🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more
Sign In

@promptshield/sanitizer

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@promptshield/sanitizer - npm Package Compare versions

Comparing version
0.0.1
 to
0.0.2
+1
dist/chunk-E4AHFVE2.mjs
import{ThreatCategory as i}from"@promptshield/core";var h=(o,p)=>{if(!p.length)return{text:o,fixed:[],skipped:[]};let c=[...p].sort((e,a)=>a.range.start.index-e.range.start.index),s=[],n=[],t=o;for(let e of c){let a=e.range.start.index,r=e.range.end.index,l=e.offendingText;if(!(a<0||!l))switch(e.category){case i.Invisible:case i.Trojan:t=t.slice(0,a)+t.slice(r),s.push(e);break;case i.Smuggling:e.readableLabel?.startsWith("[Hidden Comment]")||e.readableLabel?.startsWith("[Empty Link]")?(t=t.slice(0,a)+t.slice(r),s.push(e)):e.readableLabel?.startsWith("[Hidden HTML]")?(t=t.slice(0,a)+l.replace(/<(details|template)\b[^>]{0,2000}>/gi,"").replace(/<\/(details|template)>/gi,"")+t.slice(r),s.push(e)):e.readableLabel?.startsWith("[Base64]: ")||e.readableLabel?.startsWith("[HEX]: ")?(t=t.slice(0,a)+(e.decodedPayload??"")+t.slice(r),s.push(e)):n.push(e);break;case i.Injection:n.push(e);break;case i.Normalization:t=t.slice(0,a)+l.normalize("NFKC")+t.slice(r),s.push(e);break;default:n.push(e)}}return{text:t,fixed:s,skipped:n}};export{h as a};
+42
-7
dist/fix.d.mts
import { ThreatReport } from '@promptshield/core';
/**
* Result returned by {@link applyFixes}.
*
* Describes the outcome after attempting safe automatic fixes
* for detected threats within a text document.
*
* The result includes:
*
* - The updated text after modifications
* - Threats that were successfully fixed
* - Threats that were intentionally skipped
*
* Skipped threats usually require human review or contextual decisions
* that should not be performed automatically.
*/
interface FixResult {
/** Text after safe automatic fixes were applied */
text: string;
/** Threats that were successfully fixed */
fixed: ThreatReport[];
/** Threats that were intentionally skipped */
skipped: ThreatReport[];

@@ -11,10 +29,27 @@ }

*
* Design goals:
* - deterministic
* - idempotent
* - index-safe (process from end → start)
* - only applies "safe removals"
* This utility performs deterministic structural cleanup for
* threats that can be safely remediated without altering meaning.
*
* Unsafe or semantic transformations must be handled
* explicitly by higher-level tooling.
* Design principles:
*
* - **Deterministic** – no heuristics or AI involved
* - **Idempotent** – running multiple times produces the same result
* - **Index-safe** – fixes are applied from end → start to prevent offset shifts
* - **Conservative** – only safe structural removals or normalizations are performed
*
* Examples of automatic fixes:
*
* - Removing invisible characters
* - Stripping hidden Markdown comments
* - Removing empty Markdown links
* - Unwrapping hidden HTML containers
* - Replacing encoded payloads with decoded content
* - Normalizing Unicode compatibility characters
*
* Some threats (such as prompt injection attempts) are intentionally
* **not modified automatically**, as doing so may alter the meaning
* of the original content. These are returned in the `skipped` list.
*
* @param text Original scanned text
* @param threats Detected threats to evaluate for safe fixes
*/

@@ -21,0 +56,0 @@ declare const applyFixes: (text: string, threats: ThreatReport[]) => FixResult;

