feat(clerk-js): Update mobile request header to include Expo SDK version

[chriscanin]

Description

Added x-expo-sdk-version header to Expo SDK HTTP requests to match the pattern used by iOS (x-ios-sdk-version) and Android (x-android-sdk-version) SDKs.

The header is set in the __unstable__onBeforeRequest hook within createClerkInstance.ts and sends the @clerk/clerk-expo package version for all native requests.

Testing: Build the package with pnpm build and verify the header is sent in network requests from Expo apps.

Checklist

• pnpm test runs as expected.
• pnpm build runs as expected.
• (If applicable) JSDoc comments have been added or updated for any package exports
• (If applicable) Documentation has been updated

Type of change

• 🐛 Bug fix
• 🌟 New feature
• 🔨 Breaking change
• 📖 Refactoring / dependency upgrade / documentation
• other:

Summary by CodeRabbit

• Chores
  • Expo native apps now send explicit SDK version info (x-expo-sdk-version) with network requests, alongside existing mobile metadata — improving backend telemetry and compatibility tracking.

[changeset-bot]

🦋 Changeset detected

Latest commit: bfb2040

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@clerk/clerk-expo	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
clerk-js-sandbox	Ready	Preview	Comment	Nov 3, 2025 5:11pm

[coderabbitai]

Walkthrough

For native Expo platforms, the onBeforeRequest hook now adds an x-expo-sdk-version header (value taken from the package.json version) while preserving the existing x-mobile header; this header is sent to Clerk's backend.

Changes

Cohort / File(s)	Summary
Expo SDK header update packages/expo/src/provider/singleton/createClerkInstance.ts, .changeset/expo-sdk-version-header.md	Import package.json and add x-expo-sdk-version header (value from package.json.version) in the onBeforeRequest hook for native platforms; retain existing x-mobile header. Add changeset documenting the header addition and patch release.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant App as Expo App
  participant Hook as onBeforeRequest Hook
  participant Backend as Clerk Backend

  Note over App,Hook: Native platform request flow
  App->>Hook: prepare request
  alt native platform
    Hook-->>App: add headers: x-mobile, x-expo-sdk-version (from package.json.version)
  else other platforms
    Hook-->>App: add headers: x-mobile
  end
  App->>Backend: send request (with headers)
  Backend-->>App: response

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Single-file logic addition + changelog entry.
• Review focus:
  • Confirm package.json import path is correct and included in the build.
  • Ensure header added only on native branch and is a string.
  • Check for bundling/tree-shaking or license metadata implications when importing package.json.

Poem

🐰 I nibbled through package lore,

A tiny tag I tucked galore,
"x-expo-sdk-version" now hops on cue,
Carried with requests so the backend knew. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The PR title states 'feat(clerk-js): Update mobile request header to include Expo SDK version', but the actual changes are scoped to @clerk/clerk-expo (not clerk-js). The changeset explicitly targets @clerk/clerk-expo with a patch release, and the code changes are in packages/expo/src/provider/singleton/createClerkInstance.ts. While the title does capture that headers are being updated to include SDK version information, it incorrectly identifies the package scope as clerk-js rather than clerk-expo, which is misleading.	Update the PR title to accurately reflect the package scope: 'feat(clerk-expo): Update mobile request header to include Expo SDK version' or similar. This ensures the title correctly identifies which package is being modified, which is essential for maintainability and code history clarity.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chris/mobile-290-set-x-expo-sdk-version-header-for-expo

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mikepitre]

I think you still want the x-mobile header. This new header should be additional.

[chriscanin]

I think you still want the x-mobile header. This new header should be additional.

Ahh understood, one moment.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/expo/src/provider/singleton/createClerkInstance.ts (1)

13-13: Consider using a build-time constant for the version.

Importing the entire package.json file works but includes unnecessary metadata at runtime. While modern bundlers may optimize this, consider alternatives for cleaner bundling:

• Use a build-time generated constant (e.g., via a build script that writes version.ts)
• Use an environment variable injected during build
• Import only the version field if your bundler supports package.json subpath imports

This is a minor optimization and the current approach is functional.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between ba17366 and 5400dfa.

