[fingerprint] support skip app versions from app config

[Kudo]

Why

i've heard different feedback that they would like to ignore fingerprinting version from app.json. in their workflow they would bump version in app.json for simply for updates.
references:

• https://discord.com/channels/695411232856997968/1214250595641466940/1234569102631108661
• https://discord.com/channels/695411232856997968/1232785567352225902/1237380679935721513

How

• introducing the sourceSkips bitwise flags that would potentially support more aggresive fingerprint for app repacking.
• currently by default the sourceSkips is const DEFAULT_SOURCE_SKIPS = SourceSkips.AppConfigVersion | SourceSkips.AppConfigRuntimeVersion; Updates: change to SourceSkips.None
• refactor config test to use true config content for testing

Test Plan

add some unit tests

Checklist

• Documentation is up to date to reflect these changes (eg: https://docs.expo.dev and README.md).
• Conforms with the Documentation Writing Style Guide
• This diff will work correctly for npx expo prebuild & EAS Build (eg: updated a module plugin).

[wschurman]

Notes:

• Need to think through how people will configure this who don't have access to the JS API (a file similar to .fingerprintignore maybe? how will the two interact?)
• If we do go with the skips pattern, I think some of the items should probably be separated into their own skip enum option.

[wschurman]

I think it might be best to have None be the default? I realize runtime version is the logical default currently. I'm just more thinking about the different uses for this library and how to reduce breaking changes going forward (where a breaking change is a change that produces a fingerprint difference without changing the user-specified config):

• As a standalone library, just running fingerprint from npx @expo/fingerprint. In this case it maybe makes sense to have some defaults, though I'm not sure. I think that configuration should probably mostly done through .fingerprintignore and another analogous concept for source skips.
• As a part of the fingerprint runtimeVersion policy. In this case, all configuration needs to be done via .fingerprintignore and another analogous concept for source skips. We were okay with runtime version skip being default for it since it uses the policy and happened to not overlap with the skip. But going forward, I think None should be the default for this policy. We should strive to not introduce breaking changes here, though it's not the end of the world since the version of @expo/fingerprint used is tied to the expo-updates version which upgrading would trigger a new fingerprint anyways.
• Through the JS API. In this case, I think having None be default makes the most sense since it's so easy for people to specify.

So overall, I think what we need is a way for people to define this in their project similar to .fingerprintignore. And maybe come up with a story of how the two interact.

[brentvatne]

i generally agree with @wschurman that we probably want to keep this list pretty small - although, i think we could get away with using the app version by default here, and i wouldn't be opposed to shipping that as-is. i'll leave that up to you guys to decide.

for anything beyond that, an approach for controlling ignores via something like .fingerprintignore (such as fingerprint.config.js) would be great - @Kudo brought this up on our sync today and i think we're on the same page. we could express our defaults in a version of that file that we create for people when they init fingerprint in their project.

[wschurman]

Suggested change

	AppConfigName = 1 << 3,
	AppConfigNameDescriptionShortName = 1 << 3,

(thinking more, maybe these should be separate skips?)

[Kudo]

this would be basically used for app repacking and i don't want to introduce too many options. let's use ExpoConfigNames for that.

[wschurman]

why is slug part of schemes?

[Kudo]

