February 2026 (2026-02) monthly summary for expo/eas-cli focusing on build stability, security remediation, and maintainability. Key achievements delivered: - Tar package upgrade to v7.5.4 to fix build stability issues and address CVE-2026-23950. Updated TypeScript imports to tar 7.x named exports to align with the new module format while preserving existing behavior. (Commit: 3bc8a8e3e1e41c93e4404b586d0ee4a1508b6797) - Verified build pipeline reliability by ensuring tarball uploads succeed after the upgrade; test plan executed by attempting EAS builds with tar 7.5.x and validating tarball uploads. - Maintained momentum with related maintenance PRs across the repo: closes #3353, #3360, and #3354; issues linked to #3320. Major bugs fixed: - Build failures caused by tar 7.x import changes were resolved by migrating imports to use tar as a namespace, restoring compatibility without altering behavior. - Security vulnerability CVE-2026-23950 addressed by upgrading tar to 7.5.4. Overall impact and accomplishments: - Increased build stability and reliability of EAS CLI, reducing build failures and retry costs for users. - Strengthened security posture by upgrading a core dependency with known CVE fixes. - Improved maintainability through explicit imports and clear package boundaries, reducing future breakages related to tar 7.x changes. Technologies/skills demonstrated: - Dependency management and patch-level upgrades with risk assessment and rollback considerations. - TypeScript import strategy adaptation for ESM/CJS interoperability. - End-to-end validation of builds, including tarball packaging and upload flow. - Cross-team coordination evidenced by referencing PRs and issues.