registry  /  vercel  /  54.18.6

vercel@54.18.6

⚠ Under review

The command-line interface for Vercel

Static Scan Results

scanned 13d ago · by rust-scanner

Static analysis flagged 21 finding(s) at 86.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
High-risk behavior combination matched malicious policy.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShell
Supply chain
HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
ManifestNo manifest risk signals triggered.
scanned 107 file(s), 6.99 MB of source, external domains: 127.0.0.1, ai-gateway.vercel.sh, api.example.com, api.vercel.com, app.example.com, backend.internal, bitbucket.org, codeload.github.com, cursor.sh, dogs.are.great, err.sh, example.com, example.vercel.app, examples.vercel.sh, feross.org, fetch.spec.whatwg.org, gist.githubusercontent.com, github.com, gitlab.com, internal.example.com, mcp.vercel.com, mimesniff.spec.whatwg.org, mozilla.github.io, my-app-xxxxx.vercel.app, new-api.example.com, now.sh, openapi-internal.vercel.sh, openapi.vercel.sh, raw.githubusercontent.com, registry.npmjs.org, sites.google.com, stackoverflow.com, telemetry.vercel.com, tools.ietf.org, vercel.com, vercel.link, w3c.github.io, websockets.spec.whatwg.org, www.example.com, www.w3.org, your-project-abc123.vercel.app
Oversized source lightweight scan
dist/chunks/chunk-F6YGVA2L.js2.37 MB file, sampled 256 KB
FilesystemNetworkChildProcessEnvironmentVarsEvalShellDynamicRequireHighEntropyStringsUrlStringsbitbucket.orgfeross.orggithub.comgitlab.comstackoverflow.comtools.ietf.orgvercel.comvercel.linkwww.w3.org

Source & flagged code

10 flagged · loading source
dist/index.jsView file
461import { dirname, parse as parsePath, resolve as resolvePath } from "path"; L462: import { spawn } from "child_process"; L463: var import_fetch_dist_tags = __toESM(require_fetch_dist_tags(), 1);
High
Child Process

Package source references child process execution.

dist/index.jsView on unpkg · L461
2Cross-file remote execution chain: dist/index.js spawns dist/chunks/chunk-OX7KI3LF.js; helper contains network access plus dynamic code execution. L2: import { fileURLToPath as __fileURLToPath } from 'node:url'; L3: import { dirname as __dirname_ } from 'node:path'; L4: const require = __createRequire(import.meta.url); ... L115: if (stream == null) L116: stream = process.stdout; L117: if (callback == null) ... L138: var paths = __require("path"); L139: var isWinOS = /^win/i.test(process.platform); L140: function normalize_path(path2) { ... L185: const object = {}; L186: object.cache = () => process.env.XDG_CACHE_HOME || path2.join(osPaths.home() || osPaths.temp(), ".cache"); L187: object.config = () => process.env.XDG_CONFIG_HOME || path2.join(osPaths.home() || osPaths.temp(), ".config");
High
Cross File Remote Execution Context

Source spawns a local helper that also contains network and dynamic execution context; review data flow before blocking.

dist/index.jsView on unpkg · L2
dist/commands-bulk.jsView file
2import { fileURLToPath as __fileURLToPath } from 'node:url'; L3: import { dirname as __dirname_ } from 'node:path'; L4: const require = __createRequire(import.meta.url); ... L445: import { L446: require_execa L447: } from "./chunks/chunk-24FCBXI4.js"; ... L673: - Use AI Gateway for model routing, set AI_GATEWAY_API_KEY, using a model string (e.g. 'anthropic/claude-sonnet-4.6'), Gateway is already default in AI SDK L674: needed. Always curl https://ai-gateway.vercel.sh/v1/models first; never trust model IDs from memory L675: - For durable agent loops or untrusted code: use Workflow (pause/resume/state) + Sandbox; use Vercel MCP for secure infra access`; ... L764: telemetry2.trackCliFlagHelp("agent"); L765: output_manager_default.print(help(agentCommand, { columns: client.stderr.columns })); L766: return 2;
Critical
Credential Exfiltration

Source appears to send environment or credential material to an external endpoint.

dist/commands-bulk.jsView on unpkg · L2
2Trigger-reachable chain: manifest.bin -> dist/vc.js -> dist/index.js -> dist/commands-bulk.js L2: import { fileURLToPath as __fileURLToPath } from 'node:url'; L3: import { dirname as __dirname_ } from 'node:path'; L4: const require = __createRequire(import.meta.url); ... L445: import { L446: require_execa L447: } from "./chunks/chunk-24FCBXI4.js"; ... L673: - Use AI Gateway for model routing, set AI_GATEWAY_API_KEY, using a model string (e.g. 'anthropic/claude-sonnet-4.6'), Gateway is already default in AI SDK L674: needed. Always curl https://ai-gateway.vercel.sh/v1/models first; never trust model IDs from memory L675: - For durable agent loops or untrusted code: use Workflow (pause/resume/state) + Sandbox; use Vercel MCP for secure infra access`; ... L764: telemetry2.trackCliFlagHelp("agent"); L765: output_manager_default.print(help(agentCommand, { columns: client.stderr.columns })); L766: return 2;
Critical
Trigger Reachable Dangerous Capability

