npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@traceprompt/node

v1.2.0

Published

Client-side encrypted, audit-ready logging for LLM applications

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

paulmbwpaulmbw

Keywords

auditloggingllmencryptioncomplianceopenaianthropictypescriptfinrahipaaimmutable

Readme

Traceprompt SDK for Node.js

Audit-ready, tamper-evident logging for every LLM prompt and response.
Two lines of code wrap your openai, anthropic or any LLM client to stream encrypted, hash-chained events to an immutable ledger. Ready for FINRA, HIPAA, and EU AI Act compliance audits.

Features

  • Client-side AES-256-GCM encryption with customer-managed KMS keys - Traceprompt never sees cleartext
  • BLAKE3 hash chain with hourly Merkle root anchoring to Bitcoin via OpenTimestamps
  • Automatic token counting and latency metrics
  • Batched transport with exponential backoff retry - under 2ms P95 overhead
  • Prometheus metrics included
  • Works on Node 18+ - Fargate, Vercel, Lambda, Kubernetes

Quick start

npm i @traceprompt/node
# or yarn add @traceprompt/node

1. Configure your API key

Create a traceprompt.yml file:

apiKey: tp_live_xxxxx

# Optional: add static metadata to all logs
staticMeta:
  app: "my-llm-service"
  env: "prod"

Or use environment variables:

export TRACEPROMPT_API_KEY=tp_live_xxxxx
export TRACEPROMPT_LOG_LEVEL=verbose

2. Wrap your LLM calls

import { initTracePrompt, wrapLLM } from "@traceprompt/node";
import OpenAI from "openai";

const openai = new OpenAI({ apiKey: process.env.OPENAI_API_KEY });

await initTracePrompt(); // Auto-resolves orgId and cmkArn from API key

const trackedChat = wrapLLM(
  (prompt) =>
    openai.chat.completions.create({
      messages: [{ role: "user", content: prompt }],
      model: "gpt-4o",
    }),
  {
    modelVendor: "openai",
    modelName: "gpt-4o",
    userId: "alice",
  }
);

const response = await trackedChat("Hello, world!");
console.log(response.choices[0].message.content);

Configuration

| Key | Description | Source (priority) | | ------------ | -------------------------- | ---------------------------------------------------- | | apiKey | Your TracePrompt API key | code → env TRACEPROMPT_API_KEYtraceprompt.yml | | staticMeta | Metadata added to all logs | code → traceprompt.yml only | | logLevel | SDK logging verbosity | env TRACEPROMPT_LOG_LEVEL |

Note: orgId, cmkArn, and ingestUrl are automatically resolved from your API key - no manual configuration needed.

Metrics

| Metric | Type | Description | | ---------------------------------- | --------- | ------------------------------ | | traceprompt_prompts_total | Counter | Total prompts processed | | traceprompt_encrypt_ms_p95 | Histogram | Client-side encryption latency | | traceprompt_flush_failures_total | Counter | Failed batch uploads |

Expose via:

import { registry } from "@traceprompt/node";
app.get("/metrics", (_, res) => res.end(registry.metrics()));

FAQ

Does Traceprompt store my data in cleartext?

No. The SDK encrypts prompts and responses using AES-256-GCM with your KMS key before they leave your process. Traceprompt's servers only receive and store encrypted ciphertext.

How much latency does it add?

Approximately 0.19ms for encryption plus 0.01ms for hashing on modern hardware. Network uploads are asynchronous and batched.

What about data privacy?

All data is encrypted client-side using your customer-managed encryption key (CMK). Zero cleartext ever reaches Traceprompt servers. The hash chain provides tamper evidence without exposing content.