Industry News

The AI SDK powers incredible applications across the web, and today we're announcing the Chat SDK—a best-in-class, production-ready template for building conversational AI applications like ChatGPT or Claude artifacts. Read more Continue reading...

Node.js 18 (LTS support ends April 30, 2025) and the Vercel legacy build image will be deprecated on August 1, 2025. If you are still using the legacy build image on this date, new builds will display an error. How do I know if I am still using the legacy build image? Projects using Node.js 18.x in Build and Deployment Settings use the legacy build image Projects using overrides in package.json use the legacy build image What changes between the legacy build image and latest build image? The minimum version of Node.js is now 20.x The Python toolchain version is now 3.12 The Ruby toolchain version is now 3.3.x Will my existing deployments be affected? Existing deployments will not be affected. However, the Node.js...

Composable commerce projects frequently become overly complex, leading to missed objectives and unnecessary costs. At Vercel, we take a no-nonsense approach to composable commerce that's solely focused on business outcomes. Architecture should serve the business, not the other way around. Ivory tower architectures disconnected from clear business goals inevitably lead to projects plagued by runaway costs. Here are five truths we stand by when it comes to composable commerce: Read more Continue reading...

In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers. Summary To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests: However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. Impact While the exploitation of this vulnerability is unlikely due to an attacker requiring control of the third-party, we want to be...

Teams using Vercel Secure Compute can now associate each project environment—Production, Preview, and custom—with a distinct Secure Compute network, directly from the project settings. This simplifies environment-specific network isolation within a single project. To connect your project's environments to Secure Compute: Navigate to your project's Secure Compute settings For every environment you want to connect to Secure Compute: Select an active network Optionally, select a passive network to enable failover Optionally, enable builds to include the project's build container in the network Click Save to persist your changes Learn more about Secure Compute. Read more Continue reading...

Users can now secure their accounts using Multi-Factor Authentication (MFA) with Time-based One-Time Passwords (TOTP), commonly provided by authenticator apps like Google Authenticator or Authy. Your current Passkeys (WebAuthn keys) can also be used as second factors. MFA adds an extra security layer to protect your account even if the initial login method is compromised. To Enable MFA: Navigate to Authentication in Account Settings and enable MFA Log in using your existing method (email OTP or Git provider) as your first factor Complete authentication with a TOTP authenticator as your second factor Important information: Passkey logins (WebAuthn) are inherently two-factor and won't prompt for additional verification...

PAIGE, a leading denim and apparel retailer, faced significant technical complexity due to their existing ecommerce architecture. Seeking a faster and more reliable online experience, they reimagined their ecommerce strategy by adopting a simpler headless tech stack—one powered by Shopify, Next.js, and Vercel—that ultimately boosted their Black Friday revenue by 22% and increased conversion rates by 76%. Read more Continue reading...

Last week, we published CVE-2025-29927 and patched a critical severity vulnerability in Next.js. Here’s our post-incident analysis and next steps. Read more Continue reading...

The Flags SDK 3.2 release adds support for precomputed feature flags in SvelteKit, making it easier to experiment on marketing pages while keeping them fast and avoiding layout shift. Precomputed flags evaluate in Edge Middleware to decide which variant of a page to show. This keeps pages static, resulting in low global latency as static variants can be served through the Edge Network. Precompute handles the combinatory explosion when using multiple feature flags statically. Generate different variants of a page at build time, rely on Incremental Static Regeneration to only build a specific combinations on demand, and more. We also improved the Flags SDK documentation by splitting it across different frameworks and explicitly...

Vercel now caches dependencies for projects using Yarn 2 and newer, reducing install times and improving build performance. Previously, caching was only supported for npm, pnpm, Bun, and Yarn 1. To disable caching, set the environment variable VERCEL_FORCE_NO_BUILD_CACHE with a value of 1 in your project settings. If you're using Yarn 4, enable Corepack, as recommended by Yarn. Visit the Build Cache documentation to learn more. Read more Continue reading...

Verified webhook providers—including Stripe and PayPal—are now automatically allowed in Attack Challenge Mode, ensuring uninterrupted payment processing. Well-behaved bots from major search engines, such as Googlebot, and analytics platforms are also supported. Vercel Cron Jobs are now exempt from challenges when running in the same account. Like other trusted internal traffic, they bypass Attack Challenge Mode automatically. To block specific known bots, create a custom rule that matches their User Agent. Known bots are validated to be authentic and cannot be spoofed to bypass Attack Challenge Mode. Learn more about Attack Challenge Mode and how Vercel maintains its directory of legitimate bots. Read more Continue reading...

