← Home

@ai-sdk/openai

npm Repository Homepage

The **[OpenAI provider](https://ai-sdk.dev/providers/ai-sdk-providers/openai)** for the [AI SDK](https://ai-sdk.dev/docs) contains language model support for the OpenAI chat and completion APIs and embedding model support for the OpenAI embeddings API.

29
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-takeover AI (maintainer-change): Transition from jaredpalmer to vercel-release-bot is a standard Vercel org move; bot has 458 approved packages and 1528-day history. ai
provenance missing-githead AI (provenance): Bot-based publishing from Vercel monorepo commonly omits gitHead; no security concern given trusted publisher. ai
provenance publisher-changed AI (provenance): Publisher change from jaredpalmer to vercel-release-bot is a legitimate Vercel organizational transition. ai
npm-metadata suspicious-initial-version AI (npm-metadata): 0.0.0 is a standard monorepo placeholder version in the Vercel AI SDK; 517 registry versions and 5.5M weekly downloads confirm this is a legitimate, established package. ai
provenance no-provenance AI (provenance): Established package from a trusted publisher (jaredpalmer/Vercel); lack of provenance is common for packages of this age and does not indicate risk. ai
source-diff large-new-source-files AI (source-diff): 60 new files consistent with major version adding new API surface; new large files are a language model implementation and documentation. ai
maintainer-change maintainer-added AI (maintainer-change): Vercel team roster changes are expected for an actively developed SDK; publisher remains vercel-release-bot with a strong track record. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of jaredpalmer reflects normal Vercel team evolution; no hostile takeover indicators given consistent bot publisher. ai
source-diff source-size-tripled AI (source-diff): Major version bump (v3→v4 beta) with new OpenAI Responses API implementation explains the 5.9x size increase; no obfuscated code flagged. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo; it is always a dependency of @ai-sdk/openai and is not a third-party risk. ai

Versions (showing 29 of 529)

Hide prereleases
Version Deps Published
2.0.0-alpha.8 2 / 5
2.0.0-alpha.7 2 / 5
2.0.0-alpha.6 2 / 5
2.0.0-alpha.4 2 / 5
2.0.0-alpha.3 2 / 5
2.0.0-alpha.2 2 / 5
2.0.0-alpha.15 2 / 5
2.0.0-alpha.14 2 / 5
2.0.0-alpha.13 2 / 5
2.0.0-alpha.12 2 / 5
2.0.0-alpha.11 2 / 5
2.0.0-alpha.10 2 / 5
2.0.0-alpha.1 2 / 5
1.0.0-canary.3 2 / 5
1.0.0-canary.2 2 / 5
1.0.0-canary.1 2 / 5
1.0.0-canary.0 2 / 5
0.0.0-fd764a60-20260114143805 2 / 6
0.0.0-bf6e4b15-20260402200305 2 / 6
0.0.0-b66d09a8-20260328011513 2 / 6
0.0.0-98261322-20260122142521 2 / 6
0.0.0-85f9a635-20240518005312 2 / 5
0.0.0-70e0935a-20260114150030 2 / 6
0.0.0-64aae7dd-20260114144918 2 / 6
0.0.0-4115c213-20260122152721 2 / 6
0.0.0-2f1ae29d-20260122140908 2 / 6
0.0.0-1c33ba03-20260114162300 2 / 6
0.0.0-01d6317c-20260129172110 2 / 6
0.0.0-013d7476-20250808163325 2 / 5

v0.0.0-bf6e4b15-20260402200305

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.0.0-b66d09a8-20260328011513

1 finding
INFO No provenance attestation provenance

[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.