You're Invited: Meet the Socket team at BSidesSF and RSAC - April 27 - May 1.RSVP
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@vercel/blob

Package Overview
Dependencies
Maintainers
9
Versions
113
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@vercel/blob

The Vercel Blob JavaScript API client

1.0.0
latest
Source
npm
Version published
Weekly downloads
263K
101.02%
Maintainers
9
Weekly downloads
 
Created
Source

🍙 @vercel/blob

The Vercel Blob JavaScript API client.

👉 Quickstart SDK Reference 👈

Installation

npm install @vercel/blob

Quickstart

We have examples on the vercel.com documentation, there are two ways to upload files to Vercel Blob:

  • Server uploads: This is the most common way to upload files. The file is first sent to your server and then to Vercel Blob. It's straightforward to implement, but you are limited to the request body your server can handle. Which in case of a Vercel-hosted website is 4.5 MB. This means you can't upload files larger than 4.5 MB on Vercel when using this method.
  • Client uploads: This is a more advanced solution for when you need to upload larger files. The file is securely sent directly from the client (a browser for example) to Vercel Blob. This requires a bit more work to implement, but it allows you to upload files up to 5 TB.

Releasing

Make sure to include a changeset in your PR. You can do this by running:

pnpm changeset
git commit -am "changeset"
git push

Once such a commit gets merged in main, then GitHub will open a versioning PR you can merge. And the package will be automatically published to npm.

A note for Vite users

@vercel/blob reads the token from the environment variables on process.env. In general, process.env is automatically populated from your .env file during development, which is created when you run vc env pull. However, Vite does not expose the .env variables on process.env.

You can fix this in one of following two ways:

  • You can populate process.env yourself using something like dotenv-expand:
pnpm install --save-dev dotenv dotenv-expand

// vite.config.js
import dotenvExpand from 'dotenv-expand';
import { loadEnv, defineConfig } from 'vite';

export default defineConfig(({ mode }) => {
  // This check is important!
  if (mode === 'development') {
    const env = loadEnv(mode, process.cwd(), '');
    dotenvExpand.expand({ parsed: env });
  }

  return {
    ...
  };
});
  • You can provide the credentials explicitly, instead of relying on a zero-config setup. For example, this is how you could create a client in SvelteKit, which makes private environment variables available via $env/static/private:
import { put } from '@vercel/blob';
+ import { BLOB_TOKEN } from '$env/static/private';

const blob = await head("filepath", {
-  token: '<token>',
+  token: BLOB_TOKEN,
});

FAQs

Package last updated on 10 Apr 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Turtles, Clams, and Cyber Threat Actors: Shell Usage

Security Fundamentals

Turtles, Clams, and Cyber Threat Actors: Shell Usage

The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.

By Olivia Brown, Kirill Boychenko  -  Apr 11, 2025
A New Design for GitHub PR Comments

Product

A New Design for GitHub PR Comments

We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.

By André Staltz  -  Apr 10, 2025