Identifying Supply Chain Risks in the Anthropic SDK Dependency Tree
These articles are AI-generated summaries. Please check the original sources for full details.
The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Are Not.
The @anthropic-ai/sdk appears healthy with 14 maintainers, but its runtime relies on dependencies managed by single individuals. Depth-2 audits reveal that json-schema-to-ts serves 15 million weekly downloads with only one maintainer. This configuration matches the specific attack profile that compromised LiteLLM and axios in March 2026.
Why This Matters
Standard tools like npm audit focus on known CVEs, failing to flag behavioral risks such as single-maintainer bottlenecks or inactive projects that have become load-bearing infrastructure. This creates a gap where a package appears secure at the surface while its deep-tree dependencies are vulnerable to social engineering or account takeovers. When utility packages like json-schema-to-ts are shipped as runtime dependencies, any compromise immediately impacts production environments of all downstream users.
Key Insights
- The @anthropic-ai/sdk depends on json-schema-to-ts, which has one maintainer and 14.9M weekly downloads, flagged as CRITICAL risk (2026).
- ts-algebra, a depth-2 dependency, shows no releases in over 12 months despite 12.3M weekly downloads (2026).
- The LiteLLM compromise in March 2026 originated from a backdoored Trivy GitHub Action in the CI pipeline.
- ua-parser-js (CVE-2021-4229) demonstrated the risk of credential compromise in high-volume packages with single maintainers (2021).
- Express.js contains escape-html at depth 2, which has a low health score of 39 and no releases in over 13 months.
- Packages like husky in the vercel/ai tree are flagged as CRITICAL due to a single maintainer managing 24.6M downloads per week.
Working Examples
Scanning the full dependency tree at depth 2 using the Commit supply chain scanner API.
curl -X POST https://poc-backend.amdal-dev.workers.dev/api/graph/npm \
-H "Content-Type: application/json" \
-d '{"package": "@anthropic-ai/sdk", "depth": 2}'MCP configuration to add the supply chain scanner to AI-integrated editors like Claude Desktop or Cursor.
{
"mcpServers": {
"commit": {
"type": "streamable-http",
"url": "https://poc-backend.amdal-dev.workers.dev/mcp"
}
}
}Practical Applications
- SDK Implementation: Pin json-schema-to-ts to a verified version in production apps to prevent malicious routine updates from executing in Claude API environments.
- CI/CD Auditing: Monitor husky and other DevDependencies that run in CI pipelines, as they represent high-leverage attack surfaces despite not being runtime dependencies.
- Risk Visualization: Use depth-2 tree traversal to identify ‘load-bearing’ small packages that lack organizational backing or active maintenance.
References:
Continue reading
Next article
Choosing the Right Database: The 5-Question Architectural Test
Related Content
Auditing NPM Supply Chain Risk: Why High-Download Packages Face Critical Exposure
A zero-install audit of 25 top npm packages reveals that major tools like esbuild and Chalk rely on single maintainers despite 100M+ weekly downloads.
Automate Supply Chain Risk Audits with GitHub PR Comments
The Commit supply chain audit GitHub Action now flags critical risks directly in PR comments, identifying high-impact sole-maintainer dependencies.
Securing the npm Supply Chain: Lessons from the 2026 Axios Attack
The 2026 Axios supply chain attack compromised 83 million weekly downloads by exploiting legacy tokens to bypass SLSA provenance attestations.