Groq SDK (JS)

registrynpm

package namegroq-sdk

maintainerGroq

The Groq JavaScript SDK provides access to the Groq LPU inference cloud, which runs Llama 3, Mixtral, and other open-weight models at high speed. It is used in latency-sensitive applications where fast inference is a requirement. Like other LLM SDKs, it reads the Groq API key from environment variables.

api usage

Checking Groq SDK (JS)

groq-sdk 0.5.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=groq-sdk&version=0.5.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "groq-sdk",
  "version": "0.5.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Fast-inference API SDK packages are often used in real-time applications where any latency anomaly from a compromised version would be immediately noticed, but a passive credential harvest at module load time would not.

Attestd monitors groq-sdk using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages OpenAI SDK (JS)Vercel AI SDK Response fields