+42
-7
dist/fix.d.ts
import { ThreatReport } from '@promptshield/core';
/**
* Result returned by {@link applyFixes}.
*
* Describes the outcome after attempting safe automatic fixes
* for detected threats within a text document.
*
* The result includes:
*
* - The updated text after modifications
* - Threats that were successfully fixed
* - Threats that were intentionally skipped
*
* Skipped threats usually require human review or contextual decisions
* that should not be performed automatically.
*/
interface FixResult {
/** Text after safe automatic fixes were applied */
text: string;
/** Threats that were successfully fixed */
fixed: ThreatReport[];
/** Threats that were intentionally skipped */
skipped: ThreatReport[];

@@ -11,10 +29,27 @@ }

*
* Design goals:
* - deterministic
* - idempotent
* - index-safe (process from end → start)
* - only applies "safe removals"
* This utility performs deterministic structural cleanup for
* threats that can be safely remediated without altering meaning.
*
* Unsafe or semantic transformations must be handled
* explicitly by higher-level tooling.
* Design principles:
*
* - **Deterministic** – no heuristics or AI involved
* - **Idempotent** – running multiple times produces the same result
* - **Index-safe** – fixes are applied from end → start to prevent offset shifts
* - **Conservative** – only safe structural removals or normalizations are performed
*
* Examples of automatic fixes:
*
* - Removing invisible characters
* - Stripping hidden Markdown comments
* - Removing empty Markdown links
* - Unwrapping hidden HTML containers
* - Replacing encoded payloads with decoded content
* - Normalizing Unicode compatibility characters
*
* Some threats (such as prompt injection attempts) are intentionally
* **not modified automatically**, as doing so may alter the meaning
* of the original content. These are returned in the `skipped` list.
*
* @param text Original scanned text
* @param threats Detected threats to evaluate for safe fixes
*/

@@ -21,0 +56,0 @@ declare const applyFixes: (text: string, threats: ThreatReport[]) => FixResult;

+1
-1
dist/fix.js

@@ -1,1 +0,1 @@

"use strict";var c=Object.defineProperty;var d=Object.getOwnPropertyDescriptor;var h=Object.getOwnPropertyNames;var f=Object.prototype.hasOwnProperty;var u=(r,e)=>{for(var a in e)c(r,a,{get:e[a],enumerable:!0})},g=(r,e,a,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of h(e))!f.call(r,o)&&o!==a&&c(r,o,{get:()=>e[o],enumerable:!(n=d(e,o))||n.enumerable});return r};var x=r=>g(c({},"__esModule",{value:!0}),r);var T={};u(T,{applyFixes:()=>b});module.exports=x(T);var p=require("@promptshield/core"),b=(r,e)=>{if(!e.length)return{text:r,fixed:[],skipped:[]};let a=[...e].sort((t,s)=>s.loc.index-t.loc.index),n=[],o=[],i=r;for(let t of a){let{index:s}=t.loc,l=t.offendingText;if(!(s<0||!l))switch(t.category){case p.ThreatCategory.Invisible:case p.ThreatCategory.Trojan:i=i.slice(0,s)+i.slice(s+l.length),n.push(t);break;case p.ThreatCategory.Smuggling:t.readableLabel==="[Hidden Comment]"||t.readableLabel==="[Empty Link]"?(i=i.slice(0,s)+i.slice(s+l.length),n.push(t)):o.push(t);break;case p.ThreatCategory.Normalization:i=i.slice(0,s)+l.normalize("NFKC")+i.slice(s+l.length),n.push(t);break;default:o.push(t);break}}return{text:i,fixed:n,skipped:o}};0&&(module.exports={applyFixes});
"use strict";var d=Object.defineProperty;var h=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var u=Object.prototype.hasOwnProperty;var b=(s,a)=>{for(var l in a)d(s,l,{get:a[l],enumerable:!0})},g=(s,a,l,i)=>{if(a&&typeof a=="object"||typeof a=="function")for(let r of f(a))!u.call(s,r)&&r!==l&&d(s,r,{get:()=>a[r],enumerable:!(i=h(a,r))||i.enumerable});return s};var x=s=>g(d({},"__esModule",{value:!0}),s);var T={};b(T,{applyFixes:()=>m});module.exports=x(T);var o=require("@promptshield/core"),m=(s,a)=>{if(!a.length)return{text:s,fixed:[],skipped:[]};let l=[...a].sort((e,n)=>n.range.start.index-e.range.start.index),i=[],r=[],t=s;for(let e of l){let n=e.range.start.index,p=e.range.end.index,c=e.offendingText;if(!(n<0||!c))switch(e.category){case o.ThreatCategory.Invisible:case o.ThreatCategory.Trojan:t=t.slice(0,n)+t.slice(p),i.push(e);break;case o.ThreatCategory.Smuggling:e.readableLabel?.startsWith("[Hidden Comment]")||e.readableLabel?.startsWith("[Empty Link]")?(t=t.slice(0,n)+t.slice(p),i.push(e)):e.readableLabel?.startsWith("[Hidden HTML]")?(t=t.slice(0,n)+c.replace(/<(details|template)\b[^>]{0,2000}>/gi,"").replace(/<\/(details|template)>/gi,"")+t.slice(p),i.push(e)):e.readableLabel?.startsWith("[Base64]: ")||e.readableLabel?.startsWith("[HEX]: ")?(t=t.slice(0,n)+(e.decodedPayload??"")+t.slice(p),i.push(e)):r.push(e);break;case o.ThreatCategory.Injection:r.push(e);break;case o.ThreatCategory.Normalization:t=t.slice(0,n)+c.normalize("NFKC")+t.slice(p),i.push(e);break;default:r.push(e)}}return{text:t,fixed:i,skipped:r}};0&&(module.exports={applyFixes});
+1
-1
dist/fix.mjs

