In its April 23 update, Vercel disclosed customer accounts compromised prior to and independently of the Context.ai incident. Covering the Lumma Stealer infection path, the ShinyHunters $2M BreachForums listing, and what non-sensitive environment variables actually mean.
Vercel's official incident disclosure published on April 19, 2026. A walk-through of how a compromise of Context.ai's Google Workspace OAuth app led to Vercel employee account takeover and access to environment variables in some customer projects, plus the checks users should run right now.
An Astro 6 build on Vercel started failing because a generated `_astro/*astro_type_script*` chunk hit an esbuild parse error. Stripping TypeScript syntax was not enough. The stable workaround was to bypass Astro's script transformation path with page-local imports from `public/vendor`.
Use gh-setup-hooks to install the GitHub CLI automatically and complete the whole flow, from branch merge to Vercel deploy, directly in the web environment.
