In case this helps anyone, after tracking this down on our end: Another possibility is that this could be failing on the Expo / EAS side if someone accidentally checks a package-lock.json file into a repository that's expecting to build with eg. pnpm-lock.json, and the dependencies get out of sync.

For example, if a new dependency is added to package.json and a new pnpm-lock.json is installed, package-lock.json will not change but Expo may attempt a build with the NPM lockfile.