npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@promptshield/workspace

v1.0.2

Published

Helper functions for loading workspace files. Shared by CLI and LSP

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mayank1513mayank1513

Keywords

@promptshield/workspaceturbo-forge

Readme

@promptshield/workspace

High-performance workspace scanning engine for PromptShield. Manages filesystem traversal, layered ignore resolution (.gitignore, .promptshieldignore, .psignore), concurrency, and caching while delegating detection to @promptshield/core and inline directive processing to @promptshield/ignore.

✨ What This Package Does

@promptshield/workspace is responsible for:

  • Workspace file resolution
  • Binary detection
  • Concurrent file scanning
  • Cache orchestration
  • Severity filtering
  • Markdown report generation

It does not implement detection logic — that lives in @promptshield/core.

It does not implement Inline ignore processing (Delegated to @promptshield/ignore)

📦 Installation

$ pnpm add @promptshield/workspace

or

$ npm install @promptshield/workspace

or

$ yarn add @promptshield/workspace

Basic Workspace Scan

import { scanWorkspace } from "@promptshield/workspace";

const root = process.cwd();
const patterns = ["**/*.ts", "**/*.js"];

for await (const { path, result, progress } of scanWorkspace(patterns, root)) {
  console.log(
    `[${progress}%] ${path} → ${result.threats.length} active threats`
  );
}

Streaming. Concurrency-bounded. Memory safe.

🧠 How Scanning Works

Execution Model

  • Files are resolved using layered ignore rules.
  • Scanning runs concurrently (default: 4 files).
  • Results are yielded progressively via Async Generator.
  • Output order matches task creation order.

⚙️ Configuration

scanWorkspace(patterns, root, {
  minSeverity: "MEDIUM",
  noInlineIgnore: false,
  concurrency: 8,
  cacheMode: "auto",
  forceFullScan: false,
});

Configuration Reference

minSeverity

Minimum severity to report.

When caching is enabled:

  • Baseline scan always runs with "LOW"
  • Severity filtering is applied after cache retrieval

Default: "LOW"

noInlineIgnore

Disables promptshield-ignore inline directives.

Does NOT affect:

  • .gitignore
  • .promptshieldignore
  • .psignore

Default: false

concurrency

Maximum files processed in parallel.

Default: 4

cacheMode

  • "none" → no persistent cache
  • "single" → one cache file
  • "split" → per-file hashed cache
  • "auto" → strategy selected based on repo size

Default: "auto"

forceFullScan

Clears cache and rescans everything.

Default: false

💾 Cache Semantics (Important)

When caching is enabled:

  • Baseline scan always uses:

    • minSeverity: "LOW"
    • Inline ignore enabled

  • Results are cached post-filtering

  • Presentation-level filtering happens after retrieval

Cache writes are intentionally fire-and-forget.

Persistence must never block scan throughput.

📚 Deep Dives: For advanced explanations of how memory is managed during streaming, and exactly how caching locks and migration work, see the Documentation section.

📄 Generate Workspace Report

import { generateWorkspaceReport } from "@promptshield/workspace";

await generateWorkspaceReport(rootPath, allThreats, totalThreatCount);

Generates:

<workspaceRoot>/.promptshield/workspace-report.md

Report includes:

  • Timestamp
  • Total threat count
  • Affected files
  • Grouped threats by line
  • Editor-compatible file:// links

Report is generated only if threats exist.

🔍 Binary File Handling

Binary files are automatically skipped using:

  • NULL-byte detection
  • Suspicious byte ratio heuristic

Prevents false positives in:

  • Images
  • PDFs
  • Archives
  • Office documents

🏗 Architecture Role

Used by:

  • @promptshield/cli
  • @promptshield/lsp

Ensures identical scanning semantics across environments.

🧩 Design Principles

  • Deterministic output
  • Streaming-first
  • Cache-aware
  • Editor-friendly
  • Fail-safe behavior

📚 Documentation

  • API reference: auto-generated
  • Conceptual guides: /docs/workspace
  • Recommended: /docs/workspace/quick-start

📄 License

MIT