@@ -1,1 +0,1 @@

import{a}from"./chunk-JETCG3HP.mjs";export{a as applyFixes};
import{a}from"./chunk-E4AHFVE2.mjs";export{a as applyFixes};
+2
-2
dist/index.js

@@ -1,2 +0,2 @@

"use strict";var p=Object.defineProperty;var E=Object.getOwnPropertyDescriptor;var g=Object.getOwnPropertyNames;var F=Object.prototype.hasOwnProperty;var R=(e,t)=>{for(var a in t)p(e,a,{get:t[a],enumerable:!0})},d=(e,t,a,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of g(t))!F.call(e,o)&&o!==a&&p(e,o,{get:()=>t[o],enumerable:!(i=E(t,o))||i.enumerable});return e};var f=e=>d(p({},"__esModule",{value:!0}),e);var k={};R(k,{applyFixes:()=>h,sanitize:()=>u,sanitizeStrict:()=>L});module.exports=f(k);var l=require("@promptshield/core"),h=(e,t)=>{if(!t.length)return{text:e,fixed:[],skipped:[]};let a=[...t].sort((r,s)=>s.loc.index-r.loc.index),i=[],o=[],n=e;for(let r of a){let{index:s}=r.loc,c=r.offendingText;if(!(s<0||!c))switch(r.category){case l.ThreatCategory.Invisible:case l.ThreatCategory.Trojan:n=n.slice(0,s)+n.slice(s+c.length),i.push(r);break;case l.ThreatCategory.Smuggling:r.readableLabel==="[Hidden Comment]"||r.readableLabel==="[Empty Link]"?(n=n.slice(0,s)+n.slice(s+c.length),i.push(r)):o.push(r);break;case l.ThreatCategory.Normalization:n=n.slice(0,s)+c.normalize("NFKC")+n.slice(s+c.length),i.push(r);break;default:o.push(r);break}}return{text:n,fixed:i,skipped:o}};var x=/\uFEFF/g,T=/([\u200B-\u200D\u2060\u00AD\u3164\uFFA0]|[\u{E0000}-\u{E007F}])/gu,m=/[\uFE00-\uFE0F]/g,I=/<!--[\s\S]*?-->/g,N=/\[\]\([^)]*\)/g,_=/[\u00A0\u2000-\u200A\u202F\u205F\u3000\uFF01-\uFF5E]/g,b=/\r\n?/g,A=e=>e.normalize("NFKC"),u=e=>e.replace(b,`
`).replace(x,"").replace(T,"").replace(m,"").replace(I,"").replace(N,"").replace(_,A),L=e=>u(e).normalize("NFKC");0&&(module.exports={applyFixes,sanitize,sanitizeStrict});
