Back to Docs

Install

The canonical install command for every supported language. This is the only page that lists install commands — every other doc, blog, and README links here.

⚠ Do not install bare evalguard

There are two unrelated third-party packages named evalguard on npm and PyPI. They are not affiliated with EvalGuard, Inc.

  • npm install evalguard — third-party LLM-eval library by GitHub user lghiur. Not us.
  • pip install evalguard — third-party AI-validation library by GitHub user yolojewjitsu. Not us.

Always use the canonical names below@evalguard/sdk on npm, evalguardai on PyPI, @evalguard/cli for the CLI. These are the only packages published by EvalGuard, Inc. We are pursuing trademark resolution; until that lands, this banner stays.

Other registries (NuGet, Maven, crates.io, RubyGems, Packagist): we do not yet publish SDKs there. If you find a package using the EvalGuard name on any of those registries, it is not from us — please report it to security@evalguard.ai.

Canonical install commands

TypeScript / JavaScript

@evalguard/sdk

Registry page ↗
npm install @evalguard/sdk

Import

import { EvalGuard } from "@evalguard/sdk";

Python

evalguardai

Registry page ↗
pip install evalguardai

Import

from evalguard import EvalGuardClient

CLI (Node.js)

@evalguard/cli

Registry page ↗
npm install -g @evalguard/cli

Import

evalguard --version

Go

github.com/EvalGuardAi/evalguard-go

Registry page ↗
go get github.com/EvalGuardAi/evalguard-go@latest

Import

import evalguard "github.com/EvalGuardAi/evalguard-go"

Verify cryptographic provenance

Every @evalguard/* npm release ships with an OIDC-signed Sigstore provenance attestation. Verify after install — if a package isn't signed by github.com/EvalGuardAi/evalguard via the canonical workflow, it isn't ours, regardless of what the registry name suggests.

npm install @evalguard/sdk
npm audit signatures
# Should report: "audited 1 package: @evalguard/sdk
#   verified registry signatures, 1 package signed by Sigstore (OIDC)"

Deprecated aliases

These names point at deprecation-shim packages we publish to keep old install commands working — they re-export the canonical and emit a deprecation warning. Migrate to the canonical name on the right; the shim slot may be sunsetted in a future release.

Deprecated nameRegistry→ Canonical
evalguardai-sdknpm@evalguard/sdk
evalguard-sdknpm (unscoped)@evalguard/sdk
@evalguardai/sdknpm@evalguard/sdk
@evalguardai/clinpm@evalguard/cli
evalguard-sdkPyPIevalguardai
evalguard-pythonPyPIevalguardai

Need another language?

Java (Spring Boot + langchain4j integration), C# / .NET, Ruby, and PHP SDKs are not published yet. The REST API works from any language — see the API reference. If you need a native SDK, email support@evalguard.ai and we'll publish on request — typical turnaround is under a week for languages where we already have an internal client.

Why these names

The product is called EvalGuard. The domain is evalguard.ai. Industry convention (e.g. openai, @anthropic-ai/sdk, stripe, @vercel/*) keeps package names brand-only — they don't repeat the TLD in the package handle. The canonical install paths above follow that convention. The Java ai.evalguard groupId is the standard Maven reverse-DNS pattern and is unrelated to the npm/PyPI brand handle.

Documentation | EvalGuard