When I started Vercel, my vision was simple: make building for the web more accessible and more powerful. That belief has fueled Vercel’s growth, empowering developers to bring their biggest ideas to life. Today, we’re welcoming Jeanne DeWitt Grosser, former Chief Business Officer at Stripe, as Vercel’s Chief Operating Officer to help further this mission. Vercel is building the foundation to power the next billion developers. Achieving this vision requires strong leadership and operational excellence. As COO, Jeanne will lead our go-to-market function. Read more Continue reading...

Bulk aliasing for multi-tenant applications now runs significantly faster, reducing total aliasing time by up to 95%. Multi-tenant applications on Vercel let a single project serve many customers behind the scenes. These applications are often fronted by hundreds or thousands of domains. Previously, aliasing—the process of pointing a domain to a different deployment—was a slow process that added significant overhead to deployments. This optimization is now live for all customers and has led to dramatic improvements, like: App with 13,254 domains: ~10min → 28 seconds App with 23,743 domains: 8min 37secs → 26 seconds Learn more about multi-tenant applications on Vercel. Read more Continue reading...

Users of v0—our collaborative AI assistant used to design, iterate, and scale full-stack applications—can now leverage integrations from the Vercel Marketplace, starting with Upstash, Neon, and Supabase. Install directly from the project sidebar or within v0’s chat interface. When added, these integrations redirect you to the Vercel Marketplace where you can configure environment variables, available to both Vercel and v0. Explore a example generation. Read more Continue reading...

We’ve updated Log Drains pricing on all Pro and Enterprise plans, reducing the charge increments. Data transferred for Log Drains will be billed at $0.50 per 1GB, instead of the previous $10 per 20GB, providing more precise usage tracking and better cost efficiency. Learn more about Log Drains. Read more Continue reading...

The Vercel Marketplace now has an AI category for tools to integrate AI models and services directly into Vercel projects. Groq, fal, and DeepInfra are available as first-party integrations, allowing users to: Seamlessly connect and experiment with various AI models to power generative applications, embeddings, and more Deploy and run inference with high-performance AI models, optimized for speed and efficiency Leverage single sign-on and integrated billing through Vercel, including new prepaid options for better cost control With prepaid plan options, users can now manage AI costs more predictably by purchasing credits upfront from a model provider. These credits can be used across any model offered by that provider...

We have deployed a proactive security update to the Vercel Firewall, protecting against a recently disclosed vulnerability in the xml-crypto package, dubbed SAMLStorm (CVE-2025-29774 and CVE-2025-29775). This vulnerability, which affects various SAML implementations, could allow attackers to bypass authentication mechanisms. What This Means for Vercel Customers Automatic protection with the Vercel Firewall: Vercel Firewall automatically mitigates this risk for you, but updating xml-crypto is still recommended Update xml-crypto: If you're using xml-crypto package 6.0.0 and earlier, or a package that depends on xml-crypto, update to 6.0.1, 3.2.1, or 2.1.6 for the patched versions We'll continue to monitor for new developments and...

xAI's Grok models are now available in the Vercel Marketplace, making it easy to integrate conversational AI into your Vercel projects. Get started with xAI's free plan—no additional signup through the Marketplace Access Grok's large language models (LLMs) directly from your Vercel projects Simplify authentication and API key management through automatically configured environment variables Pay only for what you use with integrated billing through Vercel To get started, you can use the AI SDK xAI provider in your project: Then, install the xAI Marketplace Integration with Vercel CLI (or from the dashboard): Once you've accepted the terms, you'll be able to use Grok models from within your project, with no additional...

Vercel now maps dependencies in your package manager’s lockfile to applications in your monorepo. Deployments only occur for applications using updated dependencies. This feature is based on Turborepo's lockfile analysis, supporting the package managers listed as stable in Turborepo's Support Policy. Previously, any change to the lockfile would redeploy all applications in the monorepo since it was treated as a shared input. Now, Vercel inspects the lockfile’s contents to determine which applications have dependency changes, further reducing potential queue times. Learn more about skipping unaffected projects in monorepos. Read more Continue reading...

Vercel provides the tools and infrastructure to build AI-native web applications. We're partnering with xAI to bring their powerful Grok models directly to Vercel projects through the Vercel Marketplace—and soon v0—with no additional signup required. To help you get started, xAI is introducing a new free tier through Vercel to enable quick prototyping and experimentation. These Grok models now power our official Next.js AI chatbot template with the AI SDK. This is a part of our ongoing effort to make using AI frictionless on Vercel. Read more Continue reading...