← Home

@ai-sdk/anthropic

npm Repository Homepage

The **[Anthropic provider](https://ai-sdk.dev/providers/ai-sdk-providers/anthropic)** for the [AI SDK](https://ai-sdk.dev/docs) contains language model support for the [Anthropic Messages API](https://docs.anthropic.com/claude/reference/messages_post).

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
semgrep semgrep:base64-decode AI (semgrep): Base64 decoding in this SDK is used to convert binary content (e.g., images) passed to the Anthropic API. This is standard, documented behavior for an AI provider SDK — not a malicious payload pattern. ai
provenance publisher-changed AI (provenance): Transition from jaredpalmer to vercel-release-bot is Vercel's standard CI/CD publish pattern; bot has 403 approved packages and 1528-day history. ai
provenance missing-githead AI (provenance): Consequence of moving to vercel-release-bot CI/CD pipeline; not a security concern for this well-established Vercel package. ai
npm-metadata suspicious-initial-version AI (npm-metadata): The @ai-sdk monorepo uses 0.0.0 as a standard placeholder version across all its packages. This is a known pattern for this publisher, not a malicious signal. ai
source-diff large-new-source-files AI (source-diff): 40 new files reflect major version feature growth in a public GitHub monorepo; files are source maps, bundles, and TypeScript sources — no suspicious content. ai
maintainer-change maintainer-removed AI (maintainer-change): jaredpalmer stepping back from active SDK maintenance is consistent with known Vercel team changes; no compromise indicators. ai
source-diff source-size-tripled AI (source-diff): Size increase from v1.1.7 to v3.0.59 spans two major versions with substantial feature additions; no obfuscation or injection signals present. ai
maintainer-change maintainer-added AI (maintainer-change): New maintainers (matheuss, matt.straka) are Vercel engineers; publisher remains vercel-release-bot. Normal team evolution, not a takeover. ai
provenance no-provenance AI (provenance): vercel-release-bot is a well-established publisher with 1296 approved packages; lack of Sigstore provenance is not a meaningful risk signal here. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a first-party Vercel AI SDK package from the same monorepo; stable false positive for this package. ai

Versions (showing 100 of 459)

Hide prereleases
Version Deps Published
1.0.4 2 / 5
1.0.3 2 / 5
1.0.2 2 / 5
1.0.1 2 / 5
1.0.0 2 / 5
0.0.56 2 / 5
0.0.55 2 / 5
0.0.54 2 / 5
0.0.53 2 / 5
0.0.51 2 / 5
0.0.50 2 / 5
0.0.49 2 / 5
0.0.48 2 / 5
0.0.47 2 / 5
0.0.46 2 / 5
0.0.45 2 / 5
0.0.44 2 / 5
0.0.43 2 / 5
0.0.42 2 / 5
0.0.41 2 / 5
0.0.40 2 / 5
0.0.39 2 / 5
0.0.38 2 / 5
0.0.37 2 / 5
0.0.36 2 / 5
0.0.35 2 / 5
0.0.34 2 / 5
0.0.33 2 / 5
0.0.32 2 / 5
0.0.31 2 / 5
0.0.30 2 / 5
0.0.29 2 / 5
0.0.28 2 / 5
0.0.27 2 / 5
0.0.26 2 / 5
0.0.25 2 / 5
0.0.24 2 / 5
0.0.23 2 / 5
0.0.22 2 / 5
0.0.21 2 / 5
0.0.20 2 / 5
0.0.19 2 / 5
0.0.18 2 / 5
0.0.17 2 / 5
0.0.16 2 / 5
0.0.15 2 / 5
0.0.14 2 / 5
0.0.13 2 / 5
0.0.12 2 / 5
0.0.11 2 / 5
0.0.10 2 / 5
0.0.9 2 / 5
0.0.8 2 / 5
0.0.7 2 / 5
0.0.6 2 / 5
0.0.5 2 / 5
0.0.4 2 / 5
0.0.3 2 / 5
0.0.2 2 / 5
0.0.1 2 / 5
0.0.0 2 / 5
4.0.0-beta.9 2 / 6
4.0.0-beta.8 2 / 6
4.0.0-beta.7 2 / 6
4.0.0-beta.6 2 / 6
4.0.0-beta.5 2 / 6
4.0.0-beta.4 2 / 6
4.0.0-beta.37 2 / 6
4.0.0-beta.36 2 / 6
4.0.0-beta.35 2 / 6
4.0.0-beta.34 2 / 6
4.0.0-beta.33 2 / 6
4.0.0-beta.32 2 / 6
4.0.0-beta.31 2 / 6
4.0.0-beta.3 2 / 6
4.0.0-beta.29 2 / 6
4.0.0-beta.28 2 / 6
4.0.0-beta.27 2 / 6
4.0.0-beta.26 2 / 6
4.0.0-beta.25 2 / 6
4.0.0-beta.24 2 / 6
4.0.0-beta.23 2 / 6
4.0.0-beta.22 2 / 6
4.0.0-beta.21 2 / 6
4.0.0-beta.2 2 / 6
4.0.0-beta.19 2 / 6
4.0.0-beta.18 2 / 6
4.0.0-beta.17 2 / 6
4.0.0-beta.16 2 / 6
4.0.0-beta.15 2 / 6
4.0.0-beta.14 2 / 6
4.0.0-beta.13 2 / 6
4.0.0-beta.12 2 / 6
4.0.0-beta.11 2 / 6
4.0.0-beta.10 2 / 6
4.0.0-beta.1 2 / 6
4.0.0-beta.0 2 / 6
3.0.0-beta.98 2 / 6
3.0.0-beta.97 2 / 6
3.0.0-beta.96 2 / 6
Showing 100 of 459 Next page →

v4.0.0-beta.37

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.34

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.31

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.29

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.28

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.25

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.24

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.