npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

prompt-cop

v2.0.0

Published

A lightweight security tool to detect potential prompt injection vulnerabilities in code files

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

pavanvamsipavanvamsi

Keywords

securityprompt-injectionvulnerability-scannercode-analysiscli

Readme

Prompt Cop

A light weight library prompt-cop scans text files in your project for potential prompt injection vulnerabilities.

Use it from the command line or as a library in your tooling.

Quick Terminal Demo

Prompt Injection Example in GPT

Features

  • Scan files or directories recursively
  • Works with Markdown, YAML, JSON, JS/TS, and more
  • Detect hidden comments, obfuscation, Unicode tricks, and other injection patterns
  • Optional Hugging Face AI detection of prompt injections
  • Output results as color-coded text or JSON
  • Customize include/exclude patterns and severity filtering

Installation

Requires Node.js 14 or higher.

npm install -g prompt-cop

Or as a development dependency:

npm install --save-dev prompt-cop

AI Detection Setup (Optional)

To enable AI-powered detection using Hugging Face models:

  1. Sign up for a free account at huggingface.co
  2. Generate an access token at Settings > Access Tokens
  3. Set the environment variable:
    export HF_ACCESS_TOKEN=hf_your_token_here
  4. Use the --ai flag or ai: true option to enable AI detection

Usage

Command Line Interface (CLI)

Basic usage:

prompt-cop ./src

Scan a specific file:

prompt-cop README.md

Advanced options:

# Output as JSON
prompt-cop ./src --json

# Only show medium and high severity issues
prompt-cop ./src --severity medium

# Include only specific file types
prompt-cop ./src --include .md .yml

# Exclude directories
prompt-cop . --exclude node_modules dist

# Non-recursive scan
prompt-cop ./src --no-recursive

# Use AI detection (requires HF_ACCESS_TOKEN environment variable)
prompt-cop ./src --ai

CLI Options

  • -r, --no-recursive - Do not scan directories recursively
  • -j, --json - Output results as JSON
  • -i, --include <extensions...> - File extensions to include (e.g., .md .yml)
  • -e, --exclude <patterns...> - Patterns to exclude (e.g., node_modules)
  • -s, --severity <level> - Minimum severity level to report (low, medium, high)
  • -a, --ai - Use Hugging Face model for detection (requires HF_ACCESS_TOKEN)

Programmatic API

const { scan, scanContent, scanContentAI, SEVERITY } = require('prompt-cop');

// Scan a file or directory
async function checkVulnerabilities() {
  try {
    const results = await scan('./src', {
      recursive: true,
      exclude: ['node_modules', 'dist'],
      include: ['.md', '.yml'],
      json: true,
      ai: true
    });
    
    console.log(`Files scanned: ${results.filesScanned}`);
    console.log(`Vulnerabilities found: ${results.vulnerabilities.length}`);
    
    results.vulnerabilities.forEach(vuln => {
      console.log(`${vuln.file}:${vuln.line} - ${vuln.reason}`);
    });
  } catch (error) {
    console.error('Scan failed:', error);
  }
}

// Scan text content directly
const content = '<!-- Hidden comment --> Some text';
const vulnerabilities = scanContent(content, 'example.md');
const aiVulnerabilities = await scanContentAI(content, 'example.md');

Examples of Detected Vulnerabilities

Refer to Prompt Injection Examples

Integration with CI/CD

Use prompt-cop in your CI/CD pipeline to automatically check for vulnerabilities:

GitHub Actions Example

name: Security Check
on: [push, pull_request]

jobs:
  prompt-injection-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
      - run: npm install -g prompt-cop
      - run: prompt-cop . --exclude node_modules --severity medium

Pre-commit Hook

{
  "husky": {
    "hooks": {
      "pre-commit": "prompt-cop . --exclude node_modules"
    }
  }
}

Exit Codes

  • 0 - No vulnerabilities found
  • 1 - Vulnerabilities detected or error occurred

Development

Running Tests

npm test

Running Tests with Coverage

npm run test:coverage

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

MIT