Is source code safe?

Hello! I recently switched to RN and Expo. I want to know is source code of app safe while “Publish” on Expo?

I can see two things in settings of each project on website: Unlist and Make public. Does make public make available my app just to install or make it open source?


The JavaScript source code of your app is always going to be something that people can look at when you are using React Native. This is because the JS has to be sent to the client device so that the client can run it.

When you publish with Expo, your JS is minified and bundled up into a single file, so its not very easy to read or modify, but it is still JS.

This is roughly similar to delivering the JS on a website – you have to send the JavaScript to the web browser so that it can be executed – and you shouldn’t include stuff like database passwords or secret tokens that aren’t OK for other people to access.

Unlist is just like an unlisted YouTube video. Someone who knows the URL to your app can access it by going there, but that URL won’t be listed anywhere.
If your app is public, then it will be listed on your developer profile and it can be found by searching on
The way that your JS code is distributed is the same in both cases; those distinctions are just about whether people can find the URL of your app.

Does this answer your question?


Thanks @ccheever for detailed answer of my question.

Hi Charlie, it was great taking your mobile application development course at Harvard Extension School. I am publishing my final project now and I would like to know how safe it is in development and production.

There will be thousands of real users entering their passwords to be sent to an external server to authenticate through an https url. My question is, although passwords are not part of the source code, are their passwords safe on their phone? That is, will their password be completely secure inside the external server and their phone.