@langchain/openai
OpenAI integrations for LangChain.js
51
Versions
MIT
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
hwchase17jacoblee93basprouleric_langchainandrewnguonlydavidduongmaddyadamssam_noyeslangchain-securityandy-langchainrcasuphntrlchristian-bromann
Keywords
llmaigpt3chainpromptprompt engineeringchatgptmachine learningmlopenaiembeddingsvectorstores
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | missing-githead | AI (provenance): Alpha pre-release with restructured build pipeline; missing gitHead is a process artifact, not a supply chain indicator. Package metadata and repo URL are consistent with the official LangChain org. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major version restructuring (0.6.9 → 1.0.0-alpha.1) naturally introduces many new source files; new large files are source maps, expected build artifacts. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): 0.0.0 is a standard monorepo placeholder version for the LangChain.js workspace; not indicative of malicious intent for this well-established package. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed from human (hntrl) to GitHub Actions CI/CD with SLSA provenance — a deliberate supply chain security improvement for the langchain-ai org, not a compromise. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): New maintainers (andy-langchain, rcasup) are LangChain org members; addition is consistent with normal team growth at an active organization. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Removal of nfcampos alongside CI/CD migration is consistent with legitimate maintainer roster changes at the langchain-ai org. | ai |
Versions (showing 51 of 161)
| Version | Deps | Published |
|---|---|---|
| 1.4.7 | 3 / 14 | |
| 1.4.6 | 3 / 14 | |
| 1.4.5 | 3 / 14 | |
| 1.4.4 | 3 / 15 | |
| 1.4.3 | 3 / 15 | |
| 1.4.2 | 3 / 15 | |
| 1.4.1 | 3 / 18 | |
| 1.4.0 | 3 / 18 | |
| 1.3.1 | 3 / 18 | |
| 1.3.0 | 3 / 18 | |
| 1.2.13 | 3 / 18 | |
| 1.2.12 | 3 / 18 | |
| 1.2.11 | 3 / 18 | |
| 1.2.10 | 3 / 18 | |
| 1.2.9 | 3 / 18 | |
| 1.2.8 | 3 / 18 | |
| 1.2.7 | 3 / 18 | |
| 1.2.6 | 3 / 18 | |
| 1.2.5 | 3 / 18 | |
| 1.2.4 | 3 / 18 | |
| 1.2.3 | 3 / 18 | |
| 1.2.2 | 3 / 18 | |
| 1.2.1 | 3 / 18 | |
| 1.2.0 | 3 / 18 | |
| 1.1.3 | 3 / 16 | |
| 1.1.2 | 3 / 16 | |
| 1.1.1 | 3 / 16 | |
| 1.1.0 | 3 / 16 | |
| 1.0.0 | 3 / 16 | |
| 0.6.16 | 3 / 22 | |
| 0.6.15 | 3 / 22 | |
| 0.6.14 | 3 / 22 | |
| 0.6.13 | 3 / 22 | |
| 0.6.12 | 3 / 22 | |
| 0.6.11 | 3 / 22 | |
| 0.6.10 | 3 / 22 | |
| 0.6.9 | 3 / 22 | |
| 0.6.8 | 3 / 22 | |
| 0.6.7 | 3 / 22 | |
| 0.6.6 | 3 / 22 | |
| 0.6.5 | 3 / 22 | |
| 0.6.4 | 3 / 22 | |
| 0.6.3 | 3 / 22 | |
| 0.6.2 | 3 / 22 | |
| 0.6.1 | 3 / 22 | |
| 0.6.0 | 3 / 22 | |
| 0.5.18 | 3 / 22 | |
| 0.5.17 | 3 / 22 | |
| 0.5.16 | 3 / 22 | |
| 0.5.15 | 3 / 22 | |
| 0.5.14 | 3 / 22 |
v1.4.7
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.6
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v1.4.5
1 finding
INFO
Has SLSA provenance attestation
provenance
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.