
Security News
Node.js Considers Public Workflow for Security Reports Amid AI-Driven Surge
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.
@adcp/client
Advanced tools
Renamed to @adcp/sdk. Compatibility shim that re-exports @adcp/sdk under the legacy package name.
This package has been renamed to
@adcp/sdk.
@adcp/clientcontinues to publish as a thin re-export of@adcp/sdkso existing installs keep working without code changes. New projects should install@adcp/sdkdirectly.
- npm install @adcp/client
+ npm install @adcp/sdk
- import { AdcpClient } from '@adcp/client';
+ import { AdcpClient } from '@adcp/sdk';
All subpaths (/client, /server, /compliance, /testing, /conformance, /signing, etc.) are available under the new name with identical APIs.
@adcp/client ships three distinct surfaces — a buyer-side client, a server builder, and a compliance harness. The new name and /client /server /compliance subpaths make that shape explicit.
@adcp/client and @adcp/sdk are version-linked via the repo's changeset config — both packages release at the same number on every cut, and the shim's dependencies."@adcp/sdk" covers the published range so npm dedupes consumers' trees that pull both names.
@adcp/client could not locate @adcp/sdk — the CLI delegator calls require.resolve('@adcp/sdk/package.json') and fails when @adcp/sdk is missing from the install tree. Most common with npm install --legacy-peer-deps or Yarn classic with nohoist skipping the peer auto-install. Resolve by running npm install @adcp/sdk alongside, or by removing the --legacy-peer-deps flag if it's not load-bearing for the rest of your tree.
@adcp/client continues to publish as a re-export of @adcp/sdk. Every release is auto-deprecated on the npm registry so npm install shows the rename pointer; the package still works without code changes. New features ship to @adcp/sdk only — the shim never gains capability.@adcp/client ships under 5.x; 6.0 publishes as @adcp/sdk only. Consumers who haven't migrated by then need to swap their imports before bumping major.@adcp/sdk weekly downloads sustained above @adcp/client for two consecutive months. We post the removal date 90 days in advance on the GitHub repo before stopping shim publishes.The shim is intentionally minimal so this timeline can hold without surprise — there's nothing in packages/client-shim/ that diverges from @adcp/sdk semantically. If you're reading this and want the migration to take a long weekend, the change is s/@adcp\/client/@adcp\/sdk/g across imports plus a single dependency swap in package.json.
FAQs
Renamed to @adcp/sdk. Compatibility shim that re-exports @adcp/sdk under the legacy package name.
The npm package @adcp/client receives a total of 1,237 weekly downloads. As such, @adcp/client popularity was classified as popular.
We found that @adcp/client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Node.js is debating whether AI-driven security report volume warrants moving more vulnerability reports into public workflows.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.