vercel
3
Versions
—
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
matheussrauchgmatt.strakavercel-release-botzeit-bot
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| phantom-deps | phantom-dep:@vercel/remix-builder | AI (phantom-deps): Framework adapter loaded by convention. | ai | |
| phantom-deps | phantom-dep:esbuild | AI (phantom-deps): esbuild is a known runtime/binary implicit dependency for this CLI build tool. | ai | |
| phantom-deps | phantom-dep:smol-toml | AI (phantom-deps): Referenced in config files by convention; stable false positive for this package. | ai | |
| phantom-deps | phantom-dep:@vercel/go | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/h3 | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/koa | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/hono | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/next | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/node | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/ruby | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| typosquat | typosquat.levenshtein:parcel | AI (typosquat): vercel is the canonical Vercel CLI brand, not a typosquat of parcel. | ai | |
| phantom-deps | phantom-dep:@vercel/elysia | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/nestjs | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/python | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/express | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/fastify | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/redwood | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/backends | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/hydrogen | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/static-build | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai | |
| phantom-deps | phantom-dep:@vercel/rust | AI (phantom-deps): Framework-scoped package loaded by convention; stable false positive. | ai |
v54.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v53.1.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v52.2.0
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.