A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.

dist/commands-bulk.jsView on unpkg · L2
445import { L446: require_execa L447: } from "./chunks/chunk-24FCBXI4.js";
High
Shell

Package source references shell execution.

dist/commands-bulk.jsView on unpkg · L445
3220); L3221: const testUrl = `https://${deployment.url}${subpath}`; L3222: output_manager_default.log(`${import_chalk14.default.bold("Deployment URL:")} ${link_default(testUrl)}`); ... L3231: if (run3) { L3232: const proc = await (0, import_execa.default)(run3, [testUrl], { L3233: stdio: "inherit", ... L3235: env: { L3236: ...process.env, L3237: HOST: deployment.url,
High
Same File Env Network Execution

A single source file combines environment access, network access, and code or shell execution; review context before blocking.

dist/commands-bulk.jsView on unpkg · L3220
2import { fileURLToPath as __fileURLToPath } from 'node:url'; L3: import { dirname as __dirname_ } from 'node:path'; L4: const require = __createRequire(import.meta.url); ... L445: import { L446: require_execa L447: } from "./chunks/chunk-24FCBXI4.js"; ... L673: - Use AI Gateway for model routing, set AI_GATEWAY_API_KEY, using a model string (e.g. 'anthropic/claude-sonnet-4.6'), Gateway is already default in AI SDK L674: needed. Always curl https://ai-gateway.vercel.sh/v1/models first; never trust model IDs from memory L675: - For durable agent loops or untrusted code: use Workflow (pause/resume/state) + Sandbox; use Vercel MCP for secure infra access`; ... L764: telemetry2.trackCliFlagHelp("agent"); L765: output_manager_default.print(help(agentCommand, { columns: client.stderr.columns })); L766: return 2;
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

dist/commands-bulk.jsView on unpkg · L2
2import { fileURLToPath as __fileURLToPath } from 'node:url'; L3: import { dirname as __dirname_ } from 'node:path'; L4: const require = __createRequire(import.meta.url); ... L445: import { L446: require_execa L447: } from "./chunks/chunk-24FCBXI4.js"; ... L673: - Use AI Gateway for model routing, set AI_GATEWAY_API_KEY, using a model string (e.g. 'anthropic/claude-sonnet-4.6'), Gateway is already default in AI SDK L674: needed. Always curl https://ai-gateway.vercel.sh/v1/models first; never trust model IDs from memory L675: - For durable agent loops or untrusted code: use Workflow (pause/resume/state) + Sandbox; use Vercel MCP for secure infra access`; ... L764: telemetry2.trackCliFlagHelp("agent"); L765: output_manager_default.print(help(agentCommand, { columns: client.stderr.columns })); L766: return 2;
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/commands-bulk.jsView on unpkg · L2
dist/get-latest-worker.cjsView file
16L17: const { mkdirSync, writeFileSync } = require('fs'); L18: const { access, mkdir, readFile, unlink, writeFile } = require('fs/promises');
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/get-latest-worker.cjsView on unpkg · L16
dist/chunks/chunk-F6YGVA2L.jsView file
path = dist/chunks/chunk-F6YGVA2L.js kind = oversized_source_file sizeBytes = 2484766 magicHex = [redacted]
High
Oversized Source File

Package contains source files above the static scanner size ceiling.

dist/chunks/chunk-F6YGVA2L.jsView on unpkg

Findings

2 Critical6 High5 Medium8 Low
CriticalCredential Exfiltrationdist/commands-bulk.js
CriticalTrigger Reachable Dangerous Capabilitydist/commands-bulk.js
HighChild Processdist/index.js
HighShelldist/commands-bulk.js
HighSame File Env Network Executiondist/commands-bulk.js
HighSandbox Evasion Gated Capabilitydist/commands-bulk.js
HighCross File Remote Execution Contextdist/index.js
HighOversized Source Filedist/chunks/chunk-F6YGVA2L.js
MediumDynamic Requiredist/get-latest-worker.cjs
MediumNetwork
MediumEnvironment Vars
MediumProtestware
MediumStructural Risk Force Deep Review
LowScripts Present
LowEval
LowWeak Cryptodist/commands-bulk.js
LowFilesystem
LowObfuscated
LowHigh Entropy Strings
LowTelemetry
LowUrl Strings