You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP →
@vercel/build-utils
Advanced tools
@vercel/build-utils - npm Package Compare versions
| import FileBlob from '../file-blob'; | ||
| /** | ||
| * A type to represent the encrypted environment file that needs to be | ||
| * attached to Lambdas with ENV > 4kb | ||
| */ | ||
| export type EncryptedEnvFile = [string, FileBlob]; | ||
| /** | ||
| * Get the encrypted environment file from the environment variables if it | ||
| * exists and it is supported by the runtime. | ||
| */ | ||
| export declare function getEncryptedEnv(envFilename: string | undefined, envContent: string | undefined): EncryptedEnvFile | undefined; |
| "use strict"; | ||
| var __create = Object.create; | ||
| var __defProp = Object.defineProperty; | ||
| var __getOwnPropDesc = Object.getOwnPropertyDescriptor; | ||
| var __getOwnPropNames = Object.getOwnPropertyNames; | ||
| var __getProtoOf = Object.getPrototypeOf; | ||
| var __hasOwnProp = Object.prototype.hasOwnProperty; | ||
| var __export = (target, all) => { | ||
| for (var name in all) | ||
| __defProp(target, name, { get: all[name], enumerable: true }); | ||
| }; | ||
| var __copyProps = (to, from, except, desc) => { | ||
| if (from && typeof from === "object" || typeof from === "function") { | ||
| for (let key of __getOwnPropNames(from)) | ||
| if (!__hasOwnProp.call(to, key) && key !== except) | ||
| __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); | ||
| } | ||
| return to; | ||
| }; | ||
| var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps( | ||
| // If the importer is in node compatibility mode or this is not an ESM | ||
| // file that has been converted to a CommonJS file using a Babel- | ||
| // compatible transform (i.e. "__esModule" has not been set), then set | ||
| // "default" to the CommonJS "module.exports" for node compatibility. | ||
| isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, | ||
| mod | ||
| )); | ||
| var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); | ||
| var get_encrypted_env_file_exports = {}; | ||
| __export(get_encrypted_env_file_exports, { | ||
| getEncryptedEnv: () => getEncryptedEnv | ||
| }); | ||
| module.exports = __toCommonJS(get_encrypted_env_file_exports); | ||
| var import_file_blob = __toESM(require("../file-blob")); | ||
| function getEncryptedEnv(envFilename, envContent) { | ||
| if (!envFilename || !envContent) { | ||
| return; | ||
| } | ||
| return [ | ||
| envFilename, | ||
| new import_file_blob.default({ data: Buffer.from(envContent, "base64") }) | ||
| ]; | ||
| } | ||
| // Annotate the CommonJS export names for ESM import in node: | ||
| 0 && (module.exports = { | ||
| getEncryptedEnv | ||
| }); |
| /// <reference types="node" /> | ||
| import { type BytecodeCachingOptions } from './get-lambda-preload-scripts'; | ||
| interface LambdaLike { | ||
| awsLambdaHandler?: string; | ||
| launcherType?: string; | ||
| runtime: string; | ||
| shouldAddHelpers?: boolean; | ||
| shouldAddSourcemapSupport?: boolean; | ||
| useWebApi?: boolean; | ||
| shouldDisableAutomaticFetchInstrumentation?: boolean; | ||
| } | ||
| /** | ||
| * Extract system environment variables that need to be injected in the Lambda. | ||
| * Buffer is required just to determine if Bytecode Caching should be enabled | ||
| * but it doesn't need to be super precise. | ||
| */ | ||
| export declare function getLambdaEnvironment(lambda: LambdaLike, buffer: Buffer, options: BytecodeCachingOptions): Record<string, string>; | ||
| export {}; |
| "use strict"; | ||
| var __defProp = Object.defineProperty; | ||
| var __getOwnPropDesc = Object.getOwnPropertyDescriptor; | ||
| var __getOwnPropNames = Object.getOwnPropertyNames; | ||
| var __hasOwnProp = Object.prototype.hasOwnProperty; | ||
| var __export = (target, all) => { | ||
| for (var name in all) | ||
| __defProp(target, name, { get: all[name], enumerable: true }); | ||
