@anthropic-ai/sdk
The official TypeScript library for the Anthropic API
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:index.d.ts | AI (source-diff): TypeScript declaration file with long import/export lines from codegen — not obfuscation. Standard for SDK packages. | ai | |
| source-diff | obfuscated-file:index.d.mts | AI (source-diff): TypeScript declaration file with long import/export lines from codegen — not obfuscation. Standard for SDK packages. | ai | |
| maintainer-change | maintainer-takeover | AI (maintainer-change): Legitimate org transition within Anthropic; new maintainers all have Anthropic-affiliated accounts and long npm history. | ai | |
| dependencies | unvetted-dep:prettier | AI (dependencies): prettier is a dev/formatting tool mistakenly placed in dependencies; it is not imported at runtime and poses no security risk for this package. | ai | |
| dependencies | unvetted-dep:eslint | AI (dependencies): eslint is a dev/lint tool mistakenly placed in dependencies; it is not imported at runtime and poses no security risk for this package. | ai | |
| phantom-deps | phantom-dep:eslint | AI (phantom-deps): eslint is a lint tool referenced only in config/scripts, not a runtime import. Phantom dep finding is expected and benign. | ai | |
| phantom-deps | phantom-dep:prettier | AI (phantom-deps): prettier is a formatting tool referenced only in config/scripts, not a runtime import. Phantom dep finding is expected and benign. | ai | |
| phantom-deps | phantom-dep:@fortaine/fetch-event-source | AI (phantom-deps): This is a legitimate runtime dependency for SSE streaming in the Anthropic SDK; phantom-dep detection may have missed the indirect import path. | ai | |
| source-diff | obfuscated-file:resources/beta/beta.d.ts | AI (source-diff): TypeScript type definition file with long lines from union types and imports; not obfuscated code. | ai | |
| provenance | missing-githead | AI (provenance): gitHead absence reflects publish environment change, not code tampering; acceptable for org transition. | ai | |
| dependencies | unvetted-dep:@fortaine/fetch-event-source | AI (dependencies): @fortaine/fetch-event-source is a standard SSE library used for streaming API responses. Appropriate and expected dependency for the Anthropic SDK. | ai | |
| dependencies | unvetted-dep:cross-fetch | AI (dependencies): cross-fetch is a mature, widely-used Fetch API polyfill; legitimate dependency for cross-platform HTTP support in a TypeScript SDK. | ai | |
| source-diff | obfuscated-file:resources/beta/sessions/events.d.ts | AI (source-diff): TypeScript declaration files with long type unions are characteristic of auto-generated API type stubs, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:resources/beta/sessions/sessions.d.ts | AI (source-diff): TypeScript declaration files with long type unions are characteristic of auto-generated API type stubs, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:resources/beta/sessions/events.d.mts | AI (source-diff): TypeScript declaration files with long type unions are characteristic of auto-generated API type stubs, not malicious obfuscation. | ai | |
| source-diff | obfuscated-file:resources/beta/sessions/sessions.d.mts | AI (source-diff): TypeScript declaration files with long type unions are characteristic of auto-generated API type stubs, not malicious obfuscation. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decode utility is standard for an API SDK handling binary data and file uploads. The code is transparent and non-obfuscated; no malicious payload risk. | ai | |
| dependencies | unvetted-peer-dep:zod | AI (dependencies): Optional peer dependency; standard pattern for packages supporting but not requiring schema validation. | ai | |
| source-diff | obfuscated-file:resources/messages/messages.d.ts | AI (source-diff): TypeScript type definition file with long lines from union types and imports; not obfuscated code. | ai | |
| source-diff | obfuscated-file:resources/beta/messages/messages.d.ts | AI (source-diff): TypeScript declaration file with long import/type lines; normal for generated .d.ts aggregating type exports, not malicious obfuscation. | ai | |
| dependencies | unvetted-dep:json-schema-to-ts | AI (dependencies): json-schema-to-ts is a legitimate utility for JSON schema type generation; appropriate for SDK type support. | ai | |
