@ai-sdk/provider-utils 3.0.20 → 3.0.22

package/CHANGELOG.md

@@ -1,11 +1,28 @@
 # @ai-sdk/provider-utils
 
+## 3.0.22
+
+### Patch Changes
+
+- 6a2f01b: Add URL validation to `download` to prevent blind SSRF attacks. Private/internal IP addresses, localhost, and non-HTTP protocols are now rejected before fetching.
+- 17d64e3: fix(provider-utils): prevent unicode escape bypass in secureJsonParse
+
+## 3.0.21
+
+### Patch Changes
+
+- 20565b8: security: prevent unbounded memory growth in download functions
+
+  The `download()` and `downloadBlob()` functions now enforce a default 2 GiB size limit when downloading from user-provided URLs. Downloads that exceed this limit are aborted with a `DownloadError` instead of consuming unbounded memory and crashing the process. The `abortSignal` parameter is now passed through to `fetch()` in all download call sites.
+
+  Added `download` option to `transcribe()` and `experimental_generateVideo()` for providing a custom download function. Use the new `createDownload({ maxBytes })` factory to configure download size limits.
+
 ## 3.0.20
 
 ### Patch Changes
 
-- 4953414: fix: trigger new release for `@ai-v5` dist-tag
-- Updated dependencies [4953414]
+- 526fe8d: fix: trigger new release for `@ai-v5` dist-tag
+- Updated dependencies [526fe8d]
   - @ai-sdk/provider@2.0.1
 
 ## 3.0.19

package/dist/index.d.mts

@@ -1,4 +1,4 @@
-import { JSONParseError, TypeValidationError, JSONValue, APICallError, LanguageModelV2Prompt, JSONSchema7, SharedV2ProviderOptions, LanguageModelV2ToolResultOutput, LanguageModelV2ToolResultPart } from '@ai-sdk/provider';
+import { AISDKError, JSONParseError, TypeValidationError, JSONValue, APICallError, LanguageModelV2Prompt, JSONSchema7, SharedV2ProviderOptions, LanguageModelV2ToolResultOutput, LanguageModelV2ToolResultPart } from '@ai-sdk/provider';
 import * as z4 from 'zod/v4';
 import { ZodType } from 'zod/v4';
 import { StandardSchemaV1 } from '@standard-schema/spec';
@@ -56,6 +56,53 @@ declare function extractResponseHeaders(response: Response): {
     [k: string]: string;
 };
 
+declare const symbol: unique symbol;
+declare class DownloadError extends AISDKError {
+    private readonly [symbol];
+    readonly url: string;
+    readonly statusCode?: number;
+    readonly statusText?: string;
+    constructor({ url, statusCode, statusText, cause, message, }: {
+        url: string;
+        statusCode?: number;
+        statusText?: string;
+        message?: string;
+        cause?: unknown;
+    });
+    static isInstance(error: unknown): error is DownloadError;
+}
+
+/**
+ * Default maximum download size: 2 GiB.
+ *
+ * `fetch().arrayBuffer()` has ~2x peak memory overhead (undici buffers the
+ * body internally, then creates the JS ArrayBuffer), so very large downloads
+ * risk exceeding the default V8 heap limit on 64-bit systems and terminating
+ * the process with an out-of-memory error.
+ *
+ * Setting this limit converts an unrecoverable OOM crash into a catchable
+ * `DownloadError`.
+ */
+declare const DEFAULT_MAX_DOWNLOAD_SIZE: number;
+/**
+ * Reads a fetch Response body with a size limit to prevent memory exhaustion.
+ *
+ * Checks the Content-Length header for early rejection, then reads the body
+ * incrementally via ReadableStream and aborts with a DownloadError when the
+ * limit is exceeded.
+ *
+ * @param response - The fetch Response to read.
+ * @param url - The URL being downloaded (used in error messages).
+ * @param maxBytes - Maximum allowed bytes. Defaults to DEFAULT_MAX_DOWNLOAD_SIZE.
+ * @returns A Uint8Array containing the response body.
+ * @throws DownloadError if the response exceeds maxBytes.
+ */
+declare function readResponseWithSizeLimit({ response, url, maxBytes, }: {
+    response: Response;
+    url: string;
+    maxBytes?: number;
+}): Promise<Uint8Array>;
+
 /**
  * Fetch function type (standardizes the version of fetch used).
  */
@@ -825,6 +872,15 @@ declare function convertBase64ToUint8Array(base64String: string): Uint8Array<Arr
 declare function convertUint8ArrayToBase64(array: Uint8Array): string;
 declare function convertToBase64(value: string | Uint8Array): string;
 