| }; | ||
| var __copyProps = (to, from, except, desc) => { | ||
| if (from && typeof from === "object" || typeof from === "function") { | ||
| for (let key of __getOwnPropNames(from)) | ||
| if (!__hasOwnProp.call(to, key) && key !== except) | ||
| __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); | ||
| } | ||
| return to; | ||
| }; | ||
| var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); | ||
| var get_lambda_environment_exports = {}; | ||
| __export(get_lambda_environment_exports, { | ||
| getLambdaEnvironment: () => getLambdaEnvironment | ||
| }); | ||
| module.exports = __toCommonJS(get_lambda_environment_exports); | ||
| var import_get_lambda_preload_scripts = require("./get-lambda-preload-scripts"); | ||
| function getLambdaEnvironment(lambda, buffer, options) { | ||
| const environment = {}; | ||
| if ("launcherType" in lambda && lambda.launcherType === "Nodejs") { | ||
| if (lambda.awsLambdaHandler) { | ||
| environment.AWS_LAMBDA_HANDLER = lambda.awsLambdaHandler; | ||
| } | ||
| if (lambda.shouldAddHelpers) { | ||
| environment.VERCEL_SHOULD_ADD_HELPERS = "1"; | ||
| } | ||
| if (lambda.useWebApi === true) { | ||
| environment.VERCEL_USE_WEB_API = "1"; | ||
| } | ||
| if (lambda.shouldAddSourcemapSupport) { | ||
| environment.VERCEL_SOURCE_MAP = "1"; | ||
| } | ||
| if (lambda.shouldDisableAutomaticFetchInstrumentation) { | ||
| environment.VERCEL_TRACING_DISABLE_AUTOMATIC_FETCH_INSTRUMENTATION = "1"; | ||
| } | ||
| const scripts = (0, import_get_lambda_preload_scripts.getLambdaPreloadScripts)(lambda, buffer, options); | ||
| if (scripts.length > 0) { | ||
| environment.VERCEL_NODE_PRELOAD_SCRIPTS = scripts.join(","); | ||
| } | ||
| } | ||
| return environment; | ||
| } | ||
| // Annotate the CommonJS export names for ESM import in node: | ||
| 0 && (module.exports = { | ||
| getLambdaEnvironment | ||
| }); |
| /// <reference types="node" /> | ||
| export interface BytecodeCachingOptions { | ||
| vercelEnv: string | undefined; | ||
| useBytecodeCaching: string | undefined; | ||
| useNativeBytecodeCaching: string | undefined; | ||
| bytecodeCachingThreshold: string | undefined; | ||
| } | ||
| interface LambdaLike { | ||
| framework?: { | ||
| slug: string; | ||
| }; | ||
| runtime: string; | ||
| shouldAddSourcemapSupport?: boolean; | ||
| } | ||
| /** | ||
| * Returns an array of scripts that should be preloaded in Node.js Lambdas. | ||
| * The `buffer` parameter is needed to decide wether or not to enable Bytecode | ||
| * Caching so it doesn't **need** to be exact (we can leave out the env layer) | ||
| */ | ||
| export declare function getLambdaPreloadScripts(lambda: LambdaLike, buffer: Buffer, options: BytecodeCachingOptions): string[]; | ||
| export {}; |
| "use strict"; | ||
| var __defProp = Object.defineProperty; | ||
| var __getOwnPropDesc = Object.getOwnPropertyDescriptor; | ||
| var __getOwnPropNames = Object.getOwnPropertyNames; | ||
| var __hasOwnProp = Object.prototype.hasOwnProperty; | ||
| var __export = (target, all) => { | ||
| for (var name in all) | ||
| __defProp(target, name, { get: all[name], enumerable: true }); | ||
| }; | ||
| var __copyProps = (to, from, except, desc) => { | ||
| if (from && typeof from === "object" || typeof from === "function") { | ||
| for (let key of __getOwnPropNames(from)) | ||
| if (!__hasOwnProp.call(to, key) && key !== except) | ||
| __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); | ||
| } | ||
| return to; | ||
| }; | ||
| var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); | ||
| var get_lambda_preload_scripts_exports = {}; | ||
| __export(get_lambda_preload_scripts_exports, { | ||
| getLambdaPreloadScripts: () => getLambdaPreloadScripts | ||
| }); | ||
| module.exports = __toCommonJS(get_lambda_preload_scripts_exports); | ||
| function getLambdaPreloadScripts(lambda, buffer, options) { | ||
| const scripts = []; | ||
