npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@meller/tokentalos

v1.0.7

Published

Token Talos: The ORM for LLMs. A standalone gateway and library for cost-optimized, secure, and tracked prompt orchestration.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

mellermeller

Keywords

llmtokenscost-analysisprompt-engineeringexpresssqlite

Readme

TokenTalos 🛡️

The "ORM for LLMs" — A library-first LLM Gateway and Proxy that empowers developers to build modular, tracked, and cost-optimized prompts with built-in safety filtering and reasoning verification.

Think of TokenTalos as an Object-Relational Mapper (ORM), but for your Large Language Model interactions. Instead of sending raw, expensive, and potentially insecure strings to providers, you define parameterized prompt parts that TokenTalos binds, compresses, and secures before execution.

🚀 Key Features

1. Active Guard (Security & Safety)

  • Prompt Injection Scanning (LLM01): Heuristic detection of jailbreaks, "Ignore instructions", and system overrides.
  • Secret Detection (LLM06): Automatic scanning for API keys, AWS secrets, and high-entropy strings.
  • PII Redaction: Automatic masking or rejection of sensitive data (Emails, Keys) before logging or execution.
  • Input Neutralization: Automatic XML-wrapping of untrusted data with injected security instructions for the LLM.

2. Efficiency & Cost Optimization

  • Semantic Caching: Skip redundant LLM calls for identical prompt constructions.
  • Lossless Compression: Automatic minification of whitespace and JSON blocks within prompts.
  • Cost Analysis: Detailed token attribution and real-time provider cost comparisons.
  • Optimization Recommendations: Heuristic-based suggestions for model switching and prompt pruning to reduce token weight.
  • Tokenizer Discrepancy Detection: Advanced analysis of local vs. provider token counting.

3. Intelligence & Observability

  • Streaming OPV (Optimized Process Verification): Real-time analysis of "thinking tokens" to verify if reasoning is on-track or looping.
  • Variable Attribution: Granular tracking of token weight per prompt part (e.g., system vs context vs query).
  • Engine Insights: Heuristic-based recommendations for semantic summarization and prompt pruning.

🚀 Quick Start (SDK)

TokenTalos is primarily a developer tool. You can use it as a standalone library (direct DB access) or as a client to a remote Gateway.

Standalone Mode (Library-First)

Ideal for local development or Node.js backends where you want Zero-Install tracking.

import TokenTalos from 'tokentalos';

const tt = new TokenTalos({
  mode: 'standalone',
  projectId: 'my-project-id',
  config: {
    // Database and Persistence
    databaseType: 'sqlite',
    sqlitePath: './tokentalos.db',

    // Regional and Provider Settings
    location: 'us-central1', // GCP/Vertex Region
    
    // Feature and Policy Configuration
    securityFeatures: ['injection', 'secrets'],
    formattingFeatures: ['pii', 'neutralize'],
    intelligenceFeatures: ['cache', 'explain'],
    piiAction: 'mask' // Automatic PII masking
  }
});

await tt.init();

const result = await tt.execute({
  provider: 'gemini',
  model: 'gemini-3-flash-preview',
  parts: {
    system: 'You are a technical writer.',
    user_query: 'Explain TokenTalos in 20 words.'
  }
});

console.log(result.content);

Note: TokenTalos includes native support for Google Gemini. To use other providers (OpenAI, Anthropic, etc.), ensure you have their respective API keys configured and dependencies installed.

Proxy Mode (Gateway)

Ideal for production environments or non-Node.js apps (PHP, Python, Go) connecting to a central TokenTalos server.

const tt = new TokenTalos({
  mode: 'proxy',
  apiUrl: 'https://your-gateway.com/api/v1',
  apiKey: 'your-secret-key'
});

🌍 Cross-Language Support

TokenTalos is designed as a language-agnostic Gateway. You can use standard HTTP clients in any language (PHP, Python, Go, etc.) to communicate with the TokenTalos Proxy.

Check out the examples/ directory for a PHP cURL example.

🛠️ Installation

# As a project dependency
npm install tokentalos

# For CLI and Dashboard access
npx tokentalos setup

🏗️ Architecture

💻 CLI Usage

| Command | Description | | :--- | :--- | | tokentalos setup | Run the interactive configuration wizard. | | tokentalos start | Start the full service (Collector + Dashboard). | | tokentalos start collector | Start only the API ingestion service. | | tokentalos start dashboard | Start only the visual interface. | | tokentalos stop | Stop all services. | | tokentalos stats | Show aggregate token and cost statistics in the terminal. | | tokentalos list | Display a table of recent prompt logs. | | tokentalos export | Export usage logs to JSONL or LangSmith formats. |

🧩 Special Variables

TokenTalos recognizes specific variable names to enable enhanced features:

  • safety_guardrails: Used as ground-truth context for OPV verification.
  • thinking / reasoning: Targeted for chain-of-thought analysis.
  • system / context / history: Recognized for specialized tracking and bloating analysis.

For a full list of variable behaviors, see VARIABLES.md.