← Home

@ai-sdk/gateway

npm Repository Homepage

The Gateway provider for the [AI SDK](https://ai-sdk.dev/docs) allows the use of a wide variety of AI models and providers.

51
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Vercel migrated from vercel-release-bot to GitHub Actions; both are CI publishers for the same org. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get() usage is in a test file (gateway-provider.test.ts) to inspect internal model config — a standard testing pattern, not obfuscation in production code. ai
source-diff obfuscated-file:dist/index.d.mts AI (source-diff): TypeScript declaration file with long union type of model ID string literals, not obfuscation. Generated by tsup build from source. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo, published by the same trusted vercel-release-bot. Not a third-party risk. ai
provenance no-provenance AI (provenance): Vercel's release bot publishes without Sigstore provenance consistently; publisher trust and download volume provide sufficient confidence. ai

Versions (showing 51 of 254)

Show 125 prereleases View all versions
Version Deps Published
3.0.121 3 / 7
3.0.120 3 / 7
3.0.119 3 / 7
3.0.118 3 / 7
3.0.116 3 / 7
3.0.115 3 / 7
3.0.114 3 / 7
3.0.112 3 / 7
3.0.111 3 / 7
3.0.110 3 / 7
3.0.109 3 / 7
3.0.108 3 / 7
3.0.107 3 / 7
3.0.106 3 / 7
3.0.105 3 / 7
3.0.104 3 / 7
3.0.103 3 / 7
3.0.102 3 / 7
3.0.101 3 / 7
3.0.100 3 / 7
3.0.99 3 / 7
3.0.98 3 / 7
3.0.97 3 / 7
3.0.96 3 / 7
3.0.95 3 / 7
3.0.94 3 / 7
3.0.93 3 / 7
3.0.92 3 / 7
3.0.91 3 / 7
3.0.90 3 / 7
3.0.89 3 / 7
3.0.88 3 / 7
3.0.87 3 / 7
3.0.86 3 / 7
3.0.85 3 / 7
3.0.84 3 / 7
3.0.83 3 / 7
3.0.82 3 / 7
3.0.81 3 / 7
3.0.80 3 / 7
3.0.79 3 / 7
3.0.78 3 / 7
3.0.77 3 / 7
3.0.76 3 / 7
3.0.75 3 / 7
3.0.74 3 / 7
3.0.73 3 / 7
3.0.72 3 / 7
3.0.71 3 / 7
3.0.70 3 / 7
3.0.69 3 / 7

v3.0.121

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.120

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.119

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.118

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.116

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.115

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.114

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.112

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.111

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.110

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.109

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.108

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.107

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.106

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.105

2 findings
HIGH Publisher changed: vercel-release-bot → GitHub Actions (on 2026-04-29) provenance

This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.