ai
AI SDK by Vercel - build apps like ChatGPT, Claude, Gemini, and more with a single interface for any model using the Vercel AI Gateway or go direct to OpenAI, Anthropic, Google, or any other model provider.
2
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
No source commit
Maintainers
matheussrauchgmatt.strakavercel-release-botzeit-bot
Keywords
aivercelsdkllmmcptool-callingtoolsstructured-outputagentagenticgenerativegenaichatbotpromptinferencelanguage-modelstreamingopenaianthropicclaudegeminixaigrok
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | source-size-tripled | AI (source-diff): Size increase driven by large test file additions, not bundled/injected runtime payloads. Benign for this package. | ai | |
| source-diff | large-new-source-files | AI (source-diff): New files are test suites (.test.ts), consistent with expanding test coverage in a major SDK. No injected runtime code. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): Flagged URL (127.0.0.1:3000) is in a test fixture file, representing a localhost test server address. This is standard test code, not a real network request to a suspicious IP. | ai | |
| publish-pattern | dormant-publish | AI (publish-pattern): Dormancy is an artifact of comparing v6 against v4 baseline. The ai package is actively maintained by Vercel with 1155 versions; major version gaps are expected. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): Maintainer removals are consistent with Vercel's organizational restructuring for a major v6 release. Publisher remains the official vercel-release-bot. | ai | |
| publish-pattern | new-deps-added | AI (publish-pattern): @ai-sdk/gateway is a first-party Vercel AI SDK package added as part of the v6 architecture. Not a suspicious third-party dependency. | ai | |
| dependencies | unvetted-dep:@ai-sdk/react | AI (dependencies): @ai-sdk/react is a first-party Vercel AI SDK package from the same monorepo; unvetted flag is expected and not a real risk. | ai | |
| osv | osv:GHSA-rwvc-j5jr-mgvh | AI (osv): Advisory affects 5.x versions only (< 5.0.52 and 5.1.0-beta range). Package [email protected] is not in the affected range; this finding is a false positive for the 4.x line. | ai | |
| dependencies | unvetted-dep:@ai-sdk/ui-utils | AI (dependencies): @ai-sdk/ui-utils is a first-party Vercel AI SDK package from the same monorepo; unvetted flag is expected and not a real risk. | ai | |
| typosquat | typosquat.levenshtein:hapi | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'hapi'. Short name matches are false positives for this well-known package. | ai | |
| dependencies | unvetted-dep:@opentelemetry/api | AI (dependencies): @opentelemetry/api is a well-known observability library; its use in an AI SDK for tracing is expected and benign. | ai | |
| typosquat | typosquat.levenshtein:ajv | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'ajv'. Short name matches are false positives for this well-known package. | ai | |
| typosquat | typosquat.levenshtein:joi | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'joi'. Short name matches are false positives for this well-known package. | ai | |
| typosquat | typosquat.levenshtein:qs | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'qs'. Short name matches are false positives for this well-known package. | ai | |
| typosquat | typosquat.levenshtein:pg | AI (typosquat): 'ai' is the official Vercel AI SDK package name, not a typosquat of 'pg'. Short name matches are false positives for this well-known package. | ai |
v5.0.80
1 finding
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.
v4.1.16
2 findings
LOW
No provenance attestation
provenance
Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
LOW
GHSA-rwvc-j5jr-mgvh: Vercel’s AI SDK's filetype whitelists can be bypassed when uploading files
osv
CVSS 3.7 (LOW) — CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.