npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@centure/node-sdk

v0.0.1

Published

A Typescript SDK for interacting with Centure's API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

abir-taheerabir-taheer

Keywords

centureprompt-injectionsecuritymcpmodel-context-protocolai-securityllm-security

Readme

@centure/node-sdk

A fully type-safe TypeScript SDK for interacting with Centure's API for prompt injection detection.

Installation

npm install @centure/node-sdk

Usage

Initialize the Client

import { CentureClient } from "@centure/node-sdk";

// Using environment variable CENTURE_API_KEY
const client = new CentureClient();

// Or provide API key directly
const client = new CentureClient({
  apiKey: "your-api-key",
  baseUrl: "https://api.centure.ai", // Optional, defaults to production
});

Scan Text for Prompt Injection

const result = await client.scanText("Your text content here");

console.log("Is safe:", result.is_safe);
console.log("Detected categories:", result.categories);
console.log("Request ID:", result.request_id);

Scan Image (Base64 or Buffer)

// Using base64 string
const base64Image = "iVBORw0KGgoAAAANSUhEUgAA...";
const result = await client.scanImage(base64Image);

console.log("Is safe:", result.is_safe);
console.log("Detected threats:", result.categories);
// Using Buffer (Node.js) - automatically converted to base64
import fs from "fs";

const imageBuffer = fs.readFileSync("./image.png");
const result = await client.scanImage(imageBuffer);

API Response

All scan methods return a ScanResponse object:

interface ScanResponse {
  is_safe: boolean;
  categories: DetectedCategory[];
  request_id: string;
  api_key_id: string;
  request_units: number;
  service_tier: ServiceTier;
}

interface DetectedCategory {
  code: ThreatCategory;
  confidence: ConfidenceLevel;
}

MCP Integration

The SDK provides a transport wrapper for the Model Context Protocol (MCP) that automatically scans messages for prompt injection attacks.

CentureMCPClientTransport

The CentureMCPClientTransport wraps any MCP transport and intercepts messages to scan them for security threats before they reach your MCP server.

Basic Usage

import { Client } from "@modelcontextprotocol/sdk/client/index.js";
import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
import { CentureClient } from "@centure/node-sdk";
import { CentureMCPClientTransport } from "@centure/node-sdk/mcp";

// Create your underlying MCP transport
const stdioTransport = new StdioClientTransport({
  command: "your-mcp-server",
  args: ["--arg1", "--arg2"],
});

// Wrap it with Centure security scanning
const secureTransport = new CentureMCPClientTransport({
  client: new CentureClient({
    apiKey: "your-api-key",
  }),
  transport: stdioTransport,
});

// Use with MCP client
const client = new Client({
  name: "your-client",
  version: "1.0.0",
});

await client.connect(secureTransport);

Configuration Parameters

Required Parameters
  • transport (Transport): The underlying MCP transport to wrap (e.g., StdioClientTransport, SSEClientTransport)
  • client (CentureClient): Centure API client instance for scanning messages
Optional Hooks

  • shouldScanMessage ((context: ShouldScanMessageContext) => boolean | ShouldScanMessageResult):

    Determines whether a specific message should be scanned. Return false or { scan: false } to skip scanning.

    shouldScanMessage: ({ message, extra }) => {
  // Skip scanning for tool list requests
  if (message.method === "tool/list") {
    return false;
  }
  return true;
}

  • onAfterScan ((context: OnAfterScanContext) => void | OnAfterScanResult):

    Called after a message is scanned, regardless of the result. Can return { passthrough: true } to allow the message even if unsafe.

    onAfterScan: ({ message, scanResult }) => {
  console.log(`Scanned ${message.method}: ${scanResult.is_safe}`);
}

  • onUnsafeMessage ((context: OnUnsafeMessageContext) => OnUnsafeMessageResult):

    Called when an unsafe message is detected. Must return an object specifying whether to allow or block the message.

    onUnsafeMessage: ({ message, scanResult }) => {
  // Allow medium-confidence threats
  const isMedium = scanResult.categories.every(
    (c) => c.confidence === "medium"
  );

  if (isMedium) {
    return { passthrough: true };
  }

  // Block high-confidence threats with custom error
  return {
    passthrough: false,
    replace: {
      jsonrpc: "2.0",
      id: message.id,
      error: {
        code: -32001,
        message: "Security violation detected",
      },
    },
  };
}

  • onBeforeSend ((context: { message: JSONRPCMessage, extra?: MessageExtraInfo }) => void):

    Called before any message is sent through the transport.

    onBeforeSend: ({ message, extra }) => {
  console.log(`Sending ${message.method}`);
}

Complete Example

const secureTransport = new CentureMCPClientTransport({
  client: new CentureClient({
    baseUrl: "http://localhost:3001",
    apiKey: "your-api-key",
  }),
  transport: stdioTransport,

  shouldScanMessage: ({ message }) => {
    // Skip scanning for certain safe methods
    if (message.method === "tool/list") {
      return false;
    }
    return true;
  },

  onUnsafeMessage: ({ message, scanResult }) => {
    // Allow medium-confidence detections
    const isMedium = scanResult.categories.every(
      (c) => c.confidence === "medium"
    );

    if (isMedium) {
      return { passthrough: true };
    }

    // Block high-confidence threats
    return {
      passthrough: false,
      replace: {
        jsonrpc: "2.0",
        id: message.id,
        error: {
          code: -32001,
          message: "Unsafe Message!",
        },
      },
    };
  },
});

Hook Types

type ShouldScanMessageContext = {
  message: JSONRPCMessage;
  extra?: MessageExtraInfo;
};

type OnAfterScanContext = {
  message: JSONRPCMessage;
  extra?: MessageExtraInfo;
  scanResult: ScanResponse;
};

type OnUnsafeMessageContext = {
  message: JSONRPCMessage;
  extra?: MessageExtraInfo;
  scanResult: ScanResponse;
};

type OnUnsafeMessageResult = {
  passthrough: boolean;
  replace?: JSONRPCMessage;
};

Error Handling

The SDK provides specific error classes for different scenarios:

import {
  CentureClient,
  BadRequestError,
  UnauthorizedError,
  PayloadTooLargeError,
  MissingApiKeyError,
} from "@centure/node-sdk";

try {
  const result = await client.scanText("content");
} catch (error) {
  if (error instanceof UnauthorizedError) {
    console.error("Invalid API key");
  } else if (error instanceof BadRequestError) {
    console.error("Invalid request:", error.message);
  } else if (error instanceof PayloadTooLargeError) {
    console.error("Image too large");
  }
}

Configuration

Custom Fetch Options

const client = new CentureClient({
  apiKey: "your-api-key",
  fetchOptions: {
    timeout: 30000,
    headers: {
      "X-Custom-Header": "value",
    },
  },
});

Custom Fetch Implementation

import fetch from "node-fetch";

const client = new CentureClient({
  apiKey: "your-api-key",
  fetch: fetch as any,
});

Threat Categories

The API detects the following threat categories:

  • behavioral_override_low - Attempts to override system behavior
  • role_manipulation - Attempts to manipulate the AI's role
  • context_injection - Injection of malicious context
  • instruction_hierarchy_manipulation - Manipulation of instruction priority
  • output_manipulation - Attempts to control output format
  • data_exfiltration - Attempts to extract sensitive data
  • external_actions - Attempts to trigger external actions
  • safety_bypass - Attempts to bypass safety measures

License

MIT