@vercel/build-utils — Greenflagged

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

matt.strakavercel-release-botzeit-bot

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Vercel migrated release automation from vercel-release-bot to GitHub Actions with SLSA provenance attestation. This is a legitimate CI/CD pipeline change for the official Vercel monorepo.	ai	2026/04/26
maintainer-change	maintainer-added	AI (maintainer-change): matt.straka is a Vercel team member; addition consistent with internal team management of the official Vercel monorepo package.	ai	2026/04/26
publish-pattern	dormant-publish	AI (publish-pattern): Package has 422 versions and is part of the actively maintained Vercel monorepo. Dormancy flag reflects a cadence gap, not actual abandonment.	ai	2026/04/26
source-diff	encoded-string-file:dist/index.js	AI (source-diff): The encoded string is a base64-encoded WebAssembly binary for es-module-lexer, a listed dependency. This is a standard and legitimate pattern for bundling WASM parsers in JS build tools.	ai	2026/04/26
phantom-deps	phantom-dep:es-module-lexer	AI (phantom-deps): es-module-lexer is a legitimate declared runtime dep in this build utility; phantom-dep flag reflects indirect/config usage, not a security concern.	ai	2026/04/26
phantom-deps	phantom-dep:cjs-module-lexer	AI (phantom-deps): cjs-module-lexer is a legitimate declared runtime dep in this build utility; phantom-dep flag reflects indirect/config usage, not a security concern.	ai	2026/04/26
npm-metadata	no-description	AI (npm-metadata): Monorepo package from Vercel org; missing description is a cosmetic issue, not a security signal for this well-established package.	ai	2026/04/26

Versions (showing 51 of 69)

View all versions

Version	Deps	Published
13.24.0	3 / 41	2026-05-13
13.23.0	3 / 41	2026-05-11
13.22.1	3 / 39	2026-05-10
13.22.0	3 / 39	2026-05-09
13.21.0	3 / 41	2026-04-30
13.20.0	3 / 42	2026-04-22
13.19.1	3 / 42	2026-04-20
13.19.0	3 / 42	2026-04-17
13.18.0	3 / 42	2026-04-17
13.17.1	3 / 42	2026-04-16
13.17.0	3 / 42	2026-04-15
13.16.0	3 / 42	2026-04-15
13.15.0	3 / 40	2026-04-14
13.14.2	3 / 40	2026-04-11
13.14.1	3 / 40	2026-04-10
13.14.0	3 / 40	2026-04-08
13.13.0	3 / 40	2026-04-07
13.12.2	3 / 40	2026-04-01
13.12.1	3 / 38	2026-04-01
13.12.0	3 / 38	2026-03-27
13.11.0	3 / 38	2026-03-26
13.10.0	1 / 38	2026-03-24
13.8.2	1 / 38	2026-03-19
13.8.1	1 / 38	2026-03-17
13.8.0	1 / 38	2026-03-10
13.7.0	1 / 38	2026-03-09
13.6.3	1 / 38	2026-03-05
13.6.2	1 / 38	2026-03-02
13.6.1	1 / 38	2026-02-27
13.6.0	1 / 38	2026-02-26
13.5.0	1 / 38	2026-02-24
13.4.3	1 / 38	2026-02-19
13.4.2	1 / 38	2026-02-18
13.4.1	1 / 38	2026-02-17
13.4.0	1 / 38	2026-02-12
13.3.5	1 / 38	2026-02-11
13.3.4	1 / 38	2026-02-10
13.3.3	1 / 38	2026-02-07
13.3.2	1 / 38	2026-02-06
13.3.1	1 / 38	2026-02-05
13.3.0	0 / 38	2026-02-04
13.2.17	0 / 38	2026-02-04
13.2.16	0 / 38	2026-01-26
13.2.15	0 / 38	2026-01-23
13.2.14	0 / 38	2026-01-21
13.2.13	0 / 38	2026-01-20
13.2.12	0 / 38	2026-01-19
13.2.11	0 / 38	2026-01-16
13.2.10	0 / 38	2026-01-15
13.2.9	0 / 38	2026-01-15
13.2.8	0 / 38	2026-01-14