@next/codemod
Next.js provides Codemod transformations to help upgrade your Next.js codebase when a feature is deprecated.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| semgrep | semgrep:env-spread | AI (semgrep): Spreading process.env into execa for package manager invocation is standard and intentional for this codemod CLI. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require loads user-selected codemod transforms by name; core functionality of a codemod runner. | ai | |
| semgrep | semgrep:child-process-import | AI (semgrep): CLI tool that runs package managers and codemods inherently requires child_process; expected pattern. | ai | |
| bogus-package | bogus-package | AI (bogus-package): Monorepo sub-package from Vercel; sparse README and no keywords are normal for internal tooling packages. | ai |
Versions (showing 51 of 62)
| Version | Deps | Published |
|---|---|---|
| 16.2.7 | 11 / 5 | |
| 16.2.6 | 11 / 5 | |
| 16.2.5 | 11 / 5 | |
| 16.2.4 | 11 / 5 | |
| 16.2.3 | 11 / 5 | |
| 16.2.2 | 11 / 5 | |
| 16.2.1 | 11 / 5 | |
| 16.2.0 | 11 / 5 | |
| 16.1.7 | 11 / 5 | |
| 16.1.6 | 11 / 5 | |
| 16.1.5 | 11 / 5 | |
| 16.1.4 | 11 / 5 | |
| 16.1.3 | 11 / 5 | |
| 16.1.2 | 11 / 5 | |
| 16.1.1 | 11 / 5 | |
| 16.1.0 | 11 / 5 | |
| 16.0.11 | 11 / 5 | |
| 16.0.10 | 11 / 5 | |
| 16.0.9 | 11 / 5 | |
| 16.0.8 | 11 / 5 | |
| 16.0.7 | 11 / 5 | |
| 16.0.6 | 11 / 5 | |
| 16.0.5 | 11 / 5 | |
| 16.0.4 | 11 / 5 | |
| 16.0.3 | 11 / 5 | |
| 16.0.2 | 11 / 5 | |
| 16.0.1 | 11 / 5 | |
| 16.0.0 | 11 / 5 | |
| 15.5.19 | 11 / 5 | |
| 15.5.18 | 11 / 5 | |
| 15.5.16 | 11 / 5 | |
| 15.5.15 | 11 / 5 | |
| 15.5.14 | 11 / 5 | |
| 15.5.13 | 11 / 5 | |
| 15.5.12 | 11 / 5 | |
| 15.5.11 | 11 / 5 | |
| 15.5.10 | 11 / 5 | |
| 15.5.9 | 11 / 5 | |
| 15.5.8 | 11 / 5 | |
| 15.5.7 | 11 / 5 | |
| 15.4.11 | 11 / 5 | |
| 15.4.10 | 11 / 5 | |
| 15.4.9 | 11 / 5 | |
| 15.4.8 | 11 / 5 | |
| 15.3.9 | 11 / 5 | |
| 15.3.8 | 11 / 5 | |
| 15.3.7 | 11 / 5 | |
| 15.3.6 | 11 / 5 | |
| 15.2.9 | 11 / 5 | |
| 15.2.8 | 11 / 5 | |
| 15.2.7 | 11 / 5 |
v16.2.7
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.6
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/ee6e79b1792a4d401ddf2480f40a83549fe8e722/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/ee6e79b1792a4d401ddf2480f40a83549fe8e722/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.5
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/766148f9cd48c0e218acafcd0f15defc14871bf4/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/766148f9cd48c0e218acafcd0f15defc14871bf4/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.4
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/2275bd8598c88e8652d1271e74bcf972f72f4f38/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/2275bd8598c88e8652d1271e74bcf972f72f4f38/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.3
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/d5f649b2f4affdad1009cb178c1e3b37f4f1ad3f/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.2
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/52faae3d94641584e13691238df5be158d0f00fb/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/52faae3d94641584e13691238df5be158d0f00fb/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.1
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/ed7d2cef246dcb3e2955c018fd8b2027e0ff8eed/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/ed7d2cef246dcb3e2955c018fd8b2027e0ff8eed/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.2.0
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/c5c94dffbf084e66b172a9c6ff23d80c24973764/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/c5c94dffbf084e66b172a9c6ff23d80c24973764/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.7
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/bdf3e3577a6d55ea186a48238d61fbd8da07a626/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/bdf3e3577a6d55ea186a48238d61fbd8da07a626/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.6
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/adf8c612adddd103647c90ff0f511ea35c57076e/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/adf8c612adddd103647c90ff0f511ea35c57076e/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.5
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/acba4a6b9f48e0a067c592dac322410c0e122018/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/acba4a6b9f48e0a067c592dac322410c0e122018/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.4
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/60de6c21144a78622eb8c4763f364fcb59f7aa59/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/60de6c21144a78622eb8c4763f364fcb59f7aa59/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.3
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/f01cf07ab12a37259de42baa4bdae310b4328c72/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/f01cf07ab12a37259de42baa4bdae310b4328c72/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.2
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/cb436b3613edb3f741a39fa00ac31d103a5a1518/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/cb436b3613edb3f741a39fa00ac31d103a5a1518/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.1
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/3aa53984e9d6bc4b5860c76e90cccfd6780989af/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/3aa53984e9d6bc4b5860c76e90cccfd6780989af/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.1.0
3 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/34916762cdff14f27c7e3273d74af60eb6c23cb6/lib/handle-package.js#L102 100 | execa_1.default.sync(packageManager, ['install'], { 101 | cwd: options.cwd, > 102 | env: { 103 | ...process.env, 104 | // In case NODE_ENV=production is set, we still want dev dependencies to
Spreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/34916762cdff14f27c7e3273d74af60eb6c23cb6/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.11
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/0e8e5c582955a5c7537444f8989680a9745c17dc/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.10
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/581dee67e280b96c0766172cbd5477102c03342b/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.9
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/3f6a39f6f75781f16e1cae0b122ae86150f375be/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.8
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/817ee56da939545d4b77cc54542f4c45a524e60a/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.7
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/7492122a3bbc6655b64ccba04076c73ab418cdcc/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.6
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/aab1edcb8d7a57a6f7a1637d0f87be84ea62edc8/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.5
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/89ccb9fc86c13ca6aaaa5eb0e61c02c309abf1a3/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.4
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/d440c75650c79b8be450df5fd434afbfe230506a/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.3
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/2eda33ce846f996ff627c7e8b64704259ecd4355/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.2
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/01014d476c0691295e1963940e78ed0faab50e68/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.1
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/e08402bfad8db05b0df820daf4f08c9c65ab1f7b/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v16.0.0
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/950609f96f694c5475d18cd2d72a0052ca04d4b9/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.19
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.18
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/9ff92cebcaa6ba4e7463b6fd037a8510ba9b81ec/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.16
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/ad6fd4e50e5aba20b60d283c42b89273a3167ccd/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.15
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/412eb90b6587ec02e8361c92efa9091487e7348f/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.14
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/d7b012d787c01e0435f8cdf2a47211891668d13b/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.13
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/cfd5f533b08df3038476dcd54f1d6d660d85f069/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.12
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/d23f41c42506005fe6978e076a1ccbf8979e4925/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.11
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/bbfd4e313d4bc9024ec340d9de419a0e4357f898/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.10
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/60a2aa97b6692d3a56e483f0ff93febaf6f33fd6/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.9
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/c5de33e93ccccaf3bee60cf50603e2152f9886e1/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.8
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/7526cd6f24300726964eaba78927fe2a9c3fed5e/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.5.7
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/3eaf68b09b2b6b8c0c8e080a9713e131a78dc529/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.4.11
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/38d1f1d8caf2ccd8c295bb408f31d17b960a25aa/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.4.10
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/43cb5460c809ab97b6547b7765542cf16adcfc3c/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.4.9
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/d1449e513f1cb40739b4cd97fac5b6eaa3ea445c/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.4.8
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/49668475daba15ef8cea1d8e469dc0f9a765b635/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.3.9
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/f16232810366a2187687e1cb9e0e18d83e8f24d3/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.3.8
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/ecda06cd7ee9fe055f9c07b46772ecc18b8160c4/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.3.7
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/237d2d75d44bd6dd99e3d906aea0aecc9a1b3e6e/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.3.6
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/2f026aae46027d9575494fb3aecbd0d75fd674f0/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.2.9
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/a3dc8deaadbda95be996ec914f899aa06751b511/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.2.8
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/fc3b7c50d41d7061bf9aea2530a634c56aa53017/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v15.2.7
2 findingsSpreading entire process.env into an object — may capture all secrets Source: https://github.com/vercel/next.js/blob/dabb4b4b101a29db578caa052a61eb886b99f05b/lib/install.js#L87 85 | const child = (0, cross_spawn_1.default)(command, args, { 86 | stdio: 'inherit', > 87 | env: { ...process.env, ADBLOCK: '1', DISABLE_OPENCOLLECTIVE: '1' }, 88 | }); 89 | child.on('close', (code) => {
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.