The Anthropic SDK Looks Safe. Two of Its Transitive Dependencies Aren't.

Run a supply chain audit on @anthropic-ai/sdk and it looks healthy. Audit at depth 2 and two transitive dependencies are CRITICAL — sole maintainer, 15M weekly downloads, no release in over a year.