npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mineflayer-chatgpt

v1.3.0

Published

Mineflayer plugin for sending a message to OpenAI's ChatGPT

Readme

Avatar

Build Status Dependencies Status Code Scanning Status Coverage Status Security Status Published Version

Mineflayer ChatGPT

Mineflayer ChatGPT is a Mineflayer plugin for sending and receiving messages with OpenAI ChatGPT.

Installation

npm install mineflayer-chatgpt

or as a dependency in package.json file:

"dependencies": {
    "mineflayer-chatgpt": "x.y.z"
}

Usage

Load the plugin:

import mineflayerChatgpt from 'mineflayer-chatgpt';

...

bot.loadPlugin(mineflayerChatgpt.chatgpt);

Set the configuration:

const chatGptApiKey = 'sk-1234567890abcdef';
bot.chatgpt.setConfig(chatGptApiKey, {
    model: 'gpt-5.2',
    historySize: 20,
    enableModeration: true,
    coolDownInSeconds: 15,
    minimumConfidenceScore: 0.9,
    enableMessageLogging: true
});

Send a message to ChatGPT:

bot.chatgpt.sendMessage('player', 'How to craft a diamond sword in Minecraft?');

Configuration

| Property | Description | Type | Required | Default | Example | |----------|-------------|------|----------|---------|---------| | model | Chat completion model name. | string | No | gpt-5.2 | gpt-4.1-mini | | instructions | Base developer instructions prepended to every conversation. Security instructions are appended internally when enableSecurityInstructions is true. | string | No | You are a helpful assistant in a Minecraft world. Answer questions and provide information relevant to the game. | You are a concise Minecraft redstone expert. | | historySize | Maximum number of messages kept per-player in memory. | number | No | 20 | 50 | | enableSecurityInstructions | Appends security instructions to the base instructions for hardening the model against prompt injection and other LLM threats. | boolean | No | true | false | | enableModeration | Enables outbound and inbound moderation checks. | boolean | No | true | false | | coolDownInSeconds | Minimum seconds required between a player's latest prior message and the next outbound message. | number | No | 15 | 30 | | minimumConfidenceScore | Minimum accepted reply confidence score. Replies below this threshold are replaced by fallbackMessage. | number | No | 0.9 | 0.8 | | enableMessageLogging | Logs model replies to console output. | boolean | No | false | true | | fallbackMessage | Response returned when moderation, cooldown, or confidence checks fail. | string | No | Sorry, I cannot provide a response to that message. | Please wait a moment before sending another message. |

Security

Mineflayer ChatGPT attempts to implement OWASP Top 10 LLM apps recommendations.

LLM01 - Prompt Injection

  • Security instruction hardening is appended to base instructions when enableSecurityInstructions is true, including explicit anti-override rules.
  • Jailbreak patterns are detected before outbound moderation via detectJailbreakAttempt.
  • Jailbreak-like outbound content is blocked and replaced with fallbackMessage.

LLM02 - Sensitive Information Disclosure

  • Player memory is isolated per player conversation to reduce cross-user leakage risk.
  • Secret and credential pattern detection is applied to both outbound messages and inbound replies.
  • Sensitive-looking content is blocked and replaced with fallbackMessage.

LLM03 - Supply Chain

LLM04 - Data and Model Poisoning

  • Security instructions include guidance that external content may be untrusted.
  • TODO: Explicit poisoning classifier, provenance validation, or trust scoring pipeline is implemented. This might be necessary on a modded Minecraft universe.

LLM05 - Improper Output Handling

  • Slash commands are detected in inbound replies via detectSlashCommand.
  • Replies containing slash commands are blocked and replaced with fallbackMessage.
  • Security instructions include "Never generate executable commands."

LLM06 - Excessive Agency

  • No tool-calling or autonomous action layer is exposed by Mineflayer ChatGPT.
  • No additional explicit policy gate for agentic actions is implemented because actions are limited to returning chat text.

LLM07 - System Prompt Leakage

  • Security instructions explicitly forbid revealing system prompts.
  • Prompt leakage detection checks replies against security instruction strings.
  • Suspected leakage is blocked and replaced with fallbackMessage.

LLM08 - Vector and Embedding Weaknesses

  • Domain scoping instruction restricts responses to Minecraft-related topics.
  • No vector database, hence no embedding retrieval or retrieval-integrity controls.

LLM09 - Misinformation

  • Security instructions tell the model to avoid fabrication and acknowledge uncertainty.
  • Inbound replies are confidence-gated; low-confidence replies are replaced with fallbackMessage.

LLM10 - Unbounded Consumption

  • Security instructions enforce concise responses.
  • Per-player history is bounded by historySize.
  • Outbound message rate is gated with cooldown enforcement (coolDownInSeconds).

Colophon

Developer's Guide

Build reports:

Related projects:

  • minecraft-npc - CLI for running NPC bot on Minecraft, powered by Mineflayer