openai
The official TypeScript library for the OpenAI API
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| bogus-package | bogus-package | AI (bogus-package): Signals reflect a deliberate namespace placeholder stub for the official OpenAI SDK, not a spam or malicious package. Age, version count, and publisher track record confirm legitimacy. | ai | |
| npm-metadata | suspicious-initial-version | AI (npm-metadata): [email protected] is a long-standing namespace reservation stub (2113 days old, 354 versions in registry); the 0.0.0 version is not indicative of malicious intent here. | ai | |
| phantom-deps | phantom-dep:@types/qs | AI (phantom-deps): TypeScript @types packages are conventionally declared as deps without direct imports; stable pattern for the openai SDK. | ai | |
| dependencies | unvetted-dep:@types/qs | AI (dependencies): @types/qs is a standard TypeScript type definition package used alongside the qs runtime dep; no security concern for this package. | ai | |
| provenance | no-provenance | AI (provenance): Official OpenAI SDK with long history and strong ecosystem trust; lack of Sigstore provenance is not a meaningful risk signal here. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): OpenAI is migrating maintainer accounts from personal to org-scoped npm accounts (e.g., fouad → fouad-openai). This pattern is consistent across their releases and is not indicative of a takeover. | ai | |
| dependencies | unvetted-dep:node-fetch | AI (dependencies): node-fetch is a standard HTTP client; legitimate dependency for API client library. | ai | |
| phantom-deps | phantom-dep:@types/node | AI (phantom-deps): Type definitions loaded by convention in TypeScript packages; stable for this package. | ai | |
| phantom-deps | phantom-dep:@types/node-fetch | AI (phantom-deps): Type definitions loaded by convention in TypeScript packages; stable for this package. | ai | |
| source-diff | obfuscated-file:resources/realtime/realtime.d.ts | AI (source-diff): TypeScript declaration file with verbose JSDoc comments for Realtime API types; long lines are type definitions, not obfuscation. False positive for this SDK. | ai | |
| source-diff | obfuscated-file:resources/realtime/realtime.d.mts | AI (source-diff): TypeScript declaration file with verbose JSDoc comments for Realtime API types; long lines are type definitions, not obfuscation. False positive for this SDK. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): All new maintainers (easong-openai, aibrahim-openai, apcha-oai, victor-openai, seratch-openai, gabor-openai) follow OpenAI's internal account naming convention. Consistent with team expansion. | ai | |
| provenance | publisher-changed | AI (provenance): All publisher/maintainer accounts follow the *-openai naming convention, consistent with OpenAI's internal team rotation. Legitimate organizational handoff pattern for this package. | ai | |
| semgrep | semgrep:shady-links-raw-ip | AI (semgrep): The IP 169.254.169.254 is the Azure IMDS endpoint for managed identity token acquisition — a documented, standard Azure cloud integration pattern in the OpenAI SDK's auth module. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding of embedding vectors is legitimate API client functionality; no malicious intent. | ai |
