Mistral SDK (JS)

registrynpm

package name@mistralai/mistralai

maintainerMistral AI

The Mistral AI JavaScript SDK provides access to Mistral Large, Mixtral, and codestral models from Node.js applications. It covers chat completions, function calling, and embeddings. It is used in Node.js backends that route requests to Mistral models for cost or capability reasons.

api usage

Checking Mistral SDK (JS)

@mistralai/mistralai 1.0.0 is a clean version with no known supply chain compromise. The response returns compromised: false with an empty sources array.

bash

curl "https://api.attestd.io/v1/check?product=%40mistralai%2Fmistralai&version=1.0.0" \
  -H "Authorization: Bearer YOUR_API_KEY"

json

{
  "product": "@mistralai/mistralai",
  "version": "1.0.0",
  "supported": true,
  "risk_state": "none",
  "supply_chain": {
    "compromised": false,
    "sources": [],
    "malware_type": null,
    "description": null,
    "advisory_url": null,
    "compromised_at": null,
    "removed_at": null
  },
  "last_updated": "2026-05-01T00:00:00Z"
}

attack surface

Why this package is monitored

Smaller LLM SDK packages receive less scrutiny than the major provider SDKs. A backdoored version could remain undetected for longer, particularly in projects that pin dependencies and update infrequently.

Attestd monitors @mistralai/mistralai using the following detection sources:

registry

Manually curated advisories in the Attestd registry, verified by a human analyst. Confidence 1.0.

osv

OSV.dev malicious-package advisories with IDs prefixed MAL-. Confidence 0.95.

npm_deprecation

npm package versions with deprecation messages containing targeted attack language such as malicious, backdoor, or compromised. Confidence 0.80.

Supply chain overview All npm packages OpenAI SDK (JS)Anthropic SDK (JS)Response fields