ai
AI SDK by Vercel - build apps like ChatGPT, Claude, Gemini, and more with a single interface for any model using the Vercel AI Gateway or go direct to OpenAI, Anthropic, Google, or any other model provider.
Supply chain provenance
Status for the latest visible version.
Maintainers
Keywords
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): Size increase driven by large test file additions, not bundled/injected runtime payloads. Benign for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are test suites (.test.ts), consistent with expanding test coverage in a major SDK. No injected runtime code. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Flagged URL (127.0.0.1:3000) is in a test fixture file, representing a localhost test server address. This is standard test code, not a real network request to a suspicious IP. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy is an artifact of comparing v6 against v4 baseline. The ai package is actively maintained by Vercel with 1155 versions; major version gaps are expected. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer removals are consistent with Vercel's organizational restructuring for a major v6 release. Publisher remains the official vercel-release-bot. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @ai-sdk/gateway is a first-party Vercel AI SDK package added as part of the v6 architecture. Not a suspicious third-party dependency. | ai | |
| dependencies | unvetted-dep:@ai-sdk/react | AI (dependencies): @ai-sdk/react is a first-party Vercel AI SDK package from the same monorepo; unvetted flag is expected and not a real risk. | ai | |
| osv | osv:GHSA-rwvc-j5jr-mgvh | AI (osv): Advisory affects 5.x versions only (< 5.0.52 and 5.1.0-beta range). Package [email protected] is not in the affected range; this finding is a false positive for the 4.x line. | ai | |
| dependencies | unvetted-dep:@ai-sdk/ui-utils | AI (dependencies): @ai-sdk/ui-utils is a first-party Vercel AI SDK package from the same monorepo; unvetted flag is expected and not a real risk. | ai | |
| typosquat | typosquat.levenshtein:hapi | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'hapi'. Short name matches are false positives for this well-known package. | ai | |
| dependencies | unvetted-dep:@opentelemetry/api | AI (dependencies): @opentelemetry/api is a well-known observability library; its use in an AI SDK for tracing is expected and benign. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'ajv'. Short name matches are false positives for this well-known package. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'joi'. Short name matches are false positives for this well-known package. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'qs'. Short name matches are false positives for this well-known package. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'pg'. Short name matches are false positives for this well-known package. | ai |
Versions (showing 51 of 302)
| Version | Deps | Published |
|---|---|---|
| 6.0.193 | 4 / 10 | |
| 6.0.192 | 4 / 10 | |
| 6.0.191 | 4 / 10 | |
| 6.0.190 | 4 / 10 | |
| 6.0.189 | 4 / 10 | |
| 6.0.188 | 4 / 10 | |
| 6.0.187 | 4 / 10 | |
| 6.0.185 | 4 / 10 | |
| 6.0.184 | 4 / 10 | |
| 6.0.183 | 4 / 10 | |
| 6.0.182 | 4 / 10 | |
| 6.0.180 | 4 / 10 | |
| 6.0.178 | 4 / 10 | |
| 6.0.177 | 4 / 10 | |
| 6.0.176 | 4 / 10 | |
| 6.0.175 | 4 / 10 | |
| 6.0.174 | 4 / 10 | |
| 6.0.173 | 4 / 10 | |
| 6.0.172 | 4 / 10 | |
| 6.0.171 | 4 / 10 | |
| 6.0.170 | 4 / 10 | |
| 6.0.169 | 4 / 10 | |
| 6.0.168 | 4 / 10 | |
| 6.0.167 | 4 / 10 | |
| 6.0.166 | 4 / 10 | |
| 6.0.165 | 4 / 10 | |
| 6.0.164 | 4 / 10 | |
| 6.0.163 | 4 / 10 | |
| 6.0.162 | 4 / 10 | |
| 6.0.161 | 4 / 10 | |
| 6.0.160 | 4 / 10 | |
| 6.0.159 | 4 / 10 | |
| 6.0.158 | 4 / 10 | |
| 6.0.157 | 4 / 10 | |
| 6.0.156 | 4 / 10 | |
| 6.0.155 | 4 / 10 | |
| 6.0.154 | 4 / 10 | |
| 6.0.153 | 4 / 10 | |
| 6.0.152 | 4 / 10 | |
| 6.0.151 | 4 / 10 | |
| 6.0.150 | 4 / 10 | |
| 6.0.149 | 4 / 10 | |
| 6.0.148 | 4 / 10 | |
| 6.0.147 | 4 / 10 | |
| 6.0.146 | 4 / 10 | |
| 6.0.145 | 4 / 10 | |
| 6.0.144 | 4 / 10 | |
| 6.0.143 | 4 / 10 | |
| 6.0.142 | 4 / 10 | |
| 6.0.141 | 4 / 10 | |
| 6.0.140 | 4 / 10 |
v6.0.193
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.192
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.191
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.190
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.189
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.188
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.187
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.185
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.184
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.183
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.182
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.180
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.178
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.177
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.176
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.175
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.174
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.173
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.172
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.171
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.170
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.169
2 findingsThis version was published by a different npm account than previous versions on 2026-04-29. This could indicate a legitimate maintainer transition or an account compromise.
Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.0.167
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.166
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.165
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.164
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.163
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.162
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.161
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.160
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.159
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.158
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.157
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.156
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.155
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.154
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.153
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.152
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.151
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.150
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.149
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.148
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.147
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.146
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.145
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.144
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.143
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.142
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.141
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v6.0.140
1 findingPackage was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.