| semgrep | semgrep:toplevel-fetch | AI (semgrep): Feature detection pattern for FormData support; checks constructor compatibility, not data exfiltration. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): Both zak-anthropic and jv-anthropic are Anthropic-affiliated accounts; legitimate organizational maintainer expansion. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher transition from jenan-anthropic to zak-anthropic is a legitimate Anthropic internal handoff; repository URL unchanged. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer removals are normal team changes; combined with additions, reflects expected SDK maintenance. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): New dependencies are all established HTTP/form-handling libraries; no suspicious additions. | ai | |
| semgrep | semgrep:etc-passwd-access | AI (semgrep): Code is a symlink attack prevention check, not credential harvesting. Defensive pattern documented in comments; stable false positive for this package. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase is explained by multi-runtime support and CHANGELOG; consistent with legitimate SDK growth. | ai | |
| source-diff | obfuscated-file:client.d.ts | AI (source-diff): TypeScript declaration file with long import lines; legitimate type definitions, not obfuscated code. | ai | |
| source-diff | obfuscated-file:client.d.mts | AI (source-diff): TypeScript declaration file with long import lines; legitimate type definitions, not obfuscated code. | ai | |
| source-diff | large-new-source-files | AI (source-diff): 151 new files reflect SDK expansion to support multiple runtimes (Node, browser, Deno, Bun, Workers). | ai | |
| phantom-deps | phantom-dep:@types/qs | AI (phantom-deps): TypeScript type definitions loaded by convention; expected for typed SDK. | ai | |
| dependencies | unvetted-dep:@types/qs | AI (dependencies): @types/qs is a standard TypeScript type definition package; unvetted status is expected for type packages. | ai | |
| dependencies | unvetted-dep:qs | AI (dependencies): qs is a well-established query string parser; appropriate for API SDK. | ai | |
| dependencies | unvetted-dep:@types/node-fetch | AI (dependencies): TypeScript types for node-fetch; stable for this package. | ai | |
| phantom-deps | phantom-dep:@types/node-fetch | AI (phantom-deps): Type definitions loaded by convention in TypeScript packages; standard practice for HTTP client SDK. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): Type definitions loaded by convention in TypeScript packages; standard practice for Node.js SDK. | ai | |
| dependencies | unvetted-dep:agentkeepalive | AI (dependencies): agentkeepalive is a standard HTTP agent library for connection pooling; expected in API SDKs. | ai | |
| dependencies | unvetted-dep:@types/node | AI (dependencies): TypeScript type definitions for Node.js; standard dev dependency for Node.js SDK. | ai | |
| dependencies | unvetted-dep:node-fetch | AI (dependencies): node-fetch is a standard, widely-used HTTP client; appropriate for SDK cross-platform support. | ai | |
| dependencies | unvetted-dep:form-data-encoder | AI (dependencies): form-data-encoder is a standard utility for encoding form data; stable for this package. | ai | |
| phantom-deps | phantom-dep:digest-fetch | AI (phantom-deps): Referenced in config; legitimate dependency for HTTP digest auth support. | ai | |
| dependencies | unvetted-dep:digest-fetch | AI (dependencies): digest-fetch is a legitimate HTTP client library; appropriate for SDK use. | ai | |
| provenance | no-provenance | AI (provenance): Provenance is a governance best-practice but absence does not indicate malice in established packages. | ai | |
| dependencies | unvetted-dep:web-streams-polyfill | AI (dependencies): web-streams-polyfill is an established, legitimate polyfill for cross-platform compatibility. | ai | |
| dependencies | unvetted-dep:formdata-node | AI (dependencies): formdata-node is a legitimate, widely-used HTTP form-data library; stable dependency for this SDK. | ai |
Versions (showing 100 of 169)
| Version | Deps | Published |
|---|---|---|
| 0.100.1 | 2 / 0 | |
| 0.100.0 | 2 / 0 | |
| 0.99.0 | 2 / 0 | |
| 0.98.1 | 2 / 0 | |
| 0.98.0 | 2 / 0 | |
| 0.97.1 | 2 / 0 | |
| 0.97.0 | 2 / 0 | |
| 0.96.0 | 2 / 0 | |
| 0.95.2 | 2 / 0 | |
