npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@nanocollective/prompt-scrub

v1.0.2

Published

`prompt-scrub` is a small open-source, local-first utility designed to strip identifying content out of prompts and messages before they hit any cloud LLM. It maps your sensitive data (emails, secrets, paths) to stable placeholders, allowing you to rehydr

Readme

prompt-scrub

Built by the Nano Collective — a community collective building AI tooling not for profit, but for the community.

prompt-scrub is a local-first utility designed to strip identifying content out of prompts and messages before they hit any cloud LLM.

Build Status Coverage Version Downloads License Repo Size Stars Forks

It maps sensitive data (emails, secrets, paths, URLs, phone numbers) to stable placeholders locally, allowing you to rehydrate the model's responses back to their original forms securely.

What it is / What it is not

prompt-scrub reduces identity leakage at the content layer. It is partial defence, not anonymity.

What it does:

  • Detects and replaces common identifying content (emails, paths, phone numbers, secrets, URLs) before your prompt leaves your machine.
  • Maps each value to a stable placeholder so the model's response can be rehydrated locally.
  • Gives you an inspect command so you can see exactly what was detected and what was missed before you commit to sending.

What it does not do:

  • It does not make you anonymous. A semantically identifying question (a niche bug only you have, your private codebase, your financial situation) remains identifying after scrubbing.
  • It does not address stylistic fingerprinting — the way you phrase things goes out unchanged.
  • It does not operate at the network or key layer. Your IP address, request timing, and headers are outside its scope.
  • Detectors can and do miss things. Always review the output before sending.

[!IMPORTANT] A user who believes this tool makes them anonymous is worse off than one who never used it — they stop reading their prompts and trust the defaults. Always use inspect first to see what the tool actually found.

Read the full Threat Model for a complete breakdown of what is and is not defended.

Quick Start

Install globally to use the CLI:

npm install -g @nanocollective/prompt-scrub

Or install as a dependency in your Node.js project:

npm install @nanocollective/prompt-scrub

Recommended: Inspect first

Before scrubbing, run inspect on a real prompt to review what the tool detected before sending your prompt:

echo "My email is [email protected] and I work at /Users/alice/projects. My phone is +44-7700-900999." \
  | prompt-scrub inspect
Detected entities:
  [Email]    [email protected]                   → Email_1    (chars 12-26)
  [Path]     /Users/alice/projects.           → Path_1     (chars 41-63)
  [Phone]    +44-7700-900999                  → Phone_1    (chars 76-91)

No session written.
Hash: 41beda4af0b83488fdf6eea9347775450a1c7c887a6ef377212340f36c445132

The hash is deterministic — the same prompt always produces the same hash, so you can verify cache stability across runs. Once you are satisfied with what inspect shows, proceed with scrub.

Usage Examples

CLI: Scrubbing text

echo "My email is [email protected]" | prompt-scrub scrub
# Output: My email is Email_1

Node.js API: Scrubbing and Rehydrating

import { scrub, rehydrate } from '@nanocollective/prompt-scrub';

const prompt = "My key is sk-12345";
const { scrubbedContent, sessionId } = scrub({ content: prompt });
console.log(scrubbedContent); // "My key is Secret_1"

// ... send to LLM ... get response "I see your key is Secret_1"

const { content } = rehydrate({ 
  content: "I see your key is Secret_1", 
  sessionId 
});
console.log(content); // "I see your key is sk-12345"

Documentation

Full user guides and architecture details are in the docs/ directory:

Read the full whitepaper at docs.nanocollective.org.

Community