during prebuild we will actually generate an implicit scheme based on slug.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@react-navigation/bottom-tabs@6.4.3	None	+3	353 kB	satya164
npm/@react-navigation/native@6.0.16	environment	0	416 kB	satya164
npm/dedent@0.7.0	None	0	4.85 kB	dmnd
npm/expo-2d-context@0.0.4	None	0	2.34 MB	tsapeta
npm/expo-apple-authentication@6.4.1	None	0	108 kB	brentvatne
npm/expo-asset@8.14.0	None	+4	546 kB	wschurman
npm/expo-audio@0.1.0	None	0	12.1 kB	brentvatne
npm/expo-auth-session@5.5.2	network	0	394 kB	brentvatne
npm/expo-av@14.0.4	None	0	889 kB	brentvatne
npm/expo-background-fetch@12.0.1	None	0	52 kB	brentvatne
npm/expo-barcode-scanner@13.0.1	None	+1	159 kB	brentvatne
npm/expo-battery@8.0.1	None	0	84.1 kB	brentvatne
npm/expo-blur@13.0.2	None	0	57.7 kB	brentvatne
npm/expo-brightness@12.0.1	None	0	61.3 kB	brentvatne
npm/expo-calendar@13.0.5	None	0	291 kB	brentvatne
npm/expo-camera@15.0.8	None	0	804 kB	brentvatne
npm/expo-cellular@6.0.2	None	0	81.1 kB	brentvatne
npm/expo-checkbox@3.0.0	None	0	48 kB	brentvatne
npm/expo-clipboard@6.0.3	None	0	182 kB	brentvatne
npm/expo-constants@15.3.0	Transitive: environment, filesystem, unsafe	+14	2.66 MB	wschurman
npm/expo-contacts@13.0.3	None	0	269 kB	brentvatne
npm/expo-crypto@13.0.2	None	0	71.2 kB	brentvatne
npm/expo-dev-client@4.0.13	Transitive: eval, filesystem, unsafe	+9	14.3 MB	brentvatne
npm/expo-device@6.0.2	None	0	115 kB	brentvatne
npm/expo-document-picker@12.0.1	None	0	62.1 kB	brentvatne
npm/expo-face-detector@12.7.1	None	0	100 kB	brentvatne
npm/expo-file-system@17.0.1	None	0	303 kB	brentvatne
npm/expo-gl@14.0.2	None	0	610 kB	brentvatne
npm/expo-haptics@13.0.1	None	0	36.1 kB	brentvatne
npm/expo-image-manipulator@12.0.5	None	0	127 kB	brentvatne
npm/expo-image-picker@15.0.4	None	0	268 kB	brentvatne
npm/expo-image@1.12.9	None	+1	621 kB	brentvatne
npm/expo-insights@0.7.0	None	+1	23.9 kB	brentvatne
npm/expo-intent-launcher@11.0.1	None	0	55.1 kB	brentvatne
npm/expo-linear-gradient@13.0.2	None	0	71.7 kB	brentvatne
npm/expo-linking@6.3.1	None	0	110 kB	brentvatne
npm/expo-local-authentication@14.0.1	None	0	78.3 kB	brentvatne
npm/expo-localization@15.0.3	None	0	133 kB	brentvatne
npm/expo-location@17.0.1	None	0	353 kB	brentvatne
npm/expo-mail-composer@13.0.1	None	0	40.5 kB	brentvatne
npm/expo-maps@0.4.0	None	0	479 kB	wschurman
npm/expo-media-library@16.0.3	None	0	277 kB	brentvatne
npm/expo-module-scripts@3.5.1	Transitive: environment, filesystem, shell, unsafe	+27	16.5 MB	brentvatne
npm/expo-modules-test-core@0.18.0	Transitive: environment, filesystem	+8	5.22 MB	brentvatne
npm/expo-navigation-bar@3.0.4	None	0	89.8 kB	brentvatne
npm/expo-network-addons@0.6.0	None	0	11.3 kB	brentvatne
npm/expo-network@6.0.1	None	0	41.9 kB	brentvatne
npm/expo-notifications@0.28.1	network Transitive: filesystem	+10	1.58 MB	brentvatne
npm/expo-print@13.0.1	None	0	80.6 kB	brentvatne
npm/expo-processing@2.3.7	None	0	5.37 kB	brentvatne
npm/expo-random@14.0.1	None	0	30.2 kB	brentvatne
npm/expo-router@3.5.14	environment, network Transitive: eval	+4	2.84 MB	brentvatne
npm/expo-screen-capture@6.0.1	None	0	50.7 kB	brentvatne
npm/expo-screen-orientation@7.0.5	None	0	146 kB	brentvatne
npm/expo-secure-store@13.0.1	None	0	102 kB	brentvatne
npm/expo-sensors@13.0.6	None	0	224 kB	brentvatne
npm/expo-sharing@12.0.1	None	0	29.7 kB	brentvatne
npm/expo-sms@12.0.1	None	0	40.2 kB	brentvatne
npm/expo-speech@12.0.2	None	0	70.2 kB	brentvatne
npm/expo-splash-screen@0.27.4	None	0	120 kB	brentvatne
npm/expo-sqlite@14.0.3	None	0	9.18 MB	brentvatne
npm/expo-standard-web-crypto@1.8.1	None	0	15.3 kB	brentvatne
npm/expo-status-bar@1.12.1	None	0	43.7 kB	brentvatne
npm/expo-store-review@7.0.2	None	0	29.9 kB	brentvatne
npm/expo-symbols@0.1.4	None	0	39 kB	brentvatne
npm/expo-system-ui@3.0.4	None	0	44.7 kB	brentvatne
npm/expo-task-manager@11.8.1	None	+1	164 kB	brentvatne
npm/expo-tracking-transparency@4.0.2	None	0	45.2 kB	brentvatne
npm/expo-updates@0.25.12	Transitive: environment, filesystem, unsafe	+15	5.37 MB	brentvatne
npm/expo-video-thumbnails@8.0.0	None	0	28.3 kB	brentvatne
npm/expo-video@1.1.9	None	0	237 kB	brentvatne
npm/expo-web-browser@13.0.3	None	0	186 kB	brentvatne
npm/graphql@15.8.0	environment	0	2.12 MB	i1g
npm/immutable@4.3.6	None	0	682 kB	leebyron
npm/path-to-regexp@1.8.0	None	+1	34.5 kB	blakeembrey
npm/react-dom@18.2.0	environment	+1	4.6 MB	gnoff
npm/react-native-paper@4.12.8	None	+3	3.59 MB	lukewalczak
npm/react-native-reanimated@3.10.1	environment, eval	0	3.83 MB	piaskowyk
npm/react-native@0.74.1	environment, network Transitive: eval, filesystem, shell, unsafe	+103	101 MB	react-native-bot
npm/react@18.2.0	environment	0	316 kB	gnoff
npm/test-suite@1.0.0	None	0	744 B	afaq
npm/three@0.137.5	None	0	32.8 MB	mrdoob

