
Security News
npm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokens
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.
@adcp/client
Advanced tools
AdCP client library with protocol support for MCP and A2A, includes testing framework
Official TypeScript/JavaScript client for the Ad Context Protocol (AdCP). Seamlessly communicate with advertising agents using MCP and A2A protocols.
npm install @adcp/client
import { ADCPMultiAgentClient } from '@adcp/client';
// Multi-agent setup with type safety
const client = new ADCPMultiAgentClient([{
id: 'premium-agent',
name: 'Premium Ad Agent',
agent_uri: 'https://agent.example.com/mcp/',
protocol: 'mcp',
auth_token: 'your-auth-token'
}]);
const agent = client.agent('premium-agent');
// ✅ TYPE-SAFE: Full IntelliSense and compile-time checking
const result = await agent.getProducts({
brief: 'Looking for premium coffee advertising',
promoted_offering: 'Artisan coffee blends'
});
// result is TaskResult<GetProductsResponse> with known properties
if (result.success) {
console.log('Products:', result.data.products); // Fully typed!
} else {
console.error('Error:', result.error);
}
Set your agent configuration once and auto-discover everywhere:
# .env file
ADCP_AGENTS='[{"id":"agent1","name":"My Agent","agent_uri":"https://agent.example.com","protocol":"mcp","auth_token":"token123"}]'
// Auto-discover agents from environment
const client = ADCPMultiAgentClient.fromEnv();
console.log(`Found ${client.agentCount} agents`); // Auto-discovered!
// Or manually configure
const client = new ADCPMultiAgentClient([
{ id: 'agent1', agent_uri: 'https://...', protocol: 'mcp' }
]);
const client = new ADCPMultiAgentClient([
{ id: 'premium', agent_uri: 'https://premium.example.com', protocol: 'mcp' },
{ id: 'budget', agent_uri: 'https://budget.example.com', protocol: 'a2a' }
]);
// Work with specific agents
const premium = client.agent('premium');
const budget = client.agent('budget');
// Or run across all agents in parallel
const allResults = await client.getProducts(params); // TaskResult<GetProductsResponse>[]
Get full TypeScript support with compile-time checking and IntelliSense:
const agent = client.agent('agent-id');
// ✅ TYPE-SAFE METHODS: Full IntelliSense, compile-time checking
await agent.getProducts(params); // TaskResult<GetProductsResponse>
await agent.createMediaBuy(params); // TaskResult<CreateMediaBuyResponse>
await agent.listCreativeFormats(params); // TaskResult<ListCreativeFormatsResponse>
// ✅ GENERIC METHOD WITH AUTO TYPE INFERENCE: No casting needed!
const result = await agent.executeTask('get_products', params);
// result is TaskResult<GetProductsResponse> - TypeScript knows the return type!
// ✅ CUSTOM TYPES: For non-standard tasks
const customResult = await agent.executeTask<MyCustomResponse>('custom_task', params);
// ✅ BOTH support async patterns & input handlers!
const withHandler = await agent.getProducts(
{ brief: "Premium inventory" },
async (inputRequest) => ({ approve: true })
);
Handle complex async patterns with ease:
// Configure input handler for interactive tasks
const client = ADCPClient.simple('https://agent.example.com', {
authToken: 'token',
inputHandler: async (request) => {
// Handle 'input-required' status
if (request.type === 'user_approval') {
const approved = await getUserApproval(request.data);
return { approved };
}
// Defer for human review
return { defer: true };
}
});
// Long-running server task (returns immediately)
const result = await client.executeTask('analyze_campaign', {
campaign_id: '12345'
});
if (result.status === 'submitted') {
// Task running on server, will notify via webhook
console.log('Task ID:', result.submitted.taskId);
console.log('Webhook:', result.submitted.webhookUrl);
}
// Client-deferred task (needs human input)
if (result.status === 'deferred') {
// Save continuation for later
const continuation = result.deferred;
// ... later, after human provides input ...
const finalResult = await client.resumeDeferredTask(
continuation,
{ approved: true, budget: 50000 }
);
}
import { ADCPMultiAgentClient } from '@adcp/client';
const client = new ADCPMultiAgentClient([
{
id: 'agent1',
name: 'MCP Agent',
agent_uri: 'https://agent1.example.com/mcp/',
protocol: 'mcp',
requiresAuth: true,
auth_token_env: 'AGENT1_TOKEN'
},
{
id: 'agent2',
name: 'A2A Agent',
agent_uri: 'https://agent2.example.com',
protocol: 'a2a'
}
]);
// Execute on specific agent
const result = await client.executeTask('agent1', 'get_products', params);
// Execute on all agents in parallel
const results = await client.executeTaskOnAll('get_products', params);
# Clone for full examples
git clone https://github.com/your-org/adcp-client
cd adcp-client/examples
# Run examples
npx tsx basic-usage.ts
npx tsx async-patterns.ts
npx tsx multi-agent.ts
The package includes an interactive testing framework:
# Install and run locally
git clone https://github.com/your-org/adcp-client
cd adcp-client
npm install
npm run dev
# Open http://localhost:8080
We welcome contributions! See CONTRIBUTING.md for guidelines.
MIT - see LICENSE for details.
FAQs
Renamed to @adcp/sdk. Compatibility shim that re-exports @adcp/sdk under the legacy package name.
The npm package @adcp/client receives a total of 746 weekly downloads. As such, @adcp/client popularity was classified as not popular.
We found that @adcp/client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
npm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.

Research
/Security News
Socket tracks the activity as Operation “Muck and Load”: a threat actor uses commit-farming workflows, public dead drops, and protected archives to stage Windows RAT and infostealer malware.

Security News
pnpm 11.10 hardens registry auth to block token redirection, tightens pack-app and deploy, and makes the Rust port (v12) installable.