO_PUBLIC_` values are extractable—treat them that way. Align env handling across EAS profiles and local dev; fail fast when keys are missing instead of shipping undefined behavior.

Security, privacy, and data handling (13)

Monorepos amplify both leverage and failure modes: duplicate React versions cause mysterious hook errors, and Metro misconfiguration blocks local packages from resolving. Invest in workspace discipline—single React version, documented `watchFolders`, and lint rules preventing packages from importing app navigators accidentally. CI must mirror local installs; ‘works on my laptop’ with different package managers is a time bomb.

Performance and measurement discipline (14)

E2E tests should protect revenue paths, not every permutation. Stable selectors (`testID`) beat text that marketing rewrites weekly. Flake management is a feature: quarantine, fix root causes, and keep smoke suites green on CI devices. Five reliable tests beat fifty flaky ones that everyone ignores.

Team process and long-term maintenance (15)

Privacy nutrition labels and Play Data Safety forms should reflect actual SDK behavior—inventory dependencies each release and remove dead code. Drift between claims and telemetry is legal and store risk, not just embarrassment. Involve legal early when adding analytics or ads.

Shipping and reliability habits (16)

ScrollView versus FlatList is a data-volume question. Small static content belongs in ScrollView; long feeds belong in virtualized lists. Nested scrollables need explicit height contracts—redesign beats fighting physics. Document intentional choices so future refactors do not ‘optimize’ blindly.

Metro cache issues masquerade as logic bugs. Establish a documented reset ladder: dev server restart, cache flags, Watchman, derived data, then dependency reinstalls. Compare platforms when only one breaks—native steps diverge. Keep CI caches deterministic with lockfiles and pinned toolchains.

Poursuivre la lecture

Plus récentWhen you actually need custom native code Plus ancienAnalytics events: useful data, not creepy data

Structure du projet → · Utilitaires d’app →