← Home

@ai-sdk/openai

npm Repository Homepage

The **[OpenAI provider](https://ai-sdk.dev/providers/ai-sdk-providers/openai)** for the [AI SDK](https://ai-sdk.dev/docs) contains language model support for the OpenAI chat and completion APIs and embedding model support for the OpenAI embeddings API.

100
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

vercel-release-botmatheussmatt.straka

Keywords

ai

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
maintainer-change maintainer-takeover AI (maintainer-change): Transition from jaredpalmer to vercel-release-bot is a standard Vercel org move; bot has 458 approved packages and 1528-day history. ai
provenance missing-githead AI (provenance): Bot-based publishing from Vercel monorepo commonly omits gitHead; no security concern given trusted publisher. ai
provenance publisher-changed AI (provenance): Publisher change from jaredpalmer to vercel-release-bot is a legitimate Vercel organizational transition. ai
npm-metadata suspicious-initial-version AI (npm-metadata): 0.0.0 is a standard monorepo placeholder version in the Vercel AI SDK; 517 registry versions and 5.5M weekly downloads confirm this is a legitimate, established package. ai
provenance no-provenance AI (provenance): Established package from a trusted publisher (jaredpalmer/Vercel); lack of provenance is common for packages of this age and does not indicate risk. ai
source-diff large-new-source-files AI (source-diff): 60 new files consistent with major version adding new API surface; new large files are a language model implementation and documentation. ai
maintainer-change maintainer-added AI (maintainer-change): Vercel team roster changes are expected for an actively developed SDK; publisher remains vercel-release-bot with a strong track record. ai
maintainer-change maintainer-removed AI (maintainer-change): Removal of jaredpalmer reflects normal Vercel team evolution; no hostile takeover indicators given consistent bot publisher. ai
source-diff source-size-tripled AI (source-diff): Major version bump (v3→v4 beta) with new OpenAI Responses API implementation explains the 5.9x size increase; no obfuscated code flagged. ai
dependencies unvetted-dep:@ai-sdk/provider-utils AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo; it is always a dependency of @ai-sdk/openai and is not a third-party risk. ai

Versions (showing 100 of 529)

Hide prereleases
Version Deps Published
3.0.67 2 / 6
3.0.66 2 / 6
3.0.65 2 / 6
3.0.64 2 / 6
3.0.63 2 / 6
3.0.62 2 / 6
3.0.61 2 / 6
3.0.60 2 / 6
3.0.59 2 / 6
3.0.58 2 / 6
3.0.57 2 / 6
3.0.55 2 / 6
3.0.54 2 / 6
3.0.53 2 / 6
3.0.52 2 / 6
3.0.51 2 / 6
3.0.50 2 / 6
3.0.49 2 / 6
3.0.48 2 / 6
3.0.47 2 / 6
3.0.46 2 / 6
3.0.45 2 / 6
3.0.44 2 / 6
3.0.43 2 / 6
3.0.42 2 / 6
3.0.41 2 / 6
3.0.40 2 / 6
3.0.39 2 / 6
3.0.38 2 / 6
3.0.37 2 / 6
3.0.36 2 / 6
3.0.35 2 / 6
3.0.34 2 / 6
3.0.33 2 / 6
3.0.32 2 / 6
3.0.31 2 / 6
3.0.30 2 / 6
3.0.29 2 / 6
3.0.28 2 / 6
3.0.27 2 / 6
3.0.26 2 / 6
3.0.25 2 / 6
3.0.24 2 / 6
3.0.23 2 / 6
3.0.22 2 / 6
3.0.21 2 / 6
3.0.20 2 / 6
3.0.19 2 / 6
3.0.18 2 / 6
3.0.17 2 / 6
3.0.16 2 / 6
3.0.15 2 / 6
3.0.14 2 / 6
3.0.13 2 / 6
3.0.12 2 / 6
3.0.11 2 / 6
3.0.10 2 / 6
3.0.9 2 / 6
3.0.8 2 / 6
3.0.7 2 / 6
3.0.6 2 / 6
3.0.5 2 / 6
3.0.4 2 / 6
3.0.3 2 / 6
3.0.2 2 / 6
3.0.1 2 / 6
3.0.0 2 / 6
2.0.106 2 / 6
2.0.105 2 / 6
2.0.104 2 / 6
2.0.103 2 / 6
2.0.102 2 / 6
2.0.101 2 / 6
2.0.100 2 / 6
2.0.99 2 / 6
2.0.98 2 / 6
2.0.97 2 / 6
2.0.96 2 / 6
2.0.95 2 / 6
2.0.94 2 / 6
2.0.93 2 / 6
2.0.92 2 / 6
2.0.91 2 / 6
2.0.90 2 / 6
2.0.89 2 / 6
2.0.88 2 / 6
2.0.87 2 / 6
2.0.86 2 / 6
2.0.85 2 / 6
2.0.84 2 / 6
2.0.83 2 / 6
2.0.82 2 / 6
2.0.81 2 / 6
2.0.80 2 / 6
2.0.79 2 / 6
2.0.78 2 / 6
2.0.77 2 / 6
2.0.76 2 / 6
2.0.75 2 / 6
2.0.74 2 / 6
Showing 100 of 529 Next page →

v3.0.67

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.66

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.65

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.64

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.63

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.62

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.61

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.60

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.59

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.58

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.57

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.55

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v3.0.54

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

INFO Publisher changed: vercel-release-bot → GitHub Actions (on 2026-04-29) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.

v2.0.106

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.105

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.0.104

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.