Address Copilot review nits

Fixes US spelling (recognised -> recognized) across docs, QLDoc,
change note, and test fixture comments. Clarifies the handler QLDoc
to note sync/async support. Renames the supported-frameworks entry
from "vercel" to "Vercel (@vercel/node)" to avoid implying broader
platform coverage.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

javascript/ql/lib/change-notes/2026-04-12-vercel-node.md

@@ -1,4 +1,4 @@
 ---
 category: newFeature
 ---
-* Added support for [`@vercel/node`](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions. Handlers are recognised via the `VercelRequest`/`VercelResponse` TypeScript parameter types, and standard security queries (`js/reflected-xss`, `js/request-forgery`, `js/sql-injection`, `js/command-line-injection`, etc.) now detect vulnerabilities in Vercel API route files.
+* Added support for [`@vercel/node`](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions. Handlers are recognized via the `VercelRequest`/`VercelResponse` TypeScript parameter types, and standard security queries (`js/reflected-xss`, `js/request-forgery`, `js/sql-injection`, `js/command-line-injection`, etc.) now detect vulnerabilities in Vercel API route files.

javascript/ql/lib/semmle/javascript/frameworks/VercelNode.qll

@@ -9,9 +9,10 @@ import semmle.javascript.frameworks.HTTP
  * Provides classes for working with [@vercel/node](https://www.npmjs.com/package/@vercel/node) Vercel serverless functions.
  *
  * A Vercel serverless function is a module whose default export is a function
- * with signature `(req: VercelRequest, res: VercelResponse) => void`, where
- * the types are imported from the `@vercel/node` package. The Vercel runtime
- * invokes the default export for every incoming HTTP request.
+ * taking parameters `(req: VercelRequest, res: VercelResponse)`, where the
+ * types are imported from the `@vercel/node` package. The default export may
+ * be synchronous or `async`, and the Vercel runtime invokes it for every
+ * incoming HTTP request.
  */
 module VercelNode {
   /**
@@ -20,7 +21,7 @@ module VercelNode {
    * `VercelResponse` from `@vercel/node`.
    *
    * Since `@vercel/node` is commonly imported as a type-only import, handlers
-   * are recognised by their TypeScript parameter types. The default-export
+   * are recognized by their TypeScript parameter types. The default-export
    * constraint excludes private helpers or test utilities that share the
    * same signature.
    */

javascript/ql/test/library-tests/frameworks/vercel/src/notahandler.ts

@@ -2,7 +2,7 @@ import type { VercelRequest, VercelResponse } from "@vercel/node";
 
 // A default-exported function that has VercelRequest/VercelResponse at
 // positions 1 and 2, not 0 and 1. Vercel does not invoke it this way,
-// so it must NOT be recognised as a route handler.
+// so it must NOT be recognized as a route handler.
 export default function notAHandler(ctx: unknown, req: VercelRequest, res: VercelResponse) {
   res.send(req.query.name);
 }

javascript/ql/test/library-tests/frameworks/vercel/src/now.ts

@@ -1,7 +1,7 @@
 import type { NowRequest, NowResponse } from "@now/node";
 
 // Legacy Zeit-era aliases. The model should treat these identically to
-// the modern @vercel/node NowRequest -> VercelRequest, NowResponse -> VercelResponse.
+// the modern @vercel/node types (NowRequest -> VercelRequest, NowResponse -> VercelResponse).
 export default function handler(req: NowRequest, res: NowResponse) {
   res.send(req.query.name);
 }

javascript/ql/test/library-tests/frameworks/vercel/src/vercel.ts

@@ -1,6 +1,6 @@
 import type { VercelRequest, VercelResponse } from "@vercel/node";
 
-// A private helper with the same signature. Must NOT be recognised as a
+// A private helper with the same signature. Must NOT be recognized as a
 // route handler, since Vercel only invokes the default export.
 function internalHelper(req: VercelRequest, res: VercelResponse) {
   res.send(req.query.name);