🚮 Removed packages: npm/@apidevtools/json-schema-ref-parser@11.6.0, npm/@babel/core@7.24.4, npm/@babel/generator@7.24.4, npm/@babel/helper-plugin-utils@7.24.0, npm/@babel/parser@7.24.4, npm/@babel/parser@7.24.5, npm/@babel/runtime@7.24.4, npm/@babel/types@7.24.0, npm/@emotion/jest@11.11.0, npm/@emotion/react@11.11.4, npm/@emotion/serialize@1.1.4, npm/@eslint-community/eslint-utils@4.4.0, npm/@eslint-community/regexpp@4.10.0, npm/@expo/styleguide-base@1.0.1, npm/@expo/styleguide-icons@1.0.8, npm/@expo/styleguide-search-ui@1.0.4, npm/@expo/styleguide@8.2.2, npm/@firebase/database-types@0.9.17, npm/@floating-ui/utils@0.2.1, npm/@mdx-js/loader@2.3.0, npm/@mdx-js/mdx@2.3.0, npm/@mdx-js/react@2.3.0, npm/@nodelib/fs.stat@2.0.5, npm/@nodelib/fs.walk@1.2.8, npm/@octokit/request-error@2.1.0, npm/@octokit/request@5.6.3, npm/@octokit/rest@18.12.0, npm/@octokit/types@6.41.0, npm/@ocular-d/vale-bin@2.29.6, npm/@protobufjs/aspromise@1.1.2, npm/@radix-ui/react-dialog@1.0.5, npm/@radix-ui/react-dropdown-menu@1.0.0, npm/@radix-ui/react-tooltip@1.0.7, npm/@reach/tabs@0.18.0, npm/@sentry/react@7.112.1, npm/@tailwindcss/typography@0.5.12, npm/@testing-library/jest-dom@6.4.2, npm/@testing-library/react-hooks@8.0.1, npm/@testing-library/react@15.0.3, npm/@testing-library/user-event@14.5.2, npm/@types/estree@1.0.5, npm/@types/fs-extra@11.0.4, npm/@types/google.analytics@0.0.46, npm/@types/gtag.js@0.0.19, npm/@types/hast@2.3.10, npm/@types/jest@29.5.12, npm/@types/json-schema@7.0.15, npm/@types/lodash@4.17.0, npm/@types/long@4.0.1, npm/@types/node@18.11.17, npm/@types/node@20.12.7, npm/@types/nprogress@0.2.3, npm/@types/prismjs@1.26.3, npm/@types/prop-types@15.7.12, npm/@types/react-dom@18.2.25, npm/@types/react@18.2.79, npm/@types/unist@2.0.10, npm/@typescript-eslint/eslint-plugin@7.7.1, npm/@typescript-eslint/parser@7.7.1, npm/@ungap/structured-clone@1.2.0, npm/acorn@8.11.3, npm/arg@5.0.2, npm/aria-query@5.3.0, npm/array-includes@3.1.8, npm/array.prototype.flat@1.3.2, npm/autoprefixer@10.4.19, npm/axios@1.6.8, npm/bare-events@2.2.2, npm/bare-path@2.1.1, npm/call-bind@1.0.7, npm/caniuse-lite@1.0.30001612, npm/chokidar@3.6.0, npm/clipboard-copy@4.0.1, npm/clone-response@1.0.2, npm/ecdsa-sig-formatter@1.0.11, npm/esprima@4.0.1, npm/fast-text-encoding@1.0.3, npm/firebase-admin@11.4.0, npm/firebase-functions-test@3.0.0, npm/firebase-functions@4.1.1, npm/function-bind@1.1.2, npm/gaxios@5.0.2, npm/google-auth-library@8.7.0, npm/graceful-fs@4.2.11, npm/inherits@2.0.4, npm/lodash@4.17.21, npm/mime-db@1.45.0, npm/mime-types@2.1.28, npm/node-fetch@2.6.7, npm/once@1.4.0, npm/protobufjs@7.1.2, npm/safe-buffer@5.2.1, npm/source-map@0.6.1, npm/strip-ansi@6.0.1, npm/strip-json-comments@3.1.1, npm/typescript@5.1.3, npm/uc.micro@1.0.6, npm/unpipe@1.0.0, npm/vary@1.1.2

