
Security News
Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Music Scraping
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.
@openrouter/cli
Advanced tools
A simple and easy to use utility to login to open router and use any model with claude code!
/model command.First, ensure you have Claude Code installed:
npm install -g @anthropic-ai/claude-code
Then, install Claude Code Router:
npm install -g @openrouter/claude-code
Create and configure your ~/.openrouter/claude-code-proxy.json file. For more details, you can refer to config.example.json.
The claude-code-proxy.json file has several key sections:
LOG (optional): You can enable logging by setting it to true. When set to false, no log files will be created. Default is true.LOG_LEVEL (optional): Set the logging level. Available options are: "fatal", "error", "warn", "info", "debug", "trace". Default is "debug".~/.copenrouter/logs/ directory with filenames like openrouter-*.log~/.openrouter/router.logOPENROUTER_API_KEY: To set your OPENROUTER_API_KEY to use in the proxy servermodels: Used to set up routing rules. default specifies the default model, which will be used for all requests if no other route is configured.API_TIMEOUT_MS: Specifies the timeout for API calls in milliseconds.Claude Code Router supports environment variable interpolation for secure API key management. You can reference environment variables in your config.json using either $VAR_NAME or ${VAR_NAME} syntax:
{
"OPENROUTER_API_KEY": "$OPENROUTER_API_KEY"
}
This allows you to keep sensitive API keys in environment variables instead of hardcoding them in configuration files. The interpolation works recursively through nested objects and arrays.
Here is a comprehensive example:
{
"OPENROUTER_API_KEY": "$OPENROUTER_API_KEY",
"LOG": true,
"models": {
"default": "deepseek/deepseek-chat",
"background": "qwen/qwen3-30b-a3b",
"think": "deepseek/deepseek-reasoner",
"longContext": "google/gemini-2.5-pro-preview",
"longContextThreshold": 60000,
"webSearch": "google/gemini-2.5-flash:online"
}
}
Start Claude Code using the router:
openrouter code
Note: After modifying the configuration file, you need to restart the service for the changes to take effect:
openrouter restart
The models object defines which model to use for different scenarios:
default: The default model for general tasks.background: A model for background tasks. This can be a smaller, local model to save costs.think: A model for reasoning-heavy tasks, like Plan Mode.longContext: A model for handling long contexts (e.g., > 60K tokens).longContextThreshold (optional): The token count threshold for triggering the long context model. Defaults to 60000 if not specified.webSearch: Used for handling web search tasks and this requires the model itself to support the feature. You will also need to add the :online suffix after the model name.You can also switch models dynamically in Claude Code with the /model command:
/model model_name
Example: /model anthropic/claude-sonnet-4
FAQs
SDK DevTools and utilities for OpenRouter development
The npm package @openrouter/cli receives a total of 243 weekly downloads. As such, @openrouter/cli popularity was classified as not popular.
We found that @openrouter/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
A Shai-Hulud infection exposed Suno's source code, which shows the AI music startup stream-ripped tracks to train its models.

Security News
Vercel is formalizing a monthly release program for Next.js. The change follows React2Shell and a sharp rise in AI-assisted vulnerability discovery.

Research
/Security News
11 malicious NuGet tools pose as game cheats to deploy Windows payloads, track hosts, and use Google Sheets for telemetry and control.