Skip to content

smigolsmigol/llmkit

v0.8.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai ai-agents ai-gateway anthropic api-gateway budget-enforcement
+14 more
cloudflare-workers cost-estimation cost-tracking durable-objects llm llm-cost llm-observability llmkit mcp model-context-protocol openai python typescript vercel-ai-sdk

Affected surfaces

deps

Summary

AI summary

Disabled source maps in all npm packages to mitigate a security vulnerability.

Full changelog

What's new

  • Security: disabled source maps in all npm packages (same vulnerability class as Claude Code leak)
  • Deploy: proxy redeployed to CF Workers with 15 adapter fixes (Anthropic streaming, Gemini tools, AI SDK V3)
  • Packages: all 5 npm packages + Python SDK republished clean
  • Dashboard: keys page empty state, responsive grid fixes, code overflow fix
  • SDK: README expanded from 58 to 297 lines with full API coverage
  • Scorecard: CODEOWNERS, token permissions, download badges, FUNDING.yml
  • CI: version sync for server.json + manifest.json

Security Fixes

  • Disabled source maps in all npm packages — mitigates vulnerability similar to Claude Code leak
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track smigolsmigol/llmkit

Get notified when new releases ship.

Sign up free

About smigolsmigol/llmkit

AI API cost tracking and budget enforcement across 11 LLM providers. 6 tools for spend analytics, budget monitoring, session summaries, and key management.

All releases →

Related context

Beta — feedback welcome: [email protected]