| if (lambda.shouldAddSourcemapSupport) { | ||
| scripts.push("/opt/rust/source-map-support.js"); | ||
| } | ||
| const BYTECODE_MIN_SIZE_BYTES = (Number.parseInt(options.bytecodeCachingThreshold || "", 10) || 400) * 1024; | ||
| if (options.vercelEnv === "production" && options.useBytecodeCaching === "1" && ["nodejs20.x", "nodejs22.x", "nodejs24.x"].includes(lambda.runtime) && buffer.byteLength >= BYTECODE_MIN_SIZE_BYTES) { | ||
| scripts.push( | ||
| ["nodejs22.x", "nodejs24.x"].includes(lambda.runtime) && options.useNativeBytecodeCaching === "1" ? "/opt/rust/bytecode-native.js" : "/opt/rust/bytecode.js" | ||
| ); | ||
| } | ||
| if (lambda.framework?.slug === "nextjs") { | ||
| scripts.push("/opt/rust/next-data.js"); | ||
| } | ||
| return scripts; | ||
| } | ||
| // Annotate the CommonJS export names for ESM import in node: | ||
| 0 && (module.exports = { | ||
| getLambdaPreloadScripts | ||
| }); |
| import type { Files } from '../types'; | ||
| interface LambdaLike { | ||
| files?: Files; | ||
| handler: string; | ||
| launcherType?: string; | ||
| runtime: string; | ||
| supportsResponseStreaming?: boolean; | ||
| } | ||
| export interface SupportsStreamingResult { | ||
| supportsStreaming: boolean | undefined; | ||
| error?: { | ||
| handler: string; | ||
| message: string; | ||
| }; | ||
| } | ||
| /** | ||
| * Determines if a Lambda should have streaming enabled. If | ||
| * `forceStreamingRuntime` is true, streaming is always enabled. If the | ||
| * setting is defined it will be honored. For Node.js it checks the handler | ||
| * exports which is why it needs to be asynchronous. | ||
| */ | ||
| export declare function getLambdaSupportsStreaming(lambda: LambdaLike, forceStreamingRuntime: boolean): Promise<SupportsStreamingResult>; | ||
| export {}; |
| "use strict"; | ||
| var __defProp = Object.defineProperty; | ||
| var __getOwnPropDesc = Object.getOwnPropertyDescriptor; | ||
| var __getOwnPropNames = Object.getOwnPropertyNames; | ||
| var __hasOwnProp = Object.prototype.hasOwnProperty; | ||
| var __export = (target, all) => { | ||
| for (var name in all) | ||
| __defProp(target, name, { get: all[name], enumerable: true }); | ||
| }; | ||
| var __copyProps = (to, from, except, desc) => { | ||
| if (from && typeof from === "object" || typeof from === "function") { | ||
| for (let key of __getOwnPropNames(from)) | ||
| if (!__hasOwnProp.call(to, key) && key !== except) | ||
| __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); | ||
| } | ||
| return to; | ||
| }; | ||
| var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod); | ||
| var get_lambda_supports_streaming_exports = {}; | ||
| __export(get_lambda_supports_streaming_exports, { | ||
| getLambdaSupportsStreaming: () => getLambdaSupportsStreaming | ||
| }); | ||
| module.exports = __toCommonJS(get_lambda_supports_streaming_exports); | ||
| var import_cjs_module_lexer = require("cjs-module-lexer"); | ||
| var import_es_module_lexer = require("es-module-lexer"); | ||
| async function getLambdaSupportsStreaming(lambda, forceStreamingRuntime) { | ||
| if (forceStreamingRuntime) { | ||
| return { supportsStreaming: true }; | ||
| } | ||
| if (typeof lambda.supportsResponseStreaming === "boolean") { | ||
| return { supportsStreaming: lambda.supportsResponseStreaming }; | ||
| } | ||
| if ("launcherType" in lambda && lambda.launcherType === "Nodejs") { | ||
| return lambdaShouldStream(lambda); | ||
| } | ||
| return { supportsStreaming: void 0 }; | ||
| } | ||
| const HTTP_METHODS = [ | ||
| "GET", | ||
| "HEAD", | ||
| "OPTIONS", | ||
| "POST", | ||
| "PUT", | ||
| "DELETE", | ||
| "PATCH" | ||
| ]; | ||
| async function lambdaShouldStream(lambda) { | ||
| const stream = lambda.files?.[lambda.handler]?.toStream(); | ||
| if (!stream) { | ||
| return { supportsStreaming: void 0 }; | ||
| } | ||
| try { | ||
| const buffer = await streamToBuffer(stream); | ||
