supply chain / anthropic-ai-sdk

Anthropic SDK (JS)

registrynpm

package name@anthropic-ai/sdk

maintainerAnthropic

The official Anthropic JavaScript SDK for Node.js and browser environments, covering the Messages API, streaming, and tool use for the Claude model family. It is used in Next.js AI applications and serverless functions that route requests to Claude. Like its Python counterpart, it reads API keys from environment variables on load.

api usage

Checking Anthropic SDK (JS)

@anthropic-ai/sdk 0.26.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40anthropic-ai%2Fsdk&version=0.26.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@anthropic-ai/sdk",
  "version": "0.26.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

LLM SDK packages initialize their authentication state from environment variables during module load, before any application logic. A compromised package can harvest the API key at this point and exfiltrate it on the first network request.

Attestd monitors @anthropic-ai/sdk using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages OpenAI SDK (JS)LangChain (JS)Vercel AI SDK Response fields