A place for developers to talk about building on Farcaster.

/dev

Are you using Vercel to host your websites?

Note that the VERCEL_TOKEN isn’t project-scoped⚠️

If an attacker compromises your CI pipeline for a docs site, and both the docs and the main UI are on Vercel, they can deploy a malicious version of your main UI.

I posted in the Vercel community forum about this issue, and they said that project-scoped API tokens are on the roadmap:

Co-Founder at sablier.com, and open-source developer. I have a broad range of interests, including longevity, epistemology, physics, and psychology.

I posted in the Vercel community forum about this issue, and they said that project-scoped API tokens are on the roadmap:

https://community.vercel.com/t/project-level-scope-for-api-tokens/6568