@promptshield/sanitizer

@promptshield/sanitizer

Deterministic sanitizer for prompt hygiene. Applies safe, idempotent text transformations to remove invisible threats and normalization artifacts.

✨ Features

• Safe Defaults: Removes only objectively dangerous characters (BOM, ZWSP, control chars).
• Idempotent: Running it twice produces the same result.
• Strict Mode: Optional NFKC normalization for aggressive cleaning.
• Zero-Dependency: Lightweight and fast.

📦 Installation

$ pnpm add @promptshield/sanitizer

🚀 Usage

View complete usage and exact removal rules

import { sanitize, sanitizeStrict } from "@promptshield/sanitizer";

const dirty = "Hello\u200BWorld"; // Contains Zero-Width Space

// Safe sanitize (removes invisible chars)
const clean = sanitize(dirty);
console.log(clean); // "HelloWorld"

// Strict sanitize (also applies NFKC normalization)
const strict = sanitizeStrict("ℍ𝕖𝕝𝕝𝕠");
console.log(strict); // "Hello"

What gets removed?

• Invisible Characters: \u200B (ZWSP), \u200C (ZWNJ), \u200D (ZWJ), etc.
• Byte Order Marks: \uFEFF.
• Variation Selectors: \uFE00-\uFE0F (often used to break tokenizers).
• Markdown Comments: <!-- hidden payload -->.
• Empty Links: [](javascript:...).

📚 Deep Dives: For the exact execution order of the sanitization pipeline and understanding applyFixes, see the Documentation section.

License

This library is licensed under the MIT open-source license.

with 💖 by Mayank Kumar Chaudhari