Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
@layerzerolabs/ignore-monorepo-buildstep
Advanced tools
@typeofweb/ignore-monorepo-buildstep
A package that adds monorepo support for Vercel's "Ignore build-step" setting. Small, fast, with 0 external dependencies.
Why?
By default, when working in a monorepo, each push triggers Vercel to rebuild all the projects even when changes were introduced only to some of them. It takes time and blocks the build pipeline for your team. Thanks to @typeofweb/ignore-monorepo-buildstep, this is no longer a problem – Vercel becomes smarter and only rebuilds what needs building!
In a real-life project such as saleor/react-storefront, we've saved up to 85% on Vercel build times – 6.6x speedup! @typeofweb/ignore-monorepo-buildstep helps you save time and money.
Example setup
Repo structure
Assume we're using pnpm workspaces and we have the following monorepo structure:
.
├── apps
│ ├── a
│ └── b
└── packages
├── common
└── depA
Apps a and b both depend on the common package. Moreover, app a depends on depA package.
Vercel config
Add the following command to the "Ignore Build Step" section in your Vercel project settings:
npx @typeofweb/ignore-monorepo-buildstep
By default, ignore-monorepo-buildstep will compare HEAD^ and HEAD. You can override this and use an env variable exposed by Vercel:
npx @typeofweb/ignore-monorepo-buildstep $VERCEL_GIT_PREVIOUS_SHA
Result
When any changes are introduced to packages/common, both apps a and b will be built:
However, when packages/depA is modified, only apps/a is built while apps/b is skipped:
Moreover, deployment statuses are reported as successful even when builds are skipped:
How does it work?
@typeofweb/ignore-monorepo-buildstep analyses the structure of the monorepo. It reads pnpm-workspace.yaml and package.json of every package, and creates a tree of dependencies inside the monorepo.
Then, it proceeds to check whether the given package or any of its dependencies were modified since the last commit with the use of git diff "HEAD^" "HEAD" --quiet.
Currently, only pnpm and yarn workspaces are supported but more is on the roadmap.
FAQs
Ignore Vercel buildstep in a pnpm monorepo
We found that @layerzerolabs/ignore-monorepo-buildstep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 16 open source maintainers collaborating on the project.
Package last updated on 25 Oct 2022
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025