@ai-sdk/openai
The **[OpenAI provider](https://ai-sdk.dev/providers/ai-sdk-providers/openai)** for the [AI SDK](https://ai-sdk.dev/docs) contains language model support for the OpenAI chat and completion APIs and embedding model support for the OpenAI embeddings API.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| maintainer-change | maintainer-takeover | AI (maintainer-change): Transition from jaredpalmer to vercel-release-bot is a standard Vercel org move; bot has 458 approved packages and 1528-day history. | ai | |
| provenance | missing-githead | AI (provenance): Bot-based publishing from Vercel monorepo commonly omits gitHead; no security concern given trusted publisher. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher change from jaredpalmer to vercel-release-bot is a legitimate Vercel organizational transition. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): 0.0.0 is a standard monorepo placeholder version in the Vercel AI SDK; 517 registry versions and 5.5M weekly downloads confirm this is a legitimate, established package. | ai | |
| provenance | no-provenance | AI (provenance): Established package from a trusted publisher (jaredpalmer/Vercel); lack of provenance is common for packages of this age and does not indicate risk. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 60 new files consistent with major version adding new API surface; new large files are a language model implementation and documentation. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Vercel team roster changes are expected for an actively developed SDK; publisher remains vercel-release-bot with a strong track record. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of jaredpalmer reflects normal Vercel team evolution; no hostile takeover indicators given consistent bot publisher. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Major version bump (v3→v4 beta) with new OpenAI Responses API implementation explains the 5.9x size increase; no obfuscated code flagged. | ai | |
| dependencies | unvetted-dep:@ai-sdk/provider-utils | AI (dependencies): @ai-sdk/provider-utils is a sibling package in the Vercel AI SDK monorepo; it is always a dependency of @ai-sdk/openai and is not a third-party risk. | ai |
Versions (showing 51 of 529)
| Version | Deps | Published |
|---|---|---|
| 3.0.67 | 2 / 6 | |
| 3.0.66 | 2 / 6 | |
| 3.0.65 | 2 / 6 | |
| 3.0.64 | 2 / 6 | |
| 3.0.63 | 2 / 6 | |
| 3.0.62 | 2 / 6 | |
| 3.0.61 | 2 / 6 | |
| 3.0.60 | 2 / 6 | |
| 3.0.59 | 2 / 6 | |
| 3.0.58 | 2 / 6 | |
| 3.0.57 | 2 / 6 | |
| 3.0.55 | 2 / 6 | |
| 3.0.54 | 2 / 6 | |
| 3.0.53 | 2 / 6 | |
| 3.0.52 | 2 / 6 | |
| 3.0.51 | 2 / 6 | |
| 3.0.50 | 2 / 6 | |
| 3.0.49 | 2 / 6 | |
| 3.0.48 | 2 / 6 | |
| 3.0.47 | 2 / 6 | |
| 3.0.46 | 2 / 6 | |
| 3.0.45 | 2 / 6 | |
| 3.0.44 | 2 / 6 | |
| 3.0.43 | 2 / 6 | |
| 3.0.42 | 2 / 6 | |
| 3.0.41 | 2 / 6 | |
| 3.0.40 | 2 / 6 | |
| 3.0.39 | 2 / 6 | |
| 3.0.38 | 2 / 6 | |
| 3.0.37 | 2 / 6 | |
| 3.0.36 | 2 / 6 | |
| 3.0.35 | 2 / 6 | |
| 3.0.34 | 2 / 6 | |
| 3.0.33 | 2 / 6 | |
| 3.0.32 | 2 / 6 | |
| 3.0.31 | 2 / 6 | |
| 3.0.30 | 2 / 6 | |
| 3.0.29 | 2 / 6 | |
| 3.0.28 | 2 / 6 | |
| 3.0.27 | 2 / 6 | |
| 3.0.26 | 2 / 6 | |
| 3.0.25 | 2 / 6 | |
| 3.0.24 | 2 / 6 | |
| 3.0.23 | 2 / 6 | |
| 3.0.22 | 2 / 6 | |
| 3.0.21 | 2 / 6 | |
| 3.0.20 | 2 / 6 | |
| 3.0.19 | 2 / 6 | |
| 3.0.18 | 2 / 6 | |
| 3.0.17 | 2 / 6 | |
| 3.0.16 | 2 / 6 |
v3.0.67
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.66
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.65
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.64
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.63
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.62
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.61
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.60
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.59
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.58
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.57
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.55
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v3.0.54
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.