Next.js

registrynpm

package namenext

maintainerVercel

Next.js is the most widely used React full-stack framework, providing file-based routing, Server Actions, API routes, SSR, and static generation. It runs server-side code that has access to environment variables, database connections, and internal APIs. Most modern React web applications and AI frontends are built on Next.js.

api usage

Checking Next.js

next 15.0.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=next&version=15.0.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "next",
  "version": "15.0.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Full-stack framework packages run in both the browser and the Node.js server process. A backdoored version can intercept environment variables and request data on the server side, then also modify client-side JavaScript bundles served to users.

Attestd monitors next using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages Vercel AI SDK Prisma Client TanStack React Router Response fields