@openai/agents-realtime

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

dylan-hurd-openaimoustafa-openaitylersmith-openaiatty-openaitibo-openaidkundel-openaimbolin-openaifouad-openaieasong-openaiaibrahim-openaiapcha-oaiseratch-openai

Keywords

openaiagentsaiagentic

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
dependencies	unvetted-dep:@openai/zod	AI (dependencies): @openai/zod is an npm alias for [email protected], a well-known validation library; stable false positive for this package.	ai	2026/05/30
maintainer-change	maintainer-removed	AI (maintainer-change): Removal of fouad alongside addition of fouad-openai is a routine account rename/rotation within OpenAI.	ai	2026/05/30
maintainer-change	maintainer-added	AI (maintainer-change): New maintainers are OpenAI employees (mbolin-openai, fouad-openai); consistent with internal team rotation.	ai	2026/05/30
source-diff	obfuscated-file:dist/bundle/index-Bz7G-f8o.mjs	AI (source-diff): Vite build bundle for browser export; minified but readable, stable pattern for this package.	ai	2026/05/20
source-diff	obfuscated-file:dist/bundle/agent-DfCGunwO.mjs	AI (source-diff): Vite build bundle for browser export; minified but readable, stable pattern for this package.	ai	2026/05/20
source-diff	obfuscated-file:dist/bundle/agent-CEsEfqN5.mjs	AI (source-diff): Vite-produced browser bundle; minified but not obfuscated. Stable for this package.	ai	2026/05/20
source-diff	obfuscated-file:dist/bundle/index-DpEWIpme.mjs	AI (source-diff): Vite-produced browser bundle; minified but not obfuscated. Stable for this package.	ai	2026/05/20
source-diff	obfuscated-file:dist/bundle/agent-Z1A04vnn.mjs	AI (source-diff): Vite-bundled output for browser entry point; minified but not obfuscated. Stable for this package.	ai	2026/05/20
source-diff	obfuscated-file:dist/bundle/index-BRSSFu1S.mjs	AI (source-diff): Vite-bundled output for browser entry point; minified but not obfuscated. Stable for this package.	ai	2026/05/20
source-diff	obfuscated-file:dist/bundle/index-BjYZ_Vs_.mjs	AI (source-diff): Vite-bundled output for browser entry; minification is expected for this package.	ai	2026/05/18
source-diff	obfuscated-file:dist/bundle/agent-D1GnyxTI.mjs	AI (source-diff): Vite-bundled output for browser entry; minification is expected for this package.	ai	2026/05/18
source-diff	obfuscated-file:dist/bundle/index-DN65-mSr.mjs	AI (source-diff): Vite bundle output for browser entry point; standard minification, not obfuscation.	ai	2026/05/18
source-diff	obfuscated-file:dist/bundle/agent-CPV0cGDP.mjs	AI (source-diff): Vite bundle output; readable minified code with no suspicious payloads.	ai	2026/05/18
source-diff	obfuscated-file:dist/bundle/agent-BDVhmhWN.mjs	AI (source-diff): Vite-bundled ESM output; minification is expected for this package's browser bundle target.	ai	2026/05/06
phantom-deps	phantom-dep:@types/ws	AI (phantom-deps): @types/ws is a type-only dep; not directly imported at runtime by design.	ai	2026/05/06
phantom-deps	phantom-dep:debug	AI (phantom-deps): debug is a runtime dep used via convention/indirect import in this SDK; stable false positive.	ai	2026/05/06
source-diff	obfuscated-file:dist/bundle/index-COJAV3H7.mjs	AI (source-diff): Vite-bundled ESM output; minification is expected for this package's browser bundle target.	ai	2026/05/06

Versions (showing 40 of 40)

Version	Deps	Published
0.11.4	4 / 3	2026-05-12
0.11.3	4 / 3	2026-05-11
0.11.2	4 / 3	2026-05-11
0.11.1	4 / 3	2026-05-09
0.10.1	4 / 3	2026-05-07
0.9.1	4 / 3	2026-05-06
0.8.5	4 / 3	2026-04-21
0.8.4	4 / 3	2026-04-20
0.8.3	4 / 3	2026-04-06
0.8.2	4 / 3	2026-03-31
0.4.0	4 / 3	2026-01-18
0.3.9	4 / 3	2026-01-16
0.3.8	4 / 3	2026-01-14
0.3.7	4 / 3	2025-12-19
0.3.6	4 / 3	2025-12-17
0.3.5	4 / 3	2025-12-15
0.3.4	4 / 3	2025-12-03
0.3.3	4 / 3	2025-11-21
0.3.2	4 / 3	2025-11-15
0.3.1	4 / 3	2025-11-14
0.3.0	4 / 3	2025-11-05
0.2.1	4 / 3	2025-10-25
0.2.0	4 / 3	2025-10-24
0.1.11	4 / 3	2025-10-22
0.1.10	4 / 3	2025-10-17
0.1.8	4 / 3	2025-10-01
0.1.7	4 / 3	2025-09-29
0.1.6	4 / 3	2025-09-26
0.1.5	4 / 3	2025-09-25
0.1.4	4 / 3	2025-09-22
0.1.3	4 / 3	2025-09-15
0.1.2	4 / 3	2025-09-12
0.1.1	4 / 3	2025-09-08
0.1.0	4 / 3	2025-08-28
0.0.17	4 / 3	2025-08-16
0.0.13	5 / 2	2025-07-23
0.0.4	4 / 2	2025-06-06
0.0.3	4 / 2	2025-06-05
0.0.2	4 / 2	2025-06-04
0.0.1	4 / 2	2025-06-03

v0.11.4

3 findings

HIGH New obfuscated file: dist/bundle/agent-Z1A04vnn.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundle/index-BRSSFu1S.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.3

3 findings

HIGH New obfuscated file: dist/bundle/agent-D1GnyxTI.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundle/index-BjYZ_Vs_.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.2

3 findings

HIGH New obfuscated file: dist/bundle/agent-CEsEfqN5.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundle/index-DpEWIpme.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.1

3 findings

HIGH New obfuscated file: dist/bundle/agent-DfCGunwO.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundle/index-Bz7G-f8o.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.1

3 findings

HIGH New obfuscated file: dist/bundle/agent-CPV0cGDP.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundle/index-DN65-mSr.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.1

3 findings

HIGH New obfuscated file: dist/bundle/agent-BDVhmhWN.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/bundle/index-COJAV3H7.mjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.8.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.2.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.11

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.10

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.17

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.13

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.