← Home

@ai-sdk/gateway

npm Repository Homepage

The Gateway provider for the [AI SDK](https://ai-sdk.dev/docs) allows the use of a wide variety of AI models and providers.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Vercel migrated from vercel-release-bot to GitHub Actions; both are CI publishers for the same org. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get() usage is in a test file (gateway-provider.test.ts) to inspect internal model config — a standard testing pattern, not obfuscation in production code. ai
source-diff obfuscated-file:dist/index.d.mts AI (source-diff): TypeScript declaration file with long union type of model ID string literals, not obfuscation. Generated by tsup build from source. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo, published by the same trusted vercel-release-bot. Not a third-party risk. ai
provenance no-provenance AI (provenance): Vercel's release bot publishes without Sigstore provenance consistently; publisher trust and download volume provide sufficient confidence. ai

Versions (showing 100 of 379)

Hide prereleases
Version Deps Published
2.0.11 3 / 6
2.0.10 3 / 6
2.0.9 3 / 6
2.0.8 3 / 6
2.0.7 3 / 6
2.0.6 3 / 6
2.0.5 3 / 5
2.0.4 3 / 5
2.0.3 3 / 5
2.0.2 3 / 5
2.0.1 3 / 5
2.0.0 3 / 5
1.0.41 3 / 5
1.0.40 3 / 5
1.0.39 3 / 5
1.0.38 3 / 5
1.0.37 3 / 5
1.0.36 3 / 5
1.0.35 3 / 5
1.0.34 3 / 5
1.0.33 3 / 5
1.0.32 2 / 5
1.0.31 2 / 5
1.0.30 2 / 5
1.0.29 2 / 5
1.0.28 2 / 5
1.0.27 2 / 5
1.0.26 2 / 5
1.0.25 2 / 5
1.0.24 2 / 5
1.0.23 2 / 5
1.0.22 2 / 5
1.0.21 2 / 5
1.0.20 2 / 5
1.0.19 2 / 5
1.0.18 2 / 5
1.0.17 2 / 5
1.0.16 2 / 5
1.0.15 2 / 5
1.0.14 2 / 5
1.0.13 2 / 5
1.0.12 2 / 5
1.0.11 2 / 5
1.0.10 2 / 5
1.0.9 2 / 5
1.0.8 2 / 5
1.0.7 2 / 5
1.0.6 2 / 5
1.0.5 2 / 5
1.0.4 2 / 5
1.0.3 2 / 5
1.0.2 2 / 5
1.0.1 2 / 5
1.0.0 2 / 5
4.0.0-beta.9 3 / 7
4.0.0-beta.8 3 / 7
4.0.0-beta.7 3 / 7
4.0.0-beta.62 3 / 7
4.0.0-beta.61 3 / 7
4.0.0-beta.60 3 / 7
4.0.0-beta.6 3 / 7
4.0.0-beta.59 3 / 7
4.0.0-beta.58 3 / 7
4.0.0-beta.57 3 / 7
4.0.0-beta.55 3 / 7
4.0.0-beta.54 3 / 7
4.0.0-beta.53 3 / 7
4.0.0-beta.52 3 / 7
4.0.0-beta.51 3 / 7
4.0.0-beta.50 3 / 7
4.0.0-beta.5 3 / 7
4.0.0-beta.49 3 / 7
4.0.0-beta.48 3 / 7
4.0.0-beta.47 3 / 7
4.0.0-beta.46 3 / 7
4.0.0-beta.45 3 / 7
4.0.0-beta.44 3 / 7
4.0.0-beta.43 3 / 7
4.0.0-beta.42 3 / 7
4.0.0-beta.41 3 / 7
4.0.0-beta.40 3 / 7
4.0.0-beta.4 3 / 7
4.0.0-beta.39 3 / 7
4.0.0-beta.38 3 / 7
4.0.0-beta.36 3 / 7
4.0.0-beta.35 3 / 7
4.0.0-beta.34 3 / 7
4.0.0-beta.33 3 / 7
4.0.0-beta.32 3 / 7
4.0.0-beta.31 3 / 7
4.0.0-beta.30 3 / 7
4.0.0-beta.3 3 / 7
4.0.0-beta.29 3 / 7
4.0.0-beta.28 3 / 7
4.0.0-beta.27 3 / 7
4.0.0-beta.26 3 / 7
4.0.0-beta.25 3 / 7
4.0.0-beta.24 3 / 7
4.0.0-beta.23 3 / 7
4.0.0-beta.22 3 / 7
Showing 100 of 379 Next page →

v4.0.0-beta.9

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.8

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.7

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.62

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.61

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.60

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.6

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.59

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.58

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.57

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.55

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.54

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.53

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.52

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.51

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.50

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.5

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.49

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.48

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.47

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.46

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.45

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.44

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.43

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.42

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.41

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.40

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.4

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.39

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.38

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.34

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.32

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.31

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.30

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.3

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.29

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.28

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.25

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.24

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v4.0.0-beta.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.