📒 Files selected for processing (1)

• packages/expo/src/provider/singleton/createClerkInstance.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

**/*.{js,jsx,ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

**/*.{js,jsx,ts,tsx}: All code must pass ESLint checks with the project's configuration
Follow established naming conventions (PascalCase for components, camelCase for variables)
Maintain comprehensive JSDoc comments for public APIs
Use dynamic imports for optional features
All public APIs must be documented with JSDoc
Provide meaningful error messages to developers
Include error recovery suggestions where applicable
Log errors appropriately for debugging
Lazy load components and features when possible
Implement proper caching strategies
Use efficient data structures and algorithms
Profile and optimize critical paths
Validate all inputs and sanitize outputs
Implement proper logging with different levels

Files:

• packages/expo/src/provider/singleton/createClerkInstance.ts

**/*.{js,jsx,ts,tsx,json,css,scss,md,yaml,yml}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use Prettier for consistent code formatting

Files:

• packages/expo/src/provider/singleton/createClerkInstance.ts

packages/**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

TypeScript is required for all packages

Files:

• packages/expo/src/provider/singleton/createClerkInstance.ts

packages/**/*.{ts,tsx,d.ts}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Packages should export TypeScript types alongside runtime code

Files:

• packages/expo/src/provider/singleton/createClerkInstance.ts

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/development.mdc)

Use proper TypeScript error types

**/*.{ts,tsx}: Always define explicit return types for functions, especially public APIs
Use proper type annotations for variables and parameters where inference isn't clear
Avoid any type - prefer unknown when type is uncertain, then narrow with type guards
Use interface for object shapes that might be extended
Use type for unions, primitives, and computed types
Prefer readonly properties for immutable data structures
Use private for internal implementation details
Use protected for inheritance hierarchies
Use public explicitly for clarity in public APIs
Prefer readonly for properties that shouldn't change after construction
Prefer composition and interfaces over deep inheritance chains
Use mixins for shared behavior across unrelated classes
Implement dependency injection for loose coupling
Let TypeScript infer when types are obvious
Use const assertions for literal types: as const
Use satisfies operator for type checking without widening
Use mapped types for transforming object types
Use conditional types for type-level logic
Leverage template literal types for string manipulation
Use ES6 imports/exports consistently
Use default exports sparingly, prefer named exports
Use type-only imports: import type { ... } from ...
No any types without justification
Proper error handling with typed errors
Consistent use of readonly for immutable data
Proper generic constraints
No unused type parameters
Proper use of utility types instead of manual type construction
Type-only imports where possible
Proper tree-shaking friendly exports
No circular dependencies
Efficient type computations (avoid deep recursion)

Files:

• packages/expo/src/provider/singleton/createClerkInstance.ts

**/*.{js,ts,tsx,jsx}

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Support multiple Clerk environment variables (CLERK_, NEXT_PUBLIC_CLERK_, etc.) for configuration.

Files:

• packages/expo/src/provider/singleton/createClerkInstance.ts

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (1)

packages/expo/src/provider/singleton/createClerkInstance.ts (1)

167-170: LGTM! Both headers are correctly set for native platforms.

The implementation correctly addresses the reviewer's feedback by setting both the x-mobile and x-expo-sdk-version headers for native platforms. The conditional ensures these headers are only added when isNative() returns true, maintaining consistency with the existing header pattern.

[pkg-pr-new]

