registry  /  @ai-sdk/provider-utils  /  5.0.9

@ai-sdk/provider-utils@5.0.9

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface. Networking is exposed as explicit utility functions for provider requests and downloads, with SSRF and header-forwarding mitigations.

Static reason
One or more suspicious static signals were detected.
Trigger
Consumer calls exported API, download, or WebSocket helpers.
Impact
No unconsented execution, persistence, credential harvesting, or exfiltration path established.
Mechanism
Caller-directed fetch and WebSocket transport utilities.
Rationale
The scanner's cloud-metadata signal comes from defensive URL and header blocklists, not metadata access. Source inspection shows a side-effect-free utility package with explicit, consumer-invoked networking and no concrete malicious chain.
Evidence
package.jsonsrc/validate-download-url.tssrc/fetch-with-validated-redirects.tssrc/sanitize-request-headers.tssrc/load-api-key.tssrc/post-to-api.ts

Decision evidence

public snapshot
AI called this Clean at 98.0% confidence as Benign with low false-positive risk.
Evidence for block
  • Runtime helpers issue caller-supplied HTTP requests and WebSocket connections.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • No child-process, filesystem-write, eval, VM, or dynamic module-loading code found outside type declarations.
  • `src/load-api-key.ts` and settings loaders read only explicitly named environment variables.
  • `src/validate-download-url.ts` blocks localhost, private/link-local IPv4, and private IPv6 targets.
  • `src/fetch-with-validated-redirects.ts` validates redirect hops and drops sensitive headers across origins.
  • `src/sanitize-request-headers.ts` removes cloud-metadata, cookie, proxy, and routing headers.
Behavioral surface
Source
EnvironmentVarsNetwork
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 139 file(s), 357 KB of source, external domains: json-schema.org

Source & flagged code

1 flagged · loading source
dist/index.jsView file
53L54: // src/websocket.ts L55: function getWebSocketConstructor(webSocket) { ... L70: } L71: var textDecoder = new TextDecoder(); L72: async function readWebSocketMessageText(data) { ... L238: if (file.type === "url") return file.url; L239: return `data:${file.mediaType};base64,${typeof file.data === "string" ? file.data : convertUint8ArrayToBase64(file.data)}`; L240: } ... L729: const ipv6 = hostname.slice(1, -1); L730: if (isPrivateIPv6(ipv6)) { L731: throw new DownloadError({
High
Cloud Metadata Access

Source reaches cloud instance metadata or link-local credential endpoints.

dist/index.jsView on unpkg · L53

Findings

1 High2 Medium3 Low
HighCloud Metadata Accessdist/index.js
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowHigh Entropy Strings
LowUrl Strings