← Home

@ai-sdk/openai

npm Repository Homepage

The **[OpenAI provider](https://ai-sdk.dev/providers/ai-sdk-providers/openai)** for the [AI SDK](https://ai-sdk.dev/docs) contains language model support for the OpenAI chat and completion APIs and embedding model support for the OpenAI embeddings API.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-takeover AI (maintainer-change): Transition from jaredpalmer to vercel-release-bot is a standard Vercel org move; bot has 458 approved packages and 1528-day history. ai
provenance missing-githead AI (provenance): Bot-based publishing from Vercel monorepo commonly omits gitHead; no security concern given trusted publisher. ai
provenance publisher-changed AI (provenance): Publisher change from jaredpalmer to vercel-release-bot is a legitimate Vercel organizational transition. ai
npm-metadata suspicious-initial-version AI (npm-metadata): 0.0.0 is a standard monorepo placeholder version in the Vercel AI SDK; 517 registry versions and 5.5M weekly downloads confirm this is a legitimate, established package. ai
provenance no-provenance AI (provenance): Established package from a trusted publisher (jaredpalmer/Vercel); lack of provenance is common for packages of this age and does not indicate risk. ai
source-diff large-new-source-files AI (source-diff): 60 new files consistent with major version adding new API surface; new large files are a language model implementation and documentation. ai
maintainer-change maintainer-added AI (maintainer-change): Vercel team roster changes are expected for an actively developed SDK; publisher remains vercel-release-bot with a strong track record. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of jaredpalmer reflects normal Vercel team evolution; no hostile takeover indicators given consistent bot publisher. ai
source-diff source-size-tripled AI (source-diff): Major version bump (v3→v4 beta) with new OpenAI Responses API implementation explains the 5.9x size increase; no obfuscated code flagged. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo; it is always a dependency of @ai-sdk/openai and is not a third-party risk. ai

Versions (showing 100 of 529)

Hide prereleases
Version Deps Published
0.0.16 2 / 5
0.0.15 2 / 5
0.0.14 2 / 5
0.0.13 2 / 5
0.0.12 2 / 5
0.0.11 2 / 5
0.0.10 2 / 5
0.0.9 2 / 5
0.0.8 2 / 5
0.0.7 2 / 5
0.0.6 2 / 5
0.0.5 2 / 5
0.0.4 2 / 5
0.0.3 2 / 5
0.0.2 2 / 5
0.0.1 2 / 5
0.0.0 2 / 5
4.0.0-beta.9 2 / 6
4.0.0-beta.8 2 / 6
4.0.0-beta.7 2 / 6
4.0.0-beta.6 2 / 6
4.0.0-beta.5 2 / 6
4.0.0-beta.4 2 / 6
4.0.0-beta.38 2 / 6
4.0.0-beta.37 2 / 6
4.0.0-beta.36 2 / 6
4.0.0-beta.35 2 / 6
4.0.0-beta.34 2 / 6
4.0.0-beta.33 2 / 6
4.0.0-beta.32 2 / 6
4.0.0-beta.31 2 / 6
4.0.0-beta.30 2 / 6
4.0.0-beta.3 2 / 6
4.0.0-beta.29 2 / 6
4.0.0-beta.28 2 / 6
4.0.0-beta.27 2 / 6
4.0.0-beta.26 2 / 6
4.0.0-beta.25 2 / 6
4.0.0-beta.23 2 / 6
4.0.0-beta.22 2 / 6
4.0.0-beta.21 2 / 6
4.0.0-beta.20 2 / 6
4.0.0-beta.2 2 / 6
4.0.0-beta.19 2 / 6
4.0.0-beta.18 2 / 6
4.0.0-beta.17 2 / 6
4.0.0-beta.16 2 / 6
4.0.0-beta.15 2 / 6
4.0.0-beta.13 2 / 6
4.0.0-beta.12 2 / 6
4.0.0-beta.11 2 / 6
4.0.0-beta.10 2 / 6
4.0.0-beta.1 2 / 6
4.0.0-beta.0 2 / 6
3.0.0-beta.99 2 / 6
3.0.0-beta.98 2 / 6
3.0.0-beta.97 2 / 6
3.0.0-beta.96 2 / 6
3.0.0-beta.95 2 / 6
3.0.0-beta.94 2 / 6
3.0.0-beta.93 2 / 6
3.0.0-beta.92 2 / 6
3.0.0-beta.91 2 / 6
3.0.0-beta.90 2 / 6
3.0.0-beta.89 2 / 6
3.0.0-beta.88 2 / 6
3.0.0-beta.87 2 / 6
3.0.0-beta.86 2 / 6
3.0.0-beta.85 2 / 6
3.0.0-beta.84 2 / 6
3.0.0-beta.83 2 / 6
3.0.0-beta.82 2 / 6
3.0.0-beta.81 2 / 6
3.0.0-beta.80 2 / 6
3.0.0-beta.79 2 / 6
3.0.0-beta.78 2 / 6
3.0.0-beta.77 2 / 6
3.0.0-beta.76 2 / 6
3.0.0-beta.75 2 / 6
3.0.0-beta.74 2 / 6
3.0.0-beta.73 2 / 6
3.0.0-beta.72 2 / 6
3.0.0-beta.71 2 / 6
3.0.0-beta.70 2 / 6
3.0.0-beta.69 2 / 6
3.0.0-beta.68 2 / 6
3.0.0-beta.67 2 / 6
3.0.0-beta.66 2 / 6
3.0.0-beta.65 2 / 6
3.0.0-beta.64 2 / 6
3.0.0-beta.63 2 / 6
3.0.0-beta.62 2 / 6
3.0.0-beta.61 2 / 6
3.0.0-beta.60 2 / 6
3.0.0-beta.59 2 / 6
3.0.0-beta.58 2 / 6
3.0.0-beta.57 2 / 6
3.0.0-beta.56 2 / 6
3.0.0-beta.55 2 / 6
3.0.0-beta.54 2 / 6
Showing 100 of 529 Next page →

v4.0.0-beta.38

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.37

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.36

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.35

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.34

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.33

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.32

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.30

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.29

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.28

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.27

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.26

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.25

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.23

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.22

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.21

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.20

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.19

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.18

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.17

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v4.0.0-beta.16

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.