I'm using private package from private registry. Using EAS build, no issue because I can put my custom .npmrc file as base64 encoded secret and use it as environment variable in my build using EAS pre-install hook.

However, if I would like to use similar approach with EAS workflow and leverage fingerprint job, it's impossible because the hooks are not called.

Fingerprint is not a job available for custom use https://docs.expo.dev/eas/workflows/syntax/#jobsjob_idstepsstepuses, so my worklof is always failing.

So only workaround is to push my .npmrc file in my repository which lead to security issue?