← Home

@ai-sdk/gateway

npm Repository Homepage

The Gateway provider for the [AI SDK](https://ai-sdk.dev/docs) allows the use of a wide variety of AI models and providers.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): Vercel migrated from vercel-release-bot to GitHub Actions; both are CI publishers for the same org. ai
semgrep semgrep:api-obfuscation-reflect AI (semgrep): Reflect.get() usage is in a test file (gateway-provider.test.ts) to inspect internal model config — a standard testing pattern, not obfuscation in production code. ai
source-diff obfuscated-file:dist/index.d.mts AI (source-diff): TypeScript declaration file with long union type of model ID string literals, not obfuscation. Generated by tsup build from source. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo, published by the same trusted vercel-release-bot. Not a third-party risk. ai
provenance no-provenance AI (provenance): Vercel's release bot publishes without Sigstore provenance consistently; publisher trust and download volume provide sufficient confidence. ai

Versions (showing 100 of 379)

Hide prereleases
Version Deps Published
3.0.19 3 / 7
3.0.18 3 / 7
3.0.17 3 / 7
3.0.16 3 / 6
3.0.15 3 / 6
3.0.14 3 / 6
3.0.13 3 / 6
3.0.12 3 / 6
3.0.11 3 / 6
3.0.10 3 / 6
3.0.9 3 / 6
3.0.8 3 / 6
3.0.7 3 / 6
3.0.6 3 / 6
3.0.5 3 / 6
3.0.4 3 / 6
3.0.3 3 / 6
3.0.2 3 / 6
3.0.1 3 / 6
3.0.0 3 / 6
2.0.94 3 / 7
2.0.93 3 / 7
2.0.91 3 / 7
2.0.89 3 / 7
2.0.88 3 / 7
2.0.87 3 / 7
2.0.86 3 / 7
2.0.85 3 / 7
2.0.84 3 / 7
2.0.83 3 / 7
2.0.82 3 / 7
2.0.80 3 / 7
2.0.79 3 / 7
2.0.78 3 / 7
2.0.77 3 / 7
2.0.76 3 / 7
2.0.75 3 / 7
2.0.74 3 / 7
2.0.73 3 / 7
2.0.72 3 / 7
2.0.71 3 / 7
2.0.70 3 / 7
2.0.69 3 / 7
2.0.68 3 / 7
2.0.67 3 / 7
2.0.66 3 / 7
2.0.65 3 / 7
2.0.64 3 / 7
2.0.63 3 / 7
2.0.62 3 / 7
2.0.61 3 / 7
2.0.60 3 / 7
2.0.59 3 / 7
2.0.58 3 / 7
2.0.57 3 / 7
2.0.56 3 / 7
2.0.55 3 / 7
2.0.54 3 / 7
2.0.53 3 / 7
2.0.52 3 / 7
2.0.51 3 / 7
2.0.50 3 / 7
2.0.49 3 / 7
2.0.48 3 / 7
2.0.47 3 / 7
2.0.46 3 / 7
2.0.45 3 / 7
2.0.44 3 / 6
2.0.43 3 / 6
2.0.42 3 / 6
2.0.41 3 / 6
2.0.40 3 / 6
2.0.39 3 / 6
2.0.38 3 / 6
2.0.37 3 / 6
2.0.36 3 / 6
2.0.35 3 / 6
2.0.34 3 / 6
2.0.33 3 / 6
2.0.32 3 / 6
2.0.31 3 / 6
2.0.30 3 / 6
2.0.29 3 / 6
2.0.28 3 / 6
2.0.27 3 / 6
2.0.26 3 / 6
2.0.25 3 / 6
2.0.24 3 / 6
2.0.23 3 / 6
2.0.22 3 / 6
2.0.21 3 / 6
2.0.20 3 / 6
2.0.19 3 / 6
2.0.18 3 / 6
2.0.17 3 / 6
2.0.16 3 / 6
2.0.15 3 / 6
2.0.14 3 / 6
2.0.13 3 / 6
2.0.12 3 / 6
Showing 100 of 379 Next page →

v2.0.94

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.93

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.91

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.89

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.88

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.87

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.86

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.85

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.84

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.83

2 findings
HIGH Publisher changed: vercel-release-bot → GitHub Actions (on 2026-04-29) provenance

This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.