OSV Malicious Advisory
scanned 2h ago · by OpenSSF/OSVOpenSSF/OSV advisory MAL-2026-10629 confirms this npm version as malicious. ai-pro-sdk@2.0.1 is advertised as a Vercel AI SDK provider for Claude via the Claude Agent SDK, but the published tarball ships no code: package.json declares main as./dist/index.js and files as dist/**/*, yet no dist/ directory is present, and the prepare script is a console.log no-op ('Build skipped...'). Alongside the expected @ai-sdk/provider and @anthropic-ai/claude-agent-sdk entries, package.json declares a...
Advisory
MAL-2026-10629
Source
OpenSSF Malicious Packages via OSV
Summary
Malicious code in ai-pro-sdk (npm)
Details
ai-pro-sdk@2.0.1 is advertised as a Vercel AI SDK provider for Claude via the Claude Agent SDK, but the published tarball ships no code: package.json declares main as./dist/index.js and files as dist/**/*, yet no dist/ directory is present, and the prepare script is a console.log no-op ('Build skipped...'). Alongside the expected @ai-sdk/provider and @anthropic-ai/claude-agent-sdk entries, package.json declares a runtime dependency on data-blockv@^1.0.1, a package unrelated to the advertised purpose and not referenced anywhere in the tarball or README. The net effect of npm install ai-pro-sdk is resolution and installation of data-blockv into the installer's node_modules; because the host package has no functional code, its only on-install effect is to pull this unrelated transitive dependency. This matches the dropper-shell shape where the lure package's advertised functionality is a cover and the actual code-execution surface lives in a sibling dependency name that has no legitimate reason to be present.
Decision reason
OpenSSF Malicious Packages via OSV confirms ai-pro-sdk@2.0.1 as malicious (MAL-2026-10629): Malicious code in ai-pro-sdk (npm)
References
Source & flagged code
0 flaggedNo flagged code excerpts are attached to this scan.
Findings
1 High
HighOsv Malicious Advisory