According to a recent LinkedIn post from Vercel, the company’s security team, working with GitHub, Microsoft, npm, Inc., and Socket, has confirmed that npm packages published under the Vercel name show no signs of compromise. The post indicates that there is no evidence of tampering in these packages and suggests that the relevant software supply chain currently appears safe.
Claim 55% Off TipRanks
- Unlock hedge fund-level data and powerful investing tools for smarter, sharper decisions
- Discover top-performing stock ideas and upgrade to a portfolio of market leaders with Smart Investor Picks
The LinkedIn post also points to a broader security bulletin that clarifies ongoing risks tied to environment variables, even after account or project deletion. It further references guidance on multi-factor authentication and related product updates designed to strengthen user security, developments that may help Vercel maintain developer trust and mitigate reputational or operational risk in its ecosystem.