Homepage

@anthropic-ai/sdk@0.82.0

The official TypeScript library for the Anthropic API

  • latest version

    0.92.0

  • latest non vulnerable version

    0.92.0

  • first published

    3 years ago

  • latest version published

    1 days ago

  • licenses detected

  • View sdk package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @anthropic-ai/sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Incorrect Permission Assignment for Critical Resource

    @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API

    Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the BetaLocalFilesystemMemoryTool that creates memory files and directories using the Node.js default modes (0o666 for files, 0o777 for directories). An attacker can access persisted agent state. In environments with a permissive umask (e.g. Docker, where umask is often 0o000) the attacker can modify sensitive memory files to influence subsequent model behavior.

    How to fix Incorrect Permission Assignment for Critical Resource?

    Upgrade @anthropic-ai/sdk to version 0.91.1 or higher.

    >=0.79.0 <0.91.1
    Go back to all versions of this package