Research
/Security News
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
By Socket Research Team - Jun 26, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
@evalguardai/openai
Advanced tools
@evalguardai/openai
Drop-in OpenAI SDK wrapper with EvalGuard guardrails, logging & cost tracking
@evalguard/openai
Drop-in OpenAI SDK wrapper that adds real-time guardrails, trace logging, and cost tracking via EvalGuard.
Installation
npm install @evalguard/openai openai
Quick Start
import OpenAI from "openai";
import { wrapOpenAI } from "@evalguard/openai";
const openai = wrapOpenAI(new OpenAI(), {
apiKey: "eg_...",
projectId: "proj_...",
});
// Use exactly like the normal OpenAI SDK — guardrails are automatic
const response = await openai.chat.completions.create({
model: "gpt-4o",
messages: [{ role: "user", content: "Hello, how are you?" }],
});
console.log(response.choices[0].message.content);
Streaming
Streaming works transparently. The wrapper intercepts chunks to log the assembled response without affecting stream behavior.
const stream = await openai.chat.completions.create({
model: "gpt-4o",
messages: [{ role: "user", content: "Write a poem about AI safety" }],
stream: true,
});
for await (const chunk of stream) {
process.stdout.write(chunk.choices[0]?.delta?.content ?? "");
}
Configuration
const openai = wrapOpenAI(new OpenAI(), {
// Required: your EvalGuard API key
apiKey: "eg_...",
// Optional: EvalGuard API base URL (default: https://evalguard.ai/api/v1)
baseUrl: "https://your-evalguard-instance.com/api/v1",
// Optional: block requests that fail guardrails (default: true)
blockOnViolation: true,
// Optional: log all requests to EvalGuard (default: true)
enableLogging: true,
// Optional: project ID for organizing traces
projectId: "proj_...",
// Optional: custom metadata attached to every trace
metadata: { environment: "production", service: "chatbot" },
// Optional: callback when a guardrail violation is detected
onViolation: (result) => {
console.warn("Guardrail violation:", result.violations);
},
});
What It Does
| Phase | Action |
|---|---|
| Pre-request | Sends the prompt to EvalGuard's firewall for prompt injection detection, PII scanning, and toxicity checks |
| LLM call | Passes through to the real OpenAI API unchanged |
| Post-response | Logs model, tokens, latency, cost, and guardrail results as a trace to EvalGuard |
Fail-Open Design
If EvalGuard is unreachable (network error, timeout, 5xx), the wrapper passes requests through to OpenAI directly. Your application never breaks because of EvalGuard downtime.
Error Handling
When blockOnViolation is true (default) and a guardrail check fails:
import { EvalGuardViolationError } from "@evalguard/openai";
try {
const response = await openai.chat.completions.create({
model: "gpt-4o",
messages: [{ role: "user", content: "malicious prompt..." }],
});
} catch (error) {
if (error instanceof EvalGuardViolationError) {
console.log("Blocked:", error.violations);
// [{ type: "prompt_injection", severity: "critical", message: "..." }]
}
}
Set blockOnViolation: false to log violations without blocking:
const openai = wrapOpenAI(new OpenAI(), {
apiKey: "eg_...",
blockOnViolation: false,
onViolation: (result) => {
// Log but don't block
analytics.track("guardrail_violation", result);
},
});
License
MIT
FAQs
Drop-in OpenAI SDK wrapper with EvalGuard guardrails, logging & cost tracking
The npm package @evalguardai/openai receives a total of 5 weekly downloads. As such, @evalguardai/openai popularity was classified as not popular.
We found that @evalguardai/openai demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 03 Apr 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
By Sarah Gooding - Jun 26, 2026
Security News
/Research
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
By Socket Research Team - Jun 25, 2026