| 0.95.1 | 2 / 0 | |
| 0.95.0 | 2 / 0 | |
| 0.94.0 | 1 / 0 | |
| 0.93.0 | 1 / 0 | |
| 0.92.0 | 1 / 0 | |
| 0.91.1 | 1 / 0 | |
| 0.91.0 | 1 / 0 | |
| 0.90.0 | 1 / 0 | |
| 0.89.0 | 1 / 0 | |
| 0.88.0 | 1 / 0 | |
| 0.87.0 | 1 / 0 | |
| 0.86.1 | 1 / 0 | |
| 0.86.0 | 1 / 0 | |
| 0.85.0 | 1 / 0 | |
| 0.84.0 | 1 / 0 | |
| 0.82.0 | 1 / 0 | |
| 0.81.0 | 1 / 0 | |
| 0.78.0 | 1 / 0 | |
| 0.77.0 | 1 / 0 | |
| 0.76.0 | 1 / 0 | |
| 0.75.0 | 1 / 0 | |
| 0.74.0 | 1 / 0 | |
| 0.73.0 | 1 / 0 | |
| 0.72.1 | 1 / 0 | |
| 0.72.0 | 1 / 0 | |
| 0.71.2 | 1 / 0 | |
| 0.71.1 | 1 / 0 | |
| 0.71.0 | 1 / 0 | |
| 0.70.1 | 1 / 0 | |
| 0.70.0 | 1 / 0 | |
| 0.69.0 | 1 / 0 | |
| 0.68.0 | 1 / 0 | |
| 0.67.1 | 1 / 0 | |
| 0.67.0 | 1 / 0 | |
| 0.66.0 | 1 / 0 | |
| 0.65.0 | 1 / 0 | |
| 0.64.0 | 1 / 0 | |
| 0.63.1 | 1 / 0 | |
| 0.63.0 | 1 / 0 | |
| 0.62.0 | 0 / 0 | |
| 0.61.0 | 0 / 0 | |
| 0.60.0 | 0 / 0 | |
| 0.59.0 | 0 / 0 | |
| 0.58.0 | 0 / 0 | |
| 0.57.0 | 0 / 0 | |
| 0.56.0 | 0 / 0 | |
| 0.55.1 | 0 / 0 | |
| 0.55.0 | 0 / 0 | |
| 0.54.0 | 0 / 0 | |
| 0.53.0 | 0 / 0 | |
| 0.52.0 | 0 / 0 | |
| 0.51.0 | 0 / 0 | |
| 0.50.4 | 0 / 0 | |
| 0.50.3 | 0 / 0 | |
| 0.50.2 | 0 / 0 | |
| 0.50.1 | 0 / 0 | |
| 0.41.0 | 7 / 0 | |
| 0.40.1 | 7 / 0 | |
| 0.40.0 | 7 / 0 | |
| 0.39.0 | 7 / 0 | |
| 0.38.0 | 7 / 0 | |
| 0.37.0 | 7 / 0 | |
| 0.36.3 | 7 / 0 | |
| 0.36.2 | 7 / 0 | |
| 0.35.0 | 7 / 0 | |
| 0.33.1 | 7 / 0 | |
| 0.33.0 | 7 / 0 | |
| 0.32.1 | 7 / 0 | |
| 0.32.0 | 7 / 0 | |
| 0.31.0 | 7 / 0 | |
| 0.30.1 | 7 / 0 | |
| 0.30.0 | 7 / 0 | |
| 0.29.2 | 7 / 0 | |
| 0.29.1 | 7 / 0 | |
| 0.29.0 | 7 / 0 | |
| 0.28.0 | 7 / 0 | |
| 0.27.3 | 7 / 0 | |
| 0.27.2 | 7 / 0 | |
| 0.27.1 | 7 / 0 | |
| 0.27.0 | 7 / 0 | |
| 0.26.1 | 7 / 0 | |
| 0.26.0 | 7 / 0 | |
| 0.25.2 | 7 / 0 | |
| 0.25.1 | 7 / 0 | |
| 0.25.0 | 7 / 0 | |
| 0.24.3 | 8 / 0 | |
| 0.24.2 | 8 / 0 | |
| 0.24.1 | 8 / 0 | |
| 0.24.0 | 8 / 0 | |
| 0.23.0 | 8 / 0 | |
| 0.22.0 | 8 / 0 |
v0.100.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.100.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.99.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.98.1
2 findingsPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
[Accepted risk] This version was published by a different npm account than previous versions on 2026-05-26. This could indicate a legitimate maintainer transition or an account compromise.
v0.98.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.97.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.97.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.96.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.95.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.95.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.95.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.94.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.93.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.92.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.91.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.91.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.89.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.88.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.87.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.86.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.86.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.85.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.84.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.82.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.81.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.78.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.77.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.76.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.75.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.74.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.73.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.72.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.71.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.70.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.68.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.67.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.66.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.65.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v0.63.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.