View full report↗︎

[Kudo]

update the pr based on the feedback

• default to SourceSkips.None and people could configure through fingerprint.config.js
• refactor the config tests a little bit to use true config contents for testing. there's now a test to indicate the config test

    it('should support sourceSkips from config', async () => {
      await jest.isolateModulesAsync(async () => {
        vol.fromJSON(require('./fixtures/ExpoManaged47Project.json'));
        vol.writeFileSync(
          '/app/app.config.js',
          `\
  export default ({ config }) => {
    config.android = { versionCode: 1, package: 'com.example.app' };
    config.ios = { buildNumber: '1', bundleIdentifier: 'com.example.app' };
    return config;
  };`
        );
  
        const configContents = `\
  const { SourceSkips } = require('@expo/fingerprint');
  /** @type {import('@expo/fingerprint').Config} */
  const config = {
    sourceSkips: SourceSkips.ExpoConfigAndroidPackage | SourceSkips.ExpoConfigIosBundleIdentifier | SourceSkips.ExpoConfigVersions,
  };
  module.exports = config;
  `;
        vol.writeFileSync('/app/fingerprint.config.js', configContents);
        jest.doMock('/app/fingerprint.config.js', () => requireString(configContents), {
          virtual: true,
        });
  
        const sources = await getExpoConfigSourcesAsync('/app', await normalizeOptionsAsync('/app'));
        const expoConfigSource = sources.find<HashSourceContents>(
          (source): source is HashSourceContents =>
            source.type === 'contents' && source.id === 'expoConfig'
        );
        const expoConfig = JSON.parse(expoConfigSource?.contents?.toString() ?? 'null');
        expect(expoConfig).not.toBeNull();
        expect(expoConfig.version).toBeUndefined();
        expect(expoConfig.android.versionCode).toBeUndefined();
        expect(expoConfig.android.package).toBeUndefined();
        expect(expoConfig.ios.buildNumber).toBeUndefined();
        expect(expoConfig.ios.bundleIdentifier).toBeUndefined();
      });
    });