npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@aegis-sdk/ollama

v0.5.0

Published

Ollama SDK adapter for Aegis prompt injection defense

Downloads

154

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

msjoshlopezmsjoshlopez

Keywords

Readme

@aegis-sdk/ollama

Ollama adapter for Aegis prompt injection defense. Scans messages and monitors streaming responses for local model usage via Ollama.

Part of the Aegis.js prompt injection defense toolkit.

Installation

npm install @aegis-sdk/ollama @aegis-sdk/core ollama

Quick Start

Wrap the Ollama client for automatic protection:

import { Ollama } from 'ollama';
import { Aegis } from '@aegis-sdk/core';
import { wrapOllamaClient } from '@aegis-sdk/ollama';

const aegis = new Aegis({ policy: 'strict' });
const client = wrapOllamaClient(new Ollama(), aegis);

// Messages are scanned before sending.
// Streaming responses are monitored in real-time.
const response = await client.chat({
  model: 'llama3',
  messages: [{ role: 'user', content: 'Hello!' }],
});

Or scan messages manually:

import { Aegis } from '@aegis-sdk/core';
import { guardMessages } from '@aegis-sdk/ollama';

const aegis = new Aegis({ policy: 'strict' });

const messages = [
  { role: 'system' as const, content: 'You are a helpful assistant.' },
  { role: 'user' as const, content: userInput },
];

// Throws AegisInputBlocked if injection is detected
const safe = await guardMessages(aegis, messages);

API

wrapOllamaClient(client, aegis, options?)

Proxy the Ollama client to automatically guard chat() calls. Input messages are scanned before sending, and streaming responses (when stream: true) are monitored in real-time. All other client methods pass through unchanged.

guardMessages(aegis, messages, options?)

Scan an array of OllamaMessage[] for prompt injection. Ollama uses the standard system/user/assistant roles, which map directly to the Aegis three-role model. Returns the original messages if safe, throws AegisInputBlocked if blocked.

createStreamTransform(aegis)

Create a TransformStream<string, string> for monitoring extracted message.content values from Ollama streaming chunks.

getAuditLog(aegis)

Convenience accessor for the Aegis audit log.

Why protect local models?

Local models running through Ollama still process untrusted user input. Prompt injection attacks work regardless of where the model runs. If your application takes user input and passes it to a local LLM that has access to tools, files, or databases, the same attack vectors apply.

Learn More

License

MIT