+/**
+ * Validates that a URL is safe to download from, blocking private/internal addresses
+ * to prevent SSRF attacks.
+ *
+ * @param url - The URL string to validate.
+ * @throws DownloadError if the URL is unsafe.
+ */
+declare function validateDownloadUrl(url: string): void;
+
 /**
  * Validates the types of an unknown object using a schema and
  * return a strongly-typed object.
@@ -957,4 +1013,4 @@ interface ToolResult<NAME extends string, INPUT, OUTPUT> {
     dynamic?: boolean;
 }
 
-export { type AssistantContent, type AssistantModelMessage, type DataContent, DelayedPromise, type FetchFunction, type FilePart, type FlexibleSchema, type FlexibleValidator, type IdGenerator, type ImagePart, type InferSchema, type InferToolInput, type InferToolOutput, type InferValidator, type LazySchema, type LazyValidator, type ModelMessage, type ParseResult, type ProviderDefinedToolFactory, type ProviderDefinedToolFactoryWithOutputSchema, type ProviderOptions, type ReasoningPart, type Resolvable, type ResponseHandler, type Schema, type SystemModelMessage, type TextPart, type Tool, type ToolCall, type ToolCallOptions, type ToolCallPart, type ToolContent, type ToolExecuteFunction, type ToolModelMessage, type ToolResult, type ToolResultPart, type UserContent, type UserModelMessage, VERSION, type ValidationResult, type Validator, asSchema, asValidator, combineHeaders, convertAsyncIteratorToReadableStream, convertBase64ToUint8Array, convertToBase64, convertUint8ArrayToBase64, createBinaryResponseHandler, createEventSourceResponseHandler, createIdGenerator, createJsonErrorResponseHandler, createJsonResponseHandler, createJsonStreamResponseHandler, createProviderDefinedToolFactory, createProviderDefinedToolFactoryWithOutputSchema, createStatusCodeErrorResponseHandler, delay, dynamicTool, executeTool, extractResponseHeaders, generateId, getErrorMessage, getFromApi, getRuntimeEnvironmentUserAgent, injectJsonInstructionIntoMessages, isAbortError, isParsableJson, isUrlSupported, isValidator, jsonSchema, lazySchema, lazyValidator, loadApiKey, loadOptionalSetting, loadSetting, mediaTypeToExtension, normalizeHeaders, parseJSON, parseJsonEventStream, parseProviderOptions, postFormDataToApi, postJsonToApi, postToApi, removeUndefinedEntries, resolve, safeParseJSON, safeValidateTypes, standardSchemaValidator, tool, validateTypes, validator, withUserAgentSuffix, withoutTrailingSlash, zodSchema };
+export { type AssistantContent, type AssistantModelMessage, DEFAULT_MAX_DOWNLOAD_SIZE, type DataContent, DelayedPromise, DownloadError, type FetchFunction, type FilePart, type FlexibleSchema, type FlexibleValidator, type IdGenerator, type ImagePart, type InferSchema, type InferToolInput, type InferToolOutput, type InferValidator, type LazySchema, type LazyValidator, type ModelMessage, type ParseResult, type ProviderDefinedToolFactory, type ProviderDefinedToolFactoryWithOutputSchema, type ProviderOptions, type ReasoningPart, type Resolvable, type ResponseHandler, type Schema, type SystemModelMessage, type TextPart, type Tool, type ToolCall, type ToolCallOptions, type ToolCallPart, type ToolContent, type ToolExecuteFunction, type ToolModelMessage, type ToolResult, type ToolResultPart, type UserContent, type UserModelMessage, VERSION, type ValidationResult, type Validator, asSchema, asValidator, combineHeaders, convertAsyncIteratorToReadableStream, convertBase64ToUint8Array, convertToBase64, convertUint8ArrayToBase64, createBinaryResponseHandler, createEventSourceResponseHandler, createIdGenerator, createJsonErrorResponseHandler, createJsonResponseHandler, createJsonStreamResponseHandler, createProviderDefinedToolFactory, createProviderDefinedToolFactoryWithOutputSchema, createStatusCodeErrorResponseHandler, delay, dynamicTool, executeTool, extractResponseHeaders, generateId, getErrorMessage, getFromApi, getRuntimeEnvironmentUserAgent, injectJsonInstructionIntoMessages, isAbortError, isParsableJson, isUrlSupported, isValidator, jsonSchema, lazySchema, lazyValidator, loadApiKey, loadOptionalSetting, loadSetting, mediaTypeToExtension, normalizeHeaders, parseJSON, parseJsonEventStream, parseProviderOptions, postFormDataToApi, postJsonToApi, postToApi, readResponseWithSizeLimit, removeUndefinedEntries, resolve, safeParseJSON, safeValidateTypes, standardSchemaValidator, tool, validateDownloadUrl, validateTypes, validator, withUserAgentSuffix, withoutTrailingSlash, zodSchema };

