Sole maintainer. 16M+ weekly downloads. No release in two years. Run a standard supply chain audit on @anthropic-ai/sdk . You get this: @anthropic-ai/sdk: score=86 14 maintainers 17.9M downloads/week ✅ HEALTHY Enter fullscreen mode Exit fullscreen mode Looks fine. Anthropic maintains it actively, large team, widely used. Move on. Run it again at depth 2 — checking what the SDK's dependencies depend on: @anthropic-ai/sdk score=86 14 maint 17.9M/wk ✅ HEALTHY └─ json-schema-to-ts score=71 1 maint 16.5M/wk 🔴 CRITICAL: sole maintainer + >10M/wk └─ ts-algebra score=64 1 maint 13.5M/wk 🔴 CRITICAL: sole maintainer + no release in two years └─ @babel/runtime score=93 4 maint 139M/wk ✅ HEALTHY Enter fullscreen mode Exit fullscreen mode json-schema-to-ts is the only runtime dependency of the Anthropic SDK. One maintainer. 16.5 million weekly downloads. The exact attack profile that hit LiteLLM in March 2026 and axios in March 2026 (via North Korea/UNC1069).…