Three open-source alternatives to litellm after PyPI supply chain attack

litellm versions 1.82.7 and 1.82.8 on PyPI were compromised with credential-stealing malware in a supply chain attack. For developers using AI coding agents who need to migrate, here are three open-source alternatives mentioned in the source.
Bifrost
Described as the most direct litellm replacement currently available. Written in Go, it claims ~50x faster P99 latency than litellm. Licensed under Apache 2.0 and supports 20+ providers. Migration from litellm requires only a one-line base URL change.
Kosong
An LLM abstraction layer open-sourced by Kimi and used in Kimi CLI. More agent-oriented than litellm, it unifies message structures and provides async tool orchestration with pluggable chat providers. Supports OpenAI, Anthropic, Google Vertex, and other API formats.
Helicone
An AI gateway with strong analytics and debugging capabilities. Supports 100+ providers. Heavier than Bifrost or Kosong but more feature-rich on the observability side.
📖 Read the full source: r/LocalLLaMA
👀 See Also

Delimiter defense boosts Gemma 4 from 21% to 100% prompt injection defense in 6100+ test benchmark
A benchmark tested 15 models across 7 attack types (6100+ tests) using random delimiters around untrusted content. Gemma 4 E4B went from 21.6% to 100% defense rate with delimiter + strict prompt.

Claude Code source map leak reveals minified JavaScript was already public on npm
A source map file accidentally included in version 2.1.88 of the @anthropic-ai/claude-code npm package revealed internal developer comments, but the actual 13MB cli.js file containing 148,000+ plaintext strings has been publicly accessible on npm since launch.

Fake Claude Code site served trojan — detected by Windows Defender as Trojan:Win32/Kepavll!rfn
A typosquatting or ad-based site mimicking the official Claude Code website delivered a trojan detected as Trojan:Win32/Kepavll!rfn by Windows Defender. Reddit user warns others to verify URLs before running PowerShell install commands.

Anthropic reports industrial-scale distillation attacks by Chinese AI labs on Claude
Anthropic detected three Chinese AI companies—DeepSeek, Moonshot, and MiniMax—creating over 24,000 fraudulent accounts to generate 16+ million exchanges with Claude, extracting its reasoning capabilities through systematic distillation attacks.