fix(providers): use secureJsonParse instead of raw JSON.parse in production code

[Abuhaithem]

Several production provider files parse untrusted strings with raw JSON.parse. These strings come from model output and upstream API responses — tool-call inputs, provider tool error results, and API error response bodies — all of which can be influenced by prompt injection or a misbehaving/malicious upstream.

This violates the project coding standard ("Never use JSON.parse directly in production code to prevent security risks") and leaves a prototype-pollution vector open: a payload such as {"__proto__":{"polluted":true}} parses without complaint and can pollute objects during later recursive merges.

The repo already ships secureJsonParse (packages/provider-utils/src/secure-json-parse.ts), which rejects __proto__ / constructor.prototype keys. However it was not exported from @ai-sdk/provider-utils, and the public parseJSON / safeParseJSON helpers are async, so these synchronous call sites had no safe option.

Summary

• @ai-sdk/provider-utils: export secureJsonParse from the package entry point.

• Replace raw JSON.parse with secureJsonParse at six call sites (all already wrapped in try/catch, so error handling is unchanged — a rejected payload now falls back instead of being parsed):

  Package	File	Parses
  @ai-sdk/google	src/interactions/convert-to-google-interactions-input.ts	tool-call input string
  @ai-sdk/google	src/convert-to-google-messages.ts	server tool-call args
  @ai-sdk/anthropic	src/convert-to-anthropic-prompt.ts (×2)	provider tool error result values
  @ai-sdk/anthropic	src/anthropic-language-model.ts	code_execution tool input
  @ai-sdk/gateway	src/errors/extract-api-call-response.ts	API error response body

• Add regression tests that fail on the previous JSON.parse implementation:

  • @ai-sdk/gateway: __proto__ and constructor.prototype payloads fall back to the raw response string.
  • @ai-sdk/google: a malicious stringified tool-call input is rejected and wrapped safely instead of parsed.

Manual Verification

Targeted test suites (all pass):

pnpm --filter @ai-sdk/gateway   exec vitest run src/errors/extract-api-call-response.test.ts          # 16 passed
pnpm --filter @ai-sdk/google    exec vitest run src/interactions/convert-to-google-interactions-input.test.ts \
                                              src/convert-to-google-messages.test.ts                   # 95 passed
pnpm --filter @ai-sdk/anthropic exec vitest run src/convert-to-anthropic-prompt.test.ts               # 75 passed
pnpm --filter @ai-sdk/anthropic exec vitest run src/anthropic-language-model.test.ts                  # 250 passed
pnpm --filter @ai-sdk/provider-utils exec vitest run src/secure-json-parse.test.ts src/parse-json.test.ts  # 27 passed

Additional checks:

• npx ultracite check <changed files> — clean (formatting + lint).
• npx tsc --build packages/provider-utils packages/google packages/anthropic packages/gateway — exit 0.

Checklist

• All commits are signed (PRs with unsigned commits cannot be merged)
• Tests have been added / updated (for bug fixes / features)
• Documentation has been added / updated (for bug fixes / features) — n/a, internal-only change
• A patch changeset for relevant packages has been added (for bug fixes / features - run pnpm changeset in the project root)
• I have reviewed this pull request (self-review)

Future Work

• Audit remaining raw JSON.parse usages in other production packages (e.g. @ai-sdk/langchain) and migrate any that handle untrusted input to secureJsonParse.

Related Issues

Fixes #15812

[Abuhaithem]

cc: @lgrammel

[Abuhaithem]

cc: @dancer