package/dist/index.d.ts

@@ -1,4 +1,4 @@
-import { JSONParseError, TypeValidationError, JSONValue, APICallError, LanguageModelV2Prompt, JSONSchema7, SharedV2ProviderOptions, LanguageModelV2ToolResultOutput, LanguageModelV2ToolResultPart } from '@ai-sdk/provider';
+import { AISDKError, JSONParseError, TypeValidationError, JSONValue, APICallError, LanguageModelV2Prompt, JSONSchema7, SharedV2ProviderOptions, LanguageModelV2ToolResultOutput, LanguageModelV2ToolResultPart } from '@ai-sdk/provider';
 import * as z4 from 'zod/v4';
 import { ZodType } from 'zod/v4';
 import { StandardSchemaV1 } from '@standard-schema/spec';
@@ -56,6 +56,53 @@ declare function extractResponseHeaders(response: Response): {
     [k: string]: string;
 };
 
+declare const symbol: unique symbol;
+declare class DownloadError extends AISDKError {
+    private readonly [symbol];
+    readonly url: string;
+    readonly statusCode?: number;
+    readonly statusText?: string;
+    constructor({ url, statusCode, statusText, cause, message, }: {
+        url: string;
+        statusCode?: number;
+        statusText?: string;
+        message?: string;
+        cause?: unknown;
+    });
+    static isInstance(error: unknown): error is DownloadError;
+}
+
+/**
+ * Default maximum download size: 2 GiB.
+ *
+ * `fetch().arrayBuffer()` has ~2x peak memory overhead (undici buffers the
+ * body internally, then creates the JS ArrayBuffer), so very large downloads
+ * risk exceeding the default V8 heap limit on 64-bit systems and terminating
+ * the process with an out-of-memory error.
+ *
+ * Setting this limit converts an unrecoverable OOM crash into a catchable
+ * `DownloadError`.
+ */
+declare const DEFAULT_MAX_DOWNLOAD_SIZE: number;
+/**
+ * Reads a fetch Response body with a size limit to prevent memory exhaustion.
+ *
+ * Checks the Content-Length header for early rejection, then reads the body
+ * incrementally via ReadableStream and aborts with a DownloadError when the
+ * limit is exceeded.
+ *
+ * @param response - The fetch Response to read.
+ * @param url - The URL being downloaded (used in error messages).
+ * @param maxBytes - Maximum allowed bytes. Defaults to DEFAULT_MAX_DOWNLOAD_SIZE.
+ * @returns A Uint8Array containing the response body.
+ * @throws DownloadError if the response exceeds maxBytes.
+ */
+declare function readResponseWithSizeLimit({ response, url, maxBytes, }: {
+    response: Response;
+    url: string;
+    maxBytes?: number;
+}): Promise<Uint8Array>;
+
 /**
  * Fetch function type (standardizes the version of fetch used).
  */
@@ -825,6 +872,15 @@ declare function convertBase64ToUint8Array(base64String: string): Uint8Array<Arr
 declare function convertUint8ArrayToBase64(array: Uint8Array): string;
 declare function convertToBase64(value: string | Uint8Array): string;
 
+/**
+ * Validates that a URL is safe to download from, blocking private/internal addresses
+ * to prevent SSRF attacks.
+ *
+ * @param url - The URL string to validate.
+ * @throws DownloadError if the URL is unsafe.
+ */
+declare function validateDownloadUrl(url: string): void;
+
 /**
  * Validates the types of an unknown object using a schema and
  * return a strongly-typed object.
@@ -957,4 +1013,4 @@ interface ToolResult<NAME extends string, INPUT, OUTPUT> {
     dynamic?: boolean;
 }
 
