npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@latten/redact

v0.2.2

Published

On-device PII + secret detection and reversible, do-no-harm tokenization for AI apps. Keeps secrets and personal data out of your LLM calls — in-process, values-free, fail-closed.

Readme

@latten/redact

Keep your secrets and your users' data on your machine — without slowing down.

You went all-in on AI. @latten/redact is the throttle you keep your hand on: it detects secrets and PII on-device, replaces them with reversible tokens before a single value reaches the model, and keeps a values-free tally of what it held back. Everything runs in-process. Nothing leaves your machine. You keep moving at full speed and still sleep at night.

npm install @latten/redact

Free: protect your own coding-agent loop

Detect and redact secrets + PII in any text, locally. The model still gets a coherent prompt (same entity → same stable token), and you restore the exact values on the way back — do no harm.

import { redact, rehydrate, flag, newFlagState } from '@latten/redact'

const { text, map, findings } = redact(
  'email [email protected] about key AKIAIOSFODNN7EXAMPLE',
)
// text:    "email [EMAIL_1_9f3a1c20] about key [SECRET_1_9f3a1c20]"
// findings: [{ type: 'email', count: 1 }, { type: 'aws_access_key', count: 1 }]  ← types + counts, never values

const answer = await callModel(text) // the value never left this process
const restored = rehydrate(answer, map) // exact round trip

// Calm, in-session: explain once per kind, then quiet down. Never alarmist.
flag(findings, newFlagState()).lines.forEach((l) => console.log(l.text))
  • redact / rehydrate / reveal — reversible, do-no-harm tokenization. reveal re-adds a single value if the result truly needs it (we recommend against it).
  • detectSecrets / detectPii — values-free { type, count } summaries.
  • createLedger / record / summarize — a local audit tally: type, count, and time only. No values, no value-hashes.
  • flag — calm in-session illumination you can show through your agent.

Paid: protect your production app

protectApp() points the same engine at your app's live LLM calls, gated by a signed entitlement verified offline — so a Latten outage can never block a customer request. Redaction runs in-process; nothing here makes a network call on the request path.

import { protectApp } from '@latten/redact'

// LATTEN_ENTITLEMENT comes from your Latten for Developers account.
const guard = protectApp({ onFlag: (lines) => log(lines) })

const { text, map } = guard.redact(userPrompt) // fresh map per request — tokens never bleed across users
const answer = await callModel(text)
return guard.rehydrate(answer, map)

Production-app protection is part of Latten for Developers (Solo and Team). Free covers your own coding-agent loop forever.

Privacy model

Values-free by construction. Only { type, count } summaries are emit-safe (WireSafe); anything that can hold a raw value (the rehydration map) is LocalOnly and never crosses the wire. Detection is honest, not magic — the structural guarantee is that values stay on your machine, and we fail closed (over-redact when unsure) rather than leak.

Looking to keep your AI spend in view with the same on-device, values-free posture? That's our sibling package, @latten/cost — local detectors for redundant calls, stuck loops, and oversized or uncached context.


You moved fast with AI. Latten helps you stay in control of it. See what your AI costs — and where your data goes: Latten turns the AI calls across your company into one live graph — cost, reach, and PII exposure, attributed and observed from real traffic. One prompt to your coding agent, a PR you review, live in minutes. latten.io