@ai-sdk/anthropic — Greenflagged

The **[Anthropic provider](https://ai-sdk.dev/providers/ai-sdk-providers/anthropic)** for the [AI SDK](https://ai-sdk.dev/docs) contains language model support for the [Anthropic Messages API](https://docs.anthropic.com/claude/reference/messages_post).

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
semgrep	semgrep:base64-decode	AI (semgrep): Base64 decoding in this SDK is used to convert binary content (e.g., images) passed to the Anthropic API. This is standard, documented behavior for an AI provider SDK — not a malicious payload pattern.	ai	2026/04/21
provenance	publisher-changed	AI (provenance): Transition from jaredpalmer to vercel-release-bot is Vercel's standard CI/CD publish pattern; bot has 403 approved packages and 1528-day history.	ai	2026/04/21
provenance	missing-githead	AI (provenance): Consequence of moving to vercel-release-bot CI/CD pipeline; not a security concern for this well-established Vercel package.	ai	2026/04/21
npm-metadata	suspicious-initial-version	AI (npm-metadata): The @ai-sdk monorepo uses 0.0.0 as a standard placeholder version across all its packages. This is a known pattern for this publisher, not a malicious signal.	ai	2026/04/21
source-diff	large-new-source-files	AI (source-diff): 40 new files reflect major version feature growth in a public GitHub monorepo; files are source maps, bundles, and TypeScript sources — no suspicious content.	ai	2026/04/21
maintainer-change	maintainer-removed	AI (maintainer-change): jaredpalmer stepping back from active SDK maintenance is consistent with known Vercel team changes; no compromise indicators.	ai	2026/04/21
source-diff	source-size-tripled	AI (source-diff): Size increase from v1.1.7 to v3.0.59 spans two major versions with substantial feature additions; no obfuscation or injection signals present.	ai	2026/04/21
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers (matheuss, matt.straka) are Vercel engineers; publisher remains vercel-release-bot. Normal team evolution, not a takeover.	ai	2026/04/21
provenance	no-provenance	AI (provenance): vercel-release-bot is a well-established publisher with 1296 approved packages; lack of Sigstore provenance is not a meaningful risk signal here.	ai	2026/04/21
dependencies	unvetted-dep:@ai-sdk/provider-utils	AI (dependencies): @ai-sdk/provider-utils is a first-party Vercel AI SDK package from the same monorepo; stable false positive for this package.	ai	2026/04/21

Versions (showing 59 of 459)

Hide prereleases

Version	Deps	Published
2.0.0-canary.5	2 / 5	2025-04-10
2.0.0-canary.4	2 / 5	2025-04-09
2.0.0-canary.3	2 / 5	2025-04-09
2.0.0-canary.2	2 / 5	2025-04-07
2.0.0-canary.19	2 / 5	2025-05-15
2.0.0-canary.18	2 / 5	2025-05-14
2.0.0-canary.17	2 / 5	2025-05-12
2.0.0-canary.16	2 / 5	2025-05-07
2.0.0-canary.15	2 / 5	2025-05-05
2.0.0-canary.14	2 / 5	2025-05-02
2.0.0-canary.13	2 / 5	2025-04-29
2.0.0-canary.12	2 / 5	2025-04-25
2.0.0-canary.11	2 / 5	2025-04-24
2.0.0-canary.10	2 / 5	2025-04-23
2.0.0-canary.1	2 / 5	2025-04-05
2.0.0-canary.0	2 / 5	2025-04-03
2.0.0-beta.9	2 / 5	2025-07-25
2.0.0-beta.8	2 / 5	2025-07-18
2.0.0-beta.7	2 / 5	2025-07-17
2.0.0-beta.6	2 / 5	2025-07-15
2.0.0-beta.5	2 / 5	2025-07-10
2.0.0-beta.4	2 / 5	2025-07-07
2.0.0-beta.3	2 / 5	2025-06-27
2.0.0-beta.2	2 / 5	2025-06-25
2.0.0-beta.13	2 / 5	2025-07-31
2.0.0-beta.12	2 / 5	2025-07-30
2.0.0-beta.11	2 / 5	2025-07-29
2.0.0-beta.10	2 / 5	2025-07-28
2.0.0-beta.1	2 / 5	2025-06-24
2.0.0-alpha.9	2 / 5	2025-06-05
2.0.0-alpha.8	2 / 5	2025-06-02
2.0.0-alpha.7	2 / 5	2025-05-28
2.0.0-alpha.6	2 / 5	2025-05-28
2.0.0-alpha.4	2 / 5	2025-05-23
2.0.0-alpha.3	2 / 5	2025-05-20
2.0.0-alpha.2	2 / 5	2025-05-17
2.0.0-alpha.15	2 / 5	2025-06-18
2.0.0-alpha.14	2 / 5	2025-06-16
2.0.0-alpha.13	2 / 5	2025-06-13
2.0.0-alpha.12	2 / 5	2025-06-11
2.0.0-alpha.11	2 / 5	2025-06-10
2.0.0-alpha.10	2 / 5	2025-06-06
2.0.0-alpha.1	2 / 5	2025-05-16
1.0.0-canary.4	2 / 5	2024-11-08
1.0.0-canary.3	2 / 5	2024-11-07
1.0.0-canary.2	2 / 5	2024-11-07
1.0.0-canary.1	2 / 5	2024-11-06
1.0.0-canary.0	2 / 5	2024-11-06
0.0.0-fd764a60-20260114143805	2 / 6	2026-01-14
0.0.0-fbda7b18-20240815003233	2 / 5	2024-08-15
0.0.0-bf6e4b15-20260402200305	2 / 6	2026-04-02
0.0.0-b66d09a8-20260328011513	2 / 6	2026-03-28
0.0.0-98261322-20260122142521	2 / 6	2026-01-22
0.0.0-85f9a635-20240518005312	2 / 5	2024-05-18
0.0.0-70e0935a-20260114150030	2 / 6	2026-01-14
0.0.0-64aae7dd-20260114144918	2 / 6	2026-01-14
0.0.0-4115c213-20260122152721	2 / 6	2026-01-22
0.0.0-1c33ba03-20260114162300	2 / 6	2026-01-14
0.0.0-01d6317c-20260129172110	2 / 6	2026-01-29

v0.0.0-98261322-20260122142521

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.0-4115c213-20260122152721

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.0.0-01d6317c-20260129172110

1 finding

INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.