Context
@clerk/clerk-expo consumers on React Native use clerk-js/headless which has no Web3 sign-in code path. However, the Web3 wallet adapter packages are declared as regular dependencies of upstream Clerk packages, so they are installed into node_modules regardless of whether the consumer app uses Web3 features.
In our project (a motorcycle navigation app — no crypto features whatsoever) this results in:
- ~7 MB of
node_modules for code that is never bundled or executed (Metro tree-shakes correctly so the JS bundle is clean)
npm audit noise from vulnerabilities reported in @solana/*, @coinbase/*, etc. that don't apply to our runtime- Slower CI installs and increased supply-chain audit surface
Affected packages observed in our tree
- @solana/wallet-adapter-base
- @solana/wallet-adapter-react
- @solana/wallet-standard
- @solana-mobile/wallet-adapter-mobile
- @solana/wallet-standard-wallet-adapter (base + react variants)
- @wallet-standard/core
- @coinbase/wallet-sdk
- @base-org/account
Request
Either:
- Move these packages to
peerDependenciesMeta.optional so consumers can opt out, OR
- Publish a separate
@clerk/clerk-js-headless package with only the deps needed for headless flows (no Web3, no UI components)
Option 2 is more ergonomic for React Native consumers via @clerk/clerk-expo since they're inherently headless.
Workaround we considered but rejected
npm overrides with stub packages — works but brittle across Clerk upgrades, and gets flagged by some supply-chain audit tools.
Happy to provide more context on our setup if useful.
Context
@clerk/clerk-expoconsumers on React Native useclerk-js/headlesswhich has no Web3 sign-in code path. However, the Web3 wallet adapter packages are declared as regulardependenciesof upstream Clerk packages, so they are installed intonode_modulesregardless of whether the consumer app uses Web3 features.In our project (a motorcycle navigation app — no crypto features whatsoever) this results in:
node_modulesfor code that is never bundled or executed (Metro tree-shakes correctly so the JS bundle is clean)npm auditnoise from vulnerabilities reported in@solana/*,@coinbase/*, etc. that don't apply to our runtimeAffected packages observed in our tree
Request
Either:
peerDependenciesMeta.optionalso consumers can opt out, OR@clerk/clerk-js-headlesspackage with only the deps needed for headless flows (no Web3, no UI components)Option 2 is more ergonomic for React Native consumers via
@clerk/clerk-exposince they're inherently headless.Workaround we considered but rejected
npm overrideswith stub packages — works but brittle across Clerk upgrades, and gets flagged by some supply-chain audit tools.Happy to provide more context on our setup if useful.