Three open-source alternatives to litellm after PyPI supply chain attack

litellm versions 1.82.7 and 1.82.8 on PyPI were compromised with credential-stealing malware in a supply chain attack. For developers using AI coding agents who need to migrate, here are three open-source alternatives mentioned in the source.

Bifrost

Described as the most direct litellm replacement currently available. Written in Go, it claims ~50x faster P99 latency than litellm. Licensed under Apache 2.0 and supports 20+ providers. Migration from litellm requires only a one-line base URL change.

Kosong

An LLM abstraction layer open-sourced by Kimi and used in Kimi CLI. More agent-oriented than litellm, it unifies message structures and provides async tool orchestration with pluggable chat providers. Supports OpenAI, Anthropic, Google Vertex, and other API formats.

Helicone

An AI gateway with strong analytics and debugging capabilities. Supports 100+ providers. Heavier than Bifrost or Kosong but more feature-rich on the observability side.