Unexpected Commits by Vercel Bot in Private Repository

altair · January 3, 2025, 11:59am

Hi everyone,

Recently, I noticed that a bot named “turbobot-temp” is pushing to my private GitHub repository.

The repository is just a backup of all my projects, and I have no idea how this happened. Here’s what I did: from the root, I removed all the sub .git folders, ran git init, and pushed everything to my private repository back in September (the first and only commit at that time).

However, on December 17th and 18th, I saw that someone had co-authored commits with me. After checking the git log, I realized it was a Vercel bot updating my Next.js apps (screenshot attached below).

Can someone explain how this bot appeared out of nowhere, gained access, and committed changes? I never added the bot, and it doesn’t show up in the repository settings.

Thank you in advance for your help!

amyegan · January 6, 2025, 9:09pm

Hey @altair! I believe create-turbo uses the Turbo bot user for its commits. Could these commits have come from a recent local change?

github.com

vercel/turborepo/blob/e7405a6562096a8f78e9d5b0d63ff6b71d84985a/packages/create-turbo/src/utils/git.ts#L104-L111


      
          function gitCommit(message: string) {
            execSync(
              `git commit --author="Turbobot <turbobot@vercel.com>" -am "${message}"`,
              {
                stdio: "ignore",
              }
            );
          }

Topic		Replies	Views
Vercel deployment error Help	6	88	September 1, 2024
Question about github action and vercel Help nextjs	6	43	September 18, 2024
Automatic deployments no longer trigger for git-gateway commits Help	2	89	October 26, 2024
Vercel Github bot comment on a PR only lists the affected projects of the latest commit, instead of all commits in PR Help	1	15	October 10, 2024
Deployment issues? Help	9	71	December 1, 2024

Unexpected Commits by Vercel Bot in Private Repository

Related topics