fix(clerk-expo): Resolve Peer Dependency issue for Expo 54 users.

[chriscanin]

Description

Currently React Native Expo users on Expo 54 who try to install clerk with npm install @clerk/clerk-expo fail unless they supply --legacy-peer-deps when using npm.
We have set in our pnpm-workspace.yaml:

 catalogs:
   peer-react:
     react: ^18.0.0 || ~19.0.3 || ~19.1.4 || ~19.2.3 || ~19.3.0-0
     react-dom: ^18.0.0 || ~19.0.3 || ~19.1.4 || ~19.2.3 || ~19.3.0-0

But Expo 54 expects react 19.1.0, and although you could change that, expo will then warn you to run npx expo install --fix, which will revert your react version to 19.1.0....

But React 19.1.0 is unsafe!! , Expo says, not for us:
https://expo.dev/changelog/mitigating-critical-security-vulnerability-in-react-server-components

I see two paths forward. We document well, and tell users it is safe to force legacy peer dependency resolution, or we can loosen the peer dependencies versions react-native. Not really sure if this is done in other places but possibly overriding that peer-react for react-native like:

 catalogs:
   peer-react:
     react: ^18.0.0 || ~19.0.3 || ~19.1.4 || ~19.2.3 || ~19.3.0-0
     react-dom: ^18.0.0 || ~19.0.3 || ~19.1.4 || ~19.2.3 || ~19.3.0-0
   peer-react-native:  # adjusted for client-only Expo apps
     react: ^18.0.0 || ~19.0.0 || ~19.1.0 || ~19.2.0 || ~19.3.0-0

Expo package then sets:

"peerDependencies": {
   "react": "catalog:peer-react-native",
   "react-dom": "catalog:peer-react-native",
   ...
 }

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Chores
  • Updated React and React-DOM peer dependencies to explicitly support React 18 and React 19.x versions (19.0 through 19.3-0).

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: 496163f

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
clerk-js-sandbox	Ready	Preview, Comment	Jan 9, 2026 11:10pm

[coderabbitai]

📝 Walkthrough

Walkthrough

The peer dependency declarations for react and react-dom in packages/expo/package.json were updated from catalog-based references (catalog:peer-react) to explicit version ranges. Both dependencies now specify compatibility with React 18 and multiple React 19 minor versions through the range ^18.0.0 || ~19.0.0 || ~19.1.0 || ~19.2.0 || ~19.3.0-0. This change replaces the previous resolver mechanism with direct version specifications.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title mentions resolving a peer dependency issue for Expo 54 users, which aligns with the PR's core objective. However, the actual implementation changes react/react-dom version ranges in package.json, not the peer-react catalog as proposed in the PR description.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

📜 Recent review details

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between faaeada and 496163f.

📒 Files selected for processing (1)

• packages/expo/package.json

🧰 Additional context used

📓 Path-based instructions (4)

**/*.{js,jsx,ts,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/expo/package.json

packages/*/package.json

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

packages/*/package.json: Packages should export TypeScript types alongside runtime code
Follow semantic versioning for all packages

packages/*/package.json: Framework packages should depend on @clerk/clerk-js for core functionality
@clerk/shared should be a common dependency for most packages in the monorepo

Files:

• packages/expo/package.json

**/*.{js,ts,jsx,tsx,json,md,yml,yaml}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Use Prettier for code formatting across all packages

Files:

• packages/expo/package.json

**/*

⚙️ CodeRabbit configuration file

If there are no tests added or modified as part of the PR, please suggest that tests be added to cover the changes.

**/*: Only comment on issues that would block merging, ignore minor or stylistic concerns.
Restrict feedback to errors, security risks, or functionality-breaking problems.
Do not post comments on code style, formatting, or non-critical improvements.
Keep reviews short: flag only issues that make the PR unsafe to merge.
Group similar issues into a single comment instead of posting multiple notes.
Skip repetition: if a pattern repeats, mention it once at a summary level only.
Do not add general suggestions, focus strictly on merge-blocking concerns.
If there are no critical problems, respond with minimal approval (e.g., 'Looks good'). Do not add additional review.
Avoid line-by-line commentary unless it highlights a critical bug or security hole.
Highlight only issues that could cause runtime errors, data loss, or severe maintainability issues.
Ignore minor optimization opportunities, focus solely on correctness and safety.
Provide a top-level summary of critical blockers rather than detailed per-line notes.
Comment only when the issue must be resolved before merge, otherwise remain silent.
When in doubt, err on the side of fewer comments, brevity and blocking issues only.
Avoid posting any refactoring issues.

Files:

• packages/expo/package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)

• GitHub Check: Static analysis
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Unit Tests (**)
• GitHub Check: Unit Tests (shared, clerk-js, RQ)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (machine, chrome, RQ)
• GitHub Check: Integration Tests (billing, chrome, RQ)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16, RQ)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7579

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7579

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7579

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7579

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7579

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7579

@clerk/expo

npm i https://pkg.pr.new/@clerk/expo@7579

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7579

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7579

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7579

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7579

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7579

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7579

@clerk/react

npm i https://pkg.pr.new/@clerk/react@7579

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7579

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7579

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7579

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7579

@clerk/ui

npm i https://pkg.pr.new/@clerk/ui@7579

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7579

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7579

commit: 496163f