Vercel accuses Cloudflare of stealing
Theo breaks down how Cloudflare’s Sunil Pai accidentally sparked a Vercel drama by vibe-coding a fork of Malte Ubl’s just-bash into the Cloudflare agents monorepo.
- Sunil Pai forked Vercel’s just-bash into @cloudflare/shell while on vacation in Spain, using an agent to port it — he never intended it as an official release.
- The fork stripped beta disclaimers, security warnings, and defense-in-depth protections (eval lockdown, prototype-pollution checks) built for Node.js environments.
- Cloudflare replaced just-bash’s secure Pyodide wrapper with one that gives Python full access to the JS host — a genuine sandbox escape risk.
- Vercel built just-bash to keep AI agents in a fake bash layer above Node, preventing breakout to real shell; Cloudflare needs it for the opposite reason — workers can’t exec real bash at all.
- Vercel runs per-developer Docker images on Linux; Cloudflare runs all dev code in shared V8 isolates (workerd), making many Node security abstractions incompatible or unnecessary.
- Malte published a public accusation without DMing Sunil first; Sunil’s reply confirmed it was a personal experiment; Malte later deleted the post and publicly apologized.
- This followed Cloudflare’s earlier Vinext fork of Next.js on Vite, which shipped 10 security vulnerabilities to at least one .gov site, poisoning good-faith assumptions.
2026-03-19 · Watch on YouTube
