vercel-known-pitfalls

Solid

Identify and avoid Vercel anti-patterns and common integration mistakes. Use when reviewing Vercel code for issues, onboarding new developers, or auditing existing Vercel deployments for best practice violations. Trigger with phrases like "vercel mistakes", "vercel anti-patterns", "vercel pitfalls", "vercel what not to do", "vercel code review".

AI & Automation 2,266 stars 315 forks Updated today MIT

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Vercel Known Pitfalls ## Overview Catalog of the most common Vercel anti-patterns with severity ratings, detection methods, and fixes. Organized by category: secret exposure, serverless function mistakes, edge runtime violations, configuration errors, and cost traps. ## Prerequisites - Access to Vercel codebase for review - Understanding of Vercel's deployment model - Familiarity with `vercel-common-errors` for error codes ## Instructions ### Category 1: Secret Exposure (Critical) **P1: Secrets in NEXT_PUBLIC_ variables** ```typescript // BAD — exposed in client JavaScript bundle, visible to anyone const apiKey = process.env.NEXT_PUBLIC_API_SECRET; // This value is inlined at build time into the browser bundle // GOOD — server-only access const apiKey = process.env.API_SECRET; // Only accessible in serverless functions and server components ``` - **Detection:** `grep -r 'NEXT_PUBLIC_.*SECRET\|NEXT_PUBLIC_.*KEY\|NEXT_PUBLIC_.*TOKEN' src/` - **Fix:** Remove `NEXT_PUBLIC_` prefix, rotate the exposed secret immediately **P2: Hardcoded credentials in source** ```typescript // BAD const client = new Client({ apiKey: 'sk_live_abc123' }); // GOOD const client = new Client({ apiKey: process.env.API_KEY }); ``` - **Detection:** `grep -rE 'sk_live|sk_test|Bearer [a-zA-Z0-9]{20,}' src/ api/` - **Fix:** Move to environment variables, add pre-commit hook **P3: Secrets in vercel.json** ```json // BAD — vercel.json is committed to git { "env": { "API_KEY": "sk_live_abc123" } } ...

Details

Author
jeremylongshore
Repository
jeremylongshore/claude-code-plugins-plus-skills
Created
7 months ago
Last Updated
today
Language
Python
License
MIT

Integrates with

Anthropic · AI Vercel · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Solid

vercel-policy-guardrails

Implement lint rules, CI policy checks, and automated guardrails for Vercel projects. Use when setting up code quality rules, preventing secret exposure, or enforcing deployment policies for Vercel applications. Trigger with phrases like "vercel policy", "vercel lint", "vercel guardrails", "vercel best practices check", "vercel secret scan".

2,266 Updated today
jeremylongshore
AI & Automation Solid

vercel-security-basics

Apply Vercel security best practices for secrets, headers, and access control. Use when securing API keys, configuring security headers, or auditing Vercel security configuration. Trigger with phrases like "vercel security", "vercel secrets", "secure vercel", "vercel headers", "vercel CSP".

2,266 Updated today
jeremylongshore
DevOps & Infrastructure Solid

vercel-deployment

Expert knowledge for deploying to Vercel with Next.js Use when: vercel, deploy, deployment, hosting, production.

27,681 Updated today
davila7
AI & Automation Solid

vercel-common-errors

Diagnose and fix common Vercel deployment and function errors. Use when encountering Vercel errors, debugging failed deployments, or troubleshooting serverless function issues. Trigger with phrases like "vercel error", "fix vercel", "vercel not working", "debug vercel", "vercel 500", "vercel build failed".

2,266 Updated today
jeremylongshore
DevOps & Infrastructure Listed

vercel-deployment

Expert knowledge for deploying to Vercel with Next.js Use when: vercel, deploy, deployment, hosting, production.

335 Updated today
aiskillstore