Open in StackBlitz

@clerk/agent-toolkit

npm i https://pkg.pr.new/@clerk/agent-toolkit@7133

@clerk/astro

npm i https://pkg.pr.new/@clerk/astro@7133

@clerk/backend

npm i https://pkg.pr.new/@clerk/backend@7133

@clerk/chrome-extension

npm i https://pkg.pr.new/@clerk/chrome-extension@7133

@clerk/clerk-js

npm i https://pkg.pr.new/@clerk/clerk-js@7133

@clerk/dev-cli

npm i https://pkg.pr.new/@clerk/dev-cli@7133

@clerk/elements

npm i https://pkg.pr.new/@clerk/elements@7133

@clerk/clerk-expo

npm i https://pkg.pr.new/@clerk/clerk-expo@7133

@clerk/expo-passkeys

npm i https://pkg.pr.new/@clerk/expo-passkeys@7133

@clerk/express

npm i https://pkg.pr.new/@clerk/express@7133

@clerk/fastify

npm i https://pkg.pr.new/@clerk/fastify@7133

@clerk/localizations

npm i https://pkg.pr.new/@clerk/localizations@7133

@clerk/nextjs

npm i https://pkg.pr.new/@clerk/nextjs@7133

@clerk/nuxt

npm i https://pkg.pr.new/@clerk/nuxt@7133

@clerk/clerk-react

npm i https://pkg.pr.new/@clerk/clerk-react@7133

@clerk/react-router

npm i https://pkg.pr.new/@clerk/react-router@7133

@clerk/remix

npm i https://pkg.pr.new/@clerk/remix@7133

@clerk/shared

npm i https://pkg.pr.new/@clerk/shared@7133

@clerk/tanstack-react-start

npm i https://pkg.pr.new/@clerk/tanstack-react-start@7133

@clerk/testing

npm i https://pkg.pr.new/@clerk/testing@7133

@clerk/themes

npm i https://pkg.pr.new/@clerk/themes@7133

@clerk/types

npm i https://pkg.pr.new/@clerk/types@7133

@clerk/upgrade

npm i https://pkg.pr.new/@clerk/upgrade@7133

@clerk/vue

npm i https://pkg.pr.new/@clerk/vue@7133

commit: 5400dfa

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.changeset/expo-sdk-version-header.md (1)

5-5: Description could clarify that x-mobile header is preserved.

The description accurately captures the addition of the x-expo-sdk-version header, but per the PR comments, the existing x-mobile header should be preserved. Consider clarifying that the new header is added in addition to the existing one to make it explicit for release notes.

For example: Add x-expo-sdk-version header to HTTP requests in addition to existing x-mobile header, matching iOS and Android SDK patterns.

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5400dfa and bfb2040.

📒 Files selected for processing (1)

• .changeset/expo-sdk-version-header.md (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

.changeset/**

📄 CodeRabbit inference engine (.cursor/rules/monorepo.mdc)

Automated releases must use Changesets.

Files:

• .changeset/expo-sdk-version-header.md

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (29)

• GitHub Check: Integration Tests (expo-web, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 16)
• GitHub Check: Integration Tests (nuxt, chrome)
• GitHub Check: Integration Tests (billing, chrome)
• GitHub Check: Integration Tests (nextjs, chrome, 15)
• GitHub Check: Integration Tests (vue, chrome)
• GitHub Check: Integration Tests (machine, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 16)
• GitHub Check: Integration Tests (nextjs, chrome, 14)
• GitHub Check: Integration Tests (custom, chrome)
• GitHub Check: Integration Tests (tanstack-react-start, chrome)
• GitHub Check: Integration Tests (quickstart, chrome, 15)
• GitHub Check: Integration Tests (react-router, chrome)
• GitHub Check: Integration Tests (handshake, chrome)
• GitHub Check: Integration Tests (astro, chrome)
• GitHub Check: Integration Tests (sessions:staging, chrome)
• GitHub Check: Integration Tests (handshake:staging, chrome)
• GitHub Check: Integration Tests (localhost, chrome)
• GitHub Check: Integration Tests (elements, chrome)
• GitHub Check: Integration Tests (sessions, chrome)
• GitHub Check: Integration Tests (ap-flows, chrome)
• GitHub Check: Integration Tests (generic, chrome)
• GitHub Check: Integration Tests (express, chrome)
• GitHub Check: Publish with pkg-pr-new
• GitHub Check: Unit Tests (22, **)
• GitHub Check: Static analysis
• GitHub Check: Analyze (javascript-typescript)
• GitHub Check: semgrep-cloud-platform/scan
• GitHub Check: semgrep-cloud-platform/scan

🔇 Additional comments (1)

.changeset/expo-sdk-version-header.md (1)

1-3: Changeset format is correct.

The changeset follows the required format with proper YAML frontmatter, package name, and patch-level bump type (appropriate for an additive, non-breaking change).