| const names = await getFileExports(lambda.handler, buffer.toString("utf8")); | ||
| for (const name of names) { | ||
| if (HTTP_METHODS.includes(name)) { | ||
| return { supportsStreaming: true }; | ||
| } | ||
| } | ||
| } catch (err) { | ||
| return { | ||
| supportsStreaming: void 0, | ||
| error: { handler: lambda.handler, message: String(err) } | ||
| }; | ||
| } | ||
| return { supportsStreaming: void 0 }; | ||
| } | ||
| async function getFileExports(filename, content) { | ||
| if (filename.endsWith(".mjs")) { | ||
| await import_es_module_lexer.init; | ||
| return (0, import_es_module_lexer.parse)(content)[1].map((specifier) => specifier.n); | ||
| } | ||
| try { | ||
| await (0, import_cjs_module_lexer.init)(); | ||
| return (0, import_cjs_module_lexer.parse)(content).exports; | ||
| } catch { | ||
| await import_es_module_lexer.init; | ||
| return (0, import_es_module_lexer.parse)(content)[1].map((specifier) => specifier.n); | ||
| } | ||
| } | ||
| function streamToBuffer(stream) { | ||
| return new Promise((resolve, reject) => { | ||
| const buffers = []; | ||
| stream.on("error", (err) => { | ||
| reject(err); | ||
| }); | ||
| stream.on("data", (buffer) => { | ||
| buffers.push(buffer); | ||
| }); | ||
| stream.on("end", () => { | ||
| resolve(Buffer.concat(buffers)); | ||
| }); | ||
| }); | ||
| } | ||
| // Annotate the CommonJS export names for ESM import in node: | ||
| 0 && (module.exports = { | ||
| getLambdaSupportsStreaming | ||
| }); |
+6
-0
| # @vercel/build-utils | ||
| ## 13.11.0 | ||
| ### Minor Changes | ||
| - Add `process-serverless` utilities: `getLambdaEnvironment`, `getLambdaPreloadScripts`, `getLambdaSupportsStreaming`, and `getEncryptedEnv`. ([#15712](https://github.com/vercel/vercel/pull/15712)) | ||
| ## 13.10.0 | ||
@@ -4,0 +10,0 @@ |
+4
-0
@@ -39,1 +39,5 @@ import FileBlob from './file-blob'; | ||
| export * from './python'; | ||
| export { getEncryptedEnv, type EncryptedEnvFile, } from './process-serverless/get-encrypted-env-file'; | ||
| export { getLambdaEnvironment } from './process-serverless/get-lambda-environment'; | ||
| export { getLambdaPreloadScripts, type BytecodeCachingOptions, } from './process-serverless/get-lambda-preload-scripts'; | ||
| export { getLambdaSupportsStreaming, type SupportsStreamingResult, } from './process-serverless/get-lambda-supports-streaming'; |
+5
-3
| { | ||
| "name": "@vercel/build-utils", | ||
| "version": "13.10.0", | ||
| "version": "13.11.0", | ||
| "license": "Apache-2.0", | ||
@@ -14,2 +14,4 @@ "main": "./dist/index.js", | ||
| "dependencies": { | ||
| "cjs-module-lexer": "1.2.3", | ||
| "es-module-lexer": "1.5.0", | ||
| "@vercel/python-analysis": "0.11.0" | ||
@@ -54,4 +56,4 @@ }, | ||
| "json5": "2.2.3", | ||
| "@vercel/error-utils": "2.0.3", | ||
| "@vercel/routing-utils": "6.1.1" | ||
| "@vercel/routing-utils": "6.1.1", | ||
| "@vercel/error-utils": "2.0.3" | ||
| }, | ||
@@ -58,0 +60,0 @@ "scripts": { |
Sorry, the diff of this file is too big to display
New alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 11 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 3 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Fixed alerts
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 11 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 3 instances in 1 package
Long strings
Supply chain riskContains long string literals, which may be a sign of obfuscated or packed code.
Found 1 instance in 1 package
URL strings
Supply chain riskPackage contains fragments of external URLs or IP addresses, which the package may be accessing at runtime.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
1490094
4.57%- Number of package files
98
8.89%- Lines of code
33337
2.26%Worsened metrics
- Dependency count
3
200%Dependency changes
+ Added
cjs-module-lexer@1.2.3+ Added
es-module-lexer@1.5.0+ Added
cjs-module-lexer@1.2.3(transitive)+ Added
es-module-lexer@1.5.0(transitive)