npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aegis-sdk/core

v0.5.0

Published

Streaming-first prompt injection defense for AI applications

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

msjoshlopezmsjoshlopez

Keywords

aillmprompt-injectionsecuritystreamingdefenseguardopenaianthropicvercel-ai

Readme

@aegis-sdk/core

Streaming-first prompt injection defense for JavaScript/TypeScript AI applications.

Part of the Aegis.js prompt injection defense toolkit.

Installation

npm install @aegis-sdk/core

Quick Start

import { Aegis } from '@aegis-sdk/core';

const aegis = new Aegis({ policy: 'strict' });

// Scan input messages before sending to the LLM
const safeMessages = await aegis.guardInput(messages);

// Monitor the output stream in real-time (kills on violation)
const transform = aegis.createStreamTransform();

With the Vercel AI SDK:

import { streamText } from 'ai';
import { openai } from '@ai-sdk/openai';
import { Aegis } from '@aegis-sdk/core';

const aegis = new Aegis({ policy: 'strict' });

export async function POST(req: Request) {
  const { messages } = await req.json();

  const safeMessages = await aegis.guardInput(messages);

  const result = streamText({
    model: openai('gpt-4o'),
    messages: safeMessages,
    experimental_transform: aegis.createStreamTransform(),
  });

  return result.toDataStreamResponse();
}

API

Aegis class

The main entry point. Accepts an AegisConfig with a policy preset ('strict', 'balanced', 'permissive') or a custom policy object.

  • guardInput(messages, options?) -- Scan messages for prompt injection. Returns messages if safe, throws AegisInputBlocked if blocked.
  • createStreamTransform() -- Returns a TransformStream<string, string> that monitors output tokens and kills the stream on violation.
  • guardChainStep(output, options) -- Guard a single step in an agentic loop. Tracks cumulative risk, enforces step budgets, and applies privilege decay.
  • scanMedia(content, mediaType) -- Scan images, audio, or documents for injection attempts (requires multiModal config).
  • judgeOutput(userRequest, modelOutput, context?) -- Evaluate model output against original user intent using an LLM-Judge (requires judge config).
  • getAuditLog() -- Access the audit log for querying security events.
  • getValidator() -- Access the action validator for tool call validation.
  • getPolicy() -- Access the resolved policy.
  • getMessageSigner() -- Access the HMAC message signer (returns null if integrity is not configured).
  • isSessionQuarantined() -- Check whether the current session has been quarantined.

aegis singleton

Convenience singleton for the "simple path" API:

import { aegis } from '@aegis-sdk/core';

aegis.configure({ policy: 'strict' });
const instance = aegis.getInstance();

Core modules

Each module is exported individually for standalone use:

| Export | Purpose | |--------|---------| | quarantine(content, options?) | Wrap content as Quarantined<T> to track trust | | isQuarantined(value) | Check if a value is quarantined | | InputScanner | Pattern matching + heuristic injection detection | | PerplexityAnalyzer | Character n-gram perplexity for adversarial suffix detection | | TrajectoryAnalyzer | Multi-turn escalation detection (Crescendo attacks) | | PromptBuilder | Sandwich-pattern prompt construction with delimiters | | StreamMonitor | Real-time output scanning via TransformStream | | ActionValidator | Tool call validation + rate limiting | | Sandbox | Zero-capability model for untrusted content | | LLMJudge | Provider-agnostic intent alignment verification | | MultiModalScanner | Extract + scan text from images/audio/documents | | AutoRetryHandler | Retry with escalated security after a block | | AuditLog | Security event logging | | FileTransport | JSONL file transport with rotation | | OTelTransport | OpenTelemetry spans/metrics/logs transport | | AlertingEngine | Real-time alerting (rate-spike, session-kills) | | MessageSigner | HMAC conversation integrity |

Policy helpers

import { resolvePolicy, getPreset, isActionAllowed, loadPolicyFile } from '@aegis-sdk/core';

const policy = resolvePolicy('strict');
const preset = getPreset('balanced');
const allowed = isActionAllowed(policy, 'search_kb');
const filePolicy = await loadPolicyFile('./aegis-policy.yaml');

Error classes

  • AegisInputBlocked -- Thrown when input is blocked. Contains scanResult with detections and score.
  • AegisSessionQuarantined -- Thrown when a quarantined session attempts input.
  • AegisSessionTerminated -- Thrown on critical violations. Session must be recreated.

Canary Tokens

Embed canary tokens in your system prompt to detect when the model leaks it:

const aegis = new Aegis({
  policy: 'strict',
  canaryTokens: ['AEGIS_CANARY_7f3a9b'],
});

If the model outputs a canary token, the stream monitor kills the stream immediately.

Preset Policies

new Aegis({ policy: 'strict' });      // High security, tighter thresholds
new Aegis({ policy: 'balanced' });    // Default -- good for most apps
new Aegis({ policy: 'permissive' });  // Lower friction, wider thresholds

Learn More

License

MIT