**Status**: Production Ready
Uploads files to Vercel Blob storage with secure client-side and server-side patterns.
npx claudepluginhub secondsky/claude-skillsThis skill inherits all available tools. When active, it can use any tool Claude has access to.
assets/example-template.txtreferences/common-patterns.mdreferences/known-issues.mdscripts/example-script.shtemplates/avatar-upload-flow.tsxtemplates/drag-drop-upload.tsxtemplates/file-list-manager.tsxtemplates/package.jsonStatus: Production Ready
Last Updated: 2025-12-14
Dependencies: None
Latest Versions: @vercel/blob@2.0.0
# In Vercel dashboard: Storage → Create Database → Blob
vercel env pull .env.local
Creates: BLOB_READ_WRITE_TOKEN
bun add @vercel/blob
'use server';
import { put } from '@vercel/blob';
export async function uploadFile(formData: FormData) {
const file = formData.get('file') as File;
const blob = await put(file.name, file, {
access: 'public',
contentType: file.type
});
return blob.url;
}
import { put, del, list } from '@vercel/blob';
// Upload
const blob = await put('path/file.jpg', file, { access: 'public' });
// Delete
await del(blob.url);
// List with pagination
const { blobs, cursor } = await list({ prefix: 'uploads/', limit: 100 });
| Rule | Why |
|---|---|
| Use client upload tokens for client-side uploads | Never expose BLOB_READ_WRITE_TOKEN to client |
Set contentType explicitly | Correct browser handling for PDFs, videos |
Use access: 'public' for CDN caching | Private files bypass CDN |
| Validate file type and size before upload | Prevent invalid uploads |
| Use pathname organization | avatars/, uploads/, documents/ |
| Delete old files when replacing | Manage storage costs |
| Rule | Why |
|---|---|
Expose BLOB_READ_WRITE_TOKEN to client | Security vulnerability |
| Upload files >500MB without multipart | Use createMultipartUpload API |
| Use generic filenames | Use ${Date.now()}-${name} or addRandomSuffix: true |
| Skip file validation | Always validate type/size |
| Store sensitive data unencrypted | Encrypt before upload |
| Forget to handle pagination | list() returns max 1000 files |
This skill prevents 10 documented issues:
| # | Error | Quick Fix |
|---|---|---|
| 1 | BLOB_READ_WRITE_TOKEN not defined | Run vercel env pull .env.local |
| 2 | Client token exposed | Use handleUpload() for client uploads |
| 3 | File size exceeded (500MB) | Use multipart upload API |
| 4 | Wrong content-type | Set contentType: file.type |
| 5 | No CDN caching | Use access: 'public' |
| 6 | Missing files in list | Use cursor pagination |
| 7 | Delete fails silently | Use exact URL from put() |
| 8 | Upload timeout | Use client-side upload for large files |
| 9 | Filename collisions | Add timestamp or addRandomSuffix: true |
| 10 | State not updated | Use onUploadCompleted callback |
See: references/known-issues.md for complete solutions with code examples.
| Pattern | Use Case | Key API |
|---|---|---|
| Avatar Upload | User profile images | put, del |
| Protected Upload | Private documents | put with access: 'private' |
| Image Gallery | List & paginate | list with cursor |
| Client Upload | Large files, progress | upload, handleUpload |
| Multipart Upload | Files >500MB | createMultipartUpload, uploadPart |
| Batch Operations | Multiple files | Promise.all, del([...]) |
| Image Processing | Optimize before upload | sharp + put |
See: references/common-patterns.md for complete implementations.
Server Action (Token Generation):
'use server';
import { handleUpload, type HandleUploadBody } from '@vercel/blob/client';
export async function generateUploadToken(body: HandleUploadBody) {
return await handleUpload({
body,
request: new Request('https://dummy'),
onBeforeGenerateToken: async (pathname) => ({
allowedContentTypes: ['image/jpeg', 'image/png', 'image/webp'],
maximumSizeInBytes: 5 * 1024 * 1024
}),
onUploadCompleted: async ({ blob }) => {
// Save to database
await db.insert(uploads).values({ url: blob.url, pathname: blob.pathname });
}
});
}
Client Component:
'use client';
import { upload } from '@vercel/blob/client';
const blob = await upload(file.name, file, {
access: 'public',
handleUploadUrl: '/api/upload'
});
# Created by: vercel env pull .env.local
BLOB_READ_WRITE_TOKEN="vercel_blob_rw_xxxxx"
.env.local
.env*.local
| Reference | Load When... |
|---|---|
references/known-issues.md | Debugging upload errors, token issues, or CDN caching problems |
references/common-patterns.md | Implementing avatar uploads, galleries, client uploads, or multipart uploads |
{
"dependencies": {
"@vercel/blob": "^2.0.0"
}
}
Free Tier Limits: 100GB bandwidth/month, 500MB max file size
| Problem | Solution |
|---|---|
BLOB_READ_WRITE_TOKEN not defined | Run vercel env pull .env.local |
| File size exceeded (>500MB) | Use multipart upload API |
| Client upload fails | Use handleUpload() server-side |
| Files not deleting | Use exact URL from put() response |
Token Savings: ~60% (patterns extracted to references) Error Prevention: 100% (all 10 documented issues) Ready for production!
This skill should be used when the user asks about libraries, frameworks, API references, or needs code examples. Activates for setup questions, code generation involving libraries, or mentions of specific frameworks like React, Vue, Next.js, Prisma, Supabase, etc.
UI/UX design intelligence. 50 styles, 21 palettes, 50 font pairings, 20 charts, 9 stacks (React, Next.js, Vue, Svelte, SwiftUI, React Native, Flutter, Tailwind, shadcn/ui). Actions: plan, build, create, design, implement, review, fix, improve, optimize, enhance, refactor, check UI/UX code. Projects: website, landing page, dashboard, admin panel, e-commerce, SaaS, portfolio, blog, mobile app, .html, .tsx, .vue, .svelte. Elements: button, modal, navbar, sidebar, card, table, form, chart. Styles: glassmorphism, claymorphism, minimalism, brutalism, neumorphism, bento grid, dark mode, responsive, skeuomorphism, flat design. Topics: color palette, accessibility, animation, layout, typography, font pairing, spacing, hover, shadow, gradient. Integrations: shadcn/ui MCP for component search and examples.