New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@vercel/blob

Package Overview
Dependencies
Maintainers
9
Versions
111
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@vercel/blob

The Vercel Blob JavaScript API client

0.27.3
latest
Source
npm
Version published
Weekly downloads
158K
-15.01%
Maintainers
9
Weekly downloads
 
Created
Source

🍙 @vercel/blob

The Vercel Blob JavaScript API client.

👉 Quickstart SDK Reference 👈

Installation

npm install @vercel/blob

Quickstart

We have examples on the vercel.com documentation, there are two ways to upload files to Vercel Blob:

  • Server uploads: This is the most common way to upload files. The file is first sent to your server and then to Vercel Blob. It's straightforward to implement, but you are limited to the request body your server can handle. Which in case of a Vercel-hosted website is 4.5 MB. This means you can't upload files larger than 4.5 MB on Vercel when using this method.
  • Client uploads: This is a more advanced solution for when you need to upload larger files. The file is securely sent directly from the client (a browser for example) to Vercel Blob. This requires a bit more work to implement, but it allows you to upload files up to 5 TB.

Releasing

Make sure to include a changeset in your PR. You can do this by running:

pnpm changeset
git commit -am "changeset"
git push

Once such a commit gets merged in main, then GitHub will open a versioning PR you can merge. And the package will be automatically published to npm.

A note for Vite users

@vercel/blob reads the token from the environment variables on process.env. In general, process.env is automatically populated from your .env file during development, which is created when you run vc env pull. However, Vite does not expose the .env variables on process.env.

You can fix this in one of following two ways:

  • You can populate process.env yourself using something like dotenv-expand:
pnpm install --save-dev dotenv dotenv-expand

// vite.config.js
import dotenvExpand from 'dotenv-expand';
import { loadEnv, defineConfig } from 'vite';

export default defineConfig(({ mode }) => {
  // This check is important!
  if (mode === 'development') {
    const env = loadEnv(mode, process.cwd(), '');
    dotenvExpand.expand({ parsed: env });
  }

  return {
    ...
  };
});
  • You can provide the credentials explicitly, instead of relying on a zero-config setup. For example, this is how you could create a client in SvelteKit, which makes private environment variables available via $env/static/private:
import { put } from '@vercel/blob';
+ import { BLOB_TOKEN } from '$env/static/private';

const blob = await head("filepath", {
-  token: '<token>',
+  token: BLOB_TOKEN,
});

FAQs

Package last updated on 13 Mar 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025

Security News

NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025

Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.

By Sarah Gooding  -  Mar 28, 2025