[blacksmith-sh]

Found 22 test failures on Blacksmith runners:

Test	View Logs
[chrome] › integration/tests/elements/ next-sign-in.test.ts:134:7 › Next.js Sign-In Flow @elements › long-running--elements.ne xt.appRouter › can reset password	View Logs
[chrome] › integration/tests/elements/ otp.test.ts:135:9 › OTP @elements › long-running--elements.next.appRouter › Type: segme nted-otp › should replace selected segment with new input	View Logs
[chrome] › integration/tests/elements/ otp.test.ts:196:9 › OTP @elements › long-running--elements.next.appRouter › Type: segme nted-otp › should forward-delete char when pressing delete	View Logs
[chrome] › integration/tests/ handshake.test.ts:863:7 › Client handshake @generic › External visit - new devbrowser	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:110:9 › pricing table @billing › long-running--withBilling.astro. node › when signed in flow › subscribes to a plan	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:26:9 › pricing table @billing › long-running--withBilling.astro.n ode › when signed out › renders pricing table with plans	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:26:9 › pricing table @billing › long-running--withBilling.next.ap pRouter › when signed out › renders pricing table with plans	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:26:9 › pricing table @billing › long-running--withBilling.vue.vit e › when signed out › renders pricing table with plans	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:456:9 › pricing table @billing › long-running--withBilling.vue.vi te › in UserProfile › renders pricing table, subscribes to a plan, revalidates payment method on complete and then downgrades to free	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:588:9 › pricing table @billing › long-running--withBilling.next.a ppRouter › in UserProfile › adds payment method via checkout and resets stripe setup in tent after failed payment	View Logs
[chrome] › integration/tests/ pricing-table.test.ts:80:9 › pricing table @billing › long-running--withBilling.vue.vit e › when signed in flow › when signed in, clicking get started button opens checkout dr awer and shows free plan as active	View Logs
[chrome] › integration/tests/ session-tasks-sign-in.test.ts:62:9 › session tasks after sign-in flow @nextjs › long-ru nning--next.appRouter.withSessionTasks › with sso, navigate to task on after sign-in	View Logs
[chrome] › integration/tests/ sign-in-flow.test.ts:101:7 › sign in flow @generic @nextjs › long-running--next.appRout er.withEmailCodes › can reset password	View Logs
[chrome] › integration/tests/ sign-in-flow.test.ts:101:7 › sign in flow @generic @nextjs › long-running--next.appRout er.withEmailCodes › can reset password	View Logs
[chrome] › integration/tests/ sign-in-flow.test.ts:101:7 › sign in flow @generic @nextjs › long-running--next.appRout er.withEmailCodes › can reset password	View Logs
[chrome] › integration/tests/ sign-in-flow.test.ts:101:7 › sign in flow @generic @nextjs › long-running--next.appRout er.withEmailCodes › can reset password	View Logs
[chrome] › integration/tests/ sign-in-flow.test.ts:101:7 › sign in flow @generic @nextjs › long-running--react.vite.w ithEmailCodes › can reset password	View Logs
[chrome] › integration/tests/ sign-in-or-up-flow.test.ts:115:9 › sign-in-or-up flow @nextjs › long-running--next.appR outer.withSignInOrUpFlow › sign-in › can reset password	View Logs
[chrome] › integration/tests/ sign-in-or-up-flow.test.ts:115:9 › sign-in-or-up flow @nextjs › long-running--next.appR outer.withSignInOrUpFlow › sign-in › can reset password	View Logs
[chrome] › integration/tests/ sign-in-or-up-flow.test.ts:115:9 › sign-in-or-up flow @nextjs › long-running--next.appR outer.withSignInOrUpFlow › sign-in › can reset password	View Logs
[chrome] › integration/tests/ sign-in-or-up-flow.test.ts:29:9 › sign-in-or-up flow @nextjs › long-running--next.appRo uter.withSignInOrUpFlow › sign-in › flows are combined	View Logs
[chrome] › integration/tests/ sign-up-flow.test.ts:163:7 › sign up flow @generic @nextjs › long-running--next.appRout er.withEmailCodes › sign up, sign out and sign in again	View Logs