Versions (showing 100 of 342)
| Version | Deps | Published |
|---|---|---|
| 6.39.1 | 0 / 0 | |
| 6.39.0 | 0 / 0 | |
| 6.38.0 | 0 / 0 | |
| 6.37.0 | 0 / 0 | |
| 6.36.0 | 0 / 0 | |
| 6.35.0 | 0 / 0 | |
| 6.34.0 | 0 / 0 | |
| 6.33.0 | 0 / 0 | |
| 6.32.0 | 0 / 0 | |
| 6.31.0 | 0 / 0 | |
| 6.30.1 | 0 / 0 | |
| 6.29.0 | 0 / 0 | |
| 6.28.0 | 0 / 0 | |
| 6.27.0 | 0 / 0 | |
| 6.26.0 | 0 / 0 | |
| 6.25.0 | 0 / 0 | |
| 6.24.0 | 0 / 0 | |
| 6.23.0 | 0 / 0 | |
| 6.22.0 | 0 / 0 | |
| 6.21.0 | 0 / 0 | |
| 6.20.0 | 0 / 0 | |
| 6.19.0 | 0 / 0 | |
| 6.18.0 | 0 / 0 | |
| 6.17.0 | 0 / 0 | |
| 6.16.0 | 0 / 0 | |
| 6.15.0 | 0 / 0 | |
| 6.14.0 | 0 / 0 | |
| 6.13.0 | 0 / 0 | |
| 6.10.0 | 0 / 0 | |
| 6.9.1 | 0 / 0 | |
| 6.9.0 | 0 / 0 | |
| 6.8.1 | 0 / 0 | |
| 6.8.0 | 0 / 0 | |
| 6.7.0 | 0 / 0 | |
| 6.6.0 | 0 / 0 | |
| 6.5.0 | 0 / 0 | |
| 6.4.0 | 0 / 0 | |
| 6.3.0 | 0 / 0 | |
| 6.2.0 | 0 / 0 | |
| 6.1.0 | 0 / 0 | |
| 6.0.1 | 0 / 0 | |
| 6.0.0 | 0 / 0 | |
| 5.23.2 | 0 / 0 | |
| 5.23.1 | 0 / 0 | |
| 5.23.0 | 0 / 0 | |
| 5.22.1 | 0 / 0 | |
| 5.22.0 | 0 / 0 | |
| 5.21.0 | 0 / 0 | |
| 5.20.3 | 0 / 0 | |
| 5.20.2 | 0 / 0 | |
| 5.20.1 | 0 / 0 | |
| 5.20.0 | 0 / 0 | |
| 5.19.1 | 0 / 0 | |
| 5.19.0 | 0 / 0 | |
| 5.18.1 | 0 / 0 | |
| 5.18.0 | 0 / 0 | |
| 5.16.0 | 0 / 0 | |
| 5.15.0 | 0 / 0 | |
| 5.13.1 | 0 / 0 | |
| 5.12.2 | 0 / 0 | |
| 5.12.1 | 0 / 0 | |
| 5.12.0 | 0 / 0 | |
| 5.11.0 | 0 / 0 | |
| 5.10.3 | 0 / 0 | |
| 5.10.2 | 0 / 0 | |
| 5.10.1 | 0 / 0 | |
| 5.10.0 | 0 / 0 | |
| 5.9.2 | 0 / 0 | |
| 5.9.1 | 0 / 0 | |
| 5.9.0 | 0 / 0 | |
| 5.8.4 | 0 / 0 | |
| 5.8.3 | 0 / 0 | |
| 5.8.2 | 0 / 0 | |
| 5.8.1 | 0 / 0 | |
| 5.8.0 | 0 / 0 | |
| 5.7.0 | 0 / 0 | |
| 5.6.0 | 0 / 0 | |
| 5.5.1 | 0 / 0 | |
| 5.5.0 | 0 / 0 | |
| 5.4.0 | 0 / 0 | |
| 5.3.0 | 0 / 0 | |
| 5.2.0 | 0 / 0 | |
| 5.1.1 | 0 / 0 | |
| 5.1.0 | 0 / 0 | |
| 5.0.2 | 0 / 0 | |
| 5.0.1 | 0 / 0 | |
| 5.0.0 | 0 / 0 | |
| 4.104.0 | 7 / 0 | |
| 4.103.0 | 7 / 0 | |
| 4.102.0 | 7 / 0 | |
| 4.101.0 | 7 / 0 | |
| 4.100.0 | 7 / 0 | |
| 4.99.0 | 7 / 0 | |
| 4.98.0 | 7 / 0 | |
| 4.97.0 | 7 / 0 | |
| 4.96.2 | 7 / 0 | |
| 4.96.1 | 7 / 0 | |
| 4.96.0 | 7 / 0 | |
| 4.95.1 | 7 / 0 | |
| 4.95.0 | 7 / 0 |
v6.39.1
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.39.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.38.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.37.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.36.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v6.35.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v4.104.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.102.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.101.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.99.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.98.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.97.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.96.2
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.96.1
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.
v4.96.0
1 finding[Accepted risk] Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.