-export { type AssistantContent, type AssistantModelMessage, type DataContent, DelayedPromise, type FetchFunction, type FilePart, type FlexibleSchema, type FlexibleValidator, type IdGenerator, type ImagePart, type InferSchema, type InferToolInput, type InferToolOutput, type InferValidator, type LazySchema, type LazyValidator, type ModelMessage, type ParseResult, type ProviderDefinedToolFactory, type ProviderDefinedToolFactoryWithOutputSchema, type ProviderOptions, type ReasoningPart, type Resolvable, type ResponseHandler, type Schema, type SystemModelMessage, type TextPart, type Tool, type ToolCall, type ToolCallOptions, type ToolCallPart, type ToolContent, type ToolExecuteFunction, type ToolModelMessage, type ToolResult, type ToolResultPart, type UserContent, type UserModelMessage, VERSION, type ValidationResult, type Validator, asSchema, asValidator, combineHeaders, convertAsyncIteratorToReadableStream, convertBase64ToUint8Array, convertToBase64, convertUint8ArrayToBase64, createBinaryResponseHandler, createEventSourceResponseHandler, createIdGenerator, createJsonErrorResponseHandler, createJsonResponseHandler, createJsonStreamResponseHandler, createProviderDefinedToolFactory, createProviderDefinedToolFactoryWithOutputSchema, createStatusCodeErrorResponseHandler, delay, dynamicTool, executeTool, extractResponseHeaders, generateId, getErrorMessage, getFromApi, getRuntimeEnvironmentUserAgent, injectJsonInstructionIntoMessages, isAbortError, isParsableJson, isUrlSupported, isValidator, jsonSchema, lazySchema, lazyValidator, loadApiKey, loadOptionalSetting, loadSetting, mediaTypeToExtension, normalizeHeaders, parseJSON, parseJsonEventStream, parseProviderOptions, postFormDataToApi, postJsonToApi, postToApi, removeUndefinedEntries, resolve, safeParseJSON, safeValidateTypes, standardSchemaValidator, tool, validateTypes, validator, withUserAgentSuffix, withoutTrailingSlash, zodSchema };
+export { type AssistantContent, type AssistantModelMessage, DEFAULT_MAX_DOWNLOAD_SIZE, type DataContent, DelayedPromise, DownloadError, type FetchFunction, type FilePart, type FlexibleSchema, type FlexibleValidator, type IdGenerator, type ImagePart, type InferSchema, type InferToolInput, type InferToolOutput, type InferValidator, type LazySchema, type LazyValidator, type ModelMessage, type ParseResult, type ProviderDefinedToolFactory, type ProviderDefinedToolFactoryWithOutputSchema, type ProviderOptions, type ReasoningPart, type Resolvable, type ResponseHandler, type Schema, type SystemModelMessage, type TextPart, type Tool, type ToolCall, type ToolCallOptions, type ToolCallPart, type ToolContent, type ToolExecuteFunction, type ToolModelMessage, type ToolResult, type ToolResultPart, type UserContent, type UserModelMessage, VERSION, type ValidationResult, type Validator, asSchema, asValidator, combineHeaders, convertAsyncIteratorToReadableStream, convertBase64ToUint8Array, convertToBase64, convertUint8ArrayToBase64, createBinaryResponseHandler, createEventSourceResponseHandler, createIdGenerator, createJsonErrorResponseHandler, createJsonResponseHandler, createJsonStreamResponseHandler, createProviderDefinedToolFactory, createProviderDefinedToolFactoryWithOutputSchema, createStatusCodeErrorResponseHandler, delay, dynamicTool, executeTool, extractResponseHeaders, generateId, getErrorMessage, getFromApi, getRuntimeEnvironmentUserAgent, injectJsonInstructionIntoMessages, isAbortError, isParsableJson, isUrlSupported, isValidator, jsonSchema, lazySchema, lazyValidator, loadApiKey, loadOptionalSetting, loadSetting, mediaTypeToExtension, normalizeHeaders, parseJSON, parseJsonEventStream, parseProviderOptions, postFormDataToApi, postJsonToApi, postToApi, readResponseWithSizeLimit, removeUndefinedEntries, resolve, safeParseJSON, safeValidateTypes, standardSchemaValidator, tool, validateDownloadUrl, validateTypes, validator, withUserAgentSuffix, withoutTrailingSlash, zodSchema };