npm / langsmith

LangSmith SDK: Streaming token events bypass output redaction

Modified: 5/6/2026

LangSmith Client SDK Affected by Server-Side Request Forgery via Tracing Header Injection

Modified: 2/22/2026

LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust boundary warning

Modified: 6/9/2026

LangSmith Client SDKs has Prototype Pollution in langsmith-sdk via Incomplete `__proto__` Guard in Internal lodash `set()`

Modified: 4/16/2026