"use strict";var u=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var E=Object.getOwnPropertyNames;var h=Object.prototype.hasOwnProperty;var F=(t,r)=>{for(var o in r)u(t,o,{get:r[o],enumerable:!0})},f=(t,r,o,i)=>{if(r&&typeof r=="object"||typeof r=="function")for(let a of E(r))!h.call(t,a)&&a!==o&&u(t,a,{get:()=>r[a],enumerable:!(i=g(r,a))||i.enumerable});return t};var R=t=>f(u({},"__esModule",{value:!0}),t);var C={};F(C,{applyFixes:()=>x,sanitize:()=>d,sanitizeStrict:()=>k});module.exports=R(C);var l=require("@promptshield/core"),x=(t,r)=>{if(!r.length)return{text:t,fixed:[],skipped:[]};let o=[...r].sort((e,n)=>n.range.start.index-e.range.start.index),i=[],a=[],s=t;for(let e of o){let n=e.range.start.index,c=e.range.end.index,p=e.offendingText;if(!(n<0||!p))switch(e.category){case l.ThreatCategory.Invisible:case l.ThreatCategory.Trojan:s=s.slice(0,n)+s.slice(c),i.push(e);break;case l.ThreatCategory.Smuggling:e.readableLabel?.startsWith("[Hidden Comment]")||e.readableLabel?.startsWith("[Empty Link]")?(s=s.slice(0,n)+s.slice(c),i.push(e)):e.readableLabel?.startsWith("[Hidden HTML]")?(s=s.slice(0,n)+p.replace(/<(details|template)\b[^>]{0,2000}>/gi,"").replace(/<\/(details|template)>/gi,"")+s.slice(c),i.push(e)):e.readableLabel?.startsWith("[Base64]: ")||e.readableLabel?.startsWith("[HEX]: ")?(s=s.slice(0,n)+(e.decodedPayload??"")+s.slice(c),i.push(e)):a.push(e);break;case l.ThreatCategory.Injection:a.push(e);break;case l.ThreatCategory.Normalization:s=s.slice(0,n)+p.normalize("NFKC")+s.slice(c),i.push(e);break;default:a.push(e)}}return{text:s,fixed:i,skipped:a}};var b=/\uFEFF/g,m=/([\u200B-\u200D\u2060\u00AD\u3164\uFFA0]|[\u{E0000}-\u{E007F}])/gu,T=/[\uFE00-\uFE0F]/g,I=/<!--[\s\S]*?-->/g,L=/\[\]\([^)]*\)/g,N=/[\u00A0\u2000-\u200A\u202F\u205F\u3000\uFF01-\uFF5E]/g,_=/\r\n?/g,A=t=>t.normalize("NFKC"),d=t=>t.replace(_,`
`).replace(b,"").replace(m,"").replace(T,"").replace(I,"").replace(L,"").replace(N,A),k=t=>d(t).normalize("NFKC");0&&(module.exports={applyFixes,sanitize,sanitizeStrict});
+1
-1
dist/index.mjs

@@ -1,2 +0,2 @@

import{a as g}from"./chunk-JETCG3HP.mjs";var e=/\uFEFF/g,t=/([\u200B-\u200D\u2060\u00AD\u3164\uFFA0]|[\u{E0000}-\u{E007F}])/gu,n=/[\uFE00-\uFE0F]/g,r=/<!--[\s\S]*?-->/g,u=/\[\]\([^)]*\)/g,o=/[\u00A0\u2000-\u200A\u202F\u205F\u3000\uFF01-\uFF5E]/g,s=/\r\n?/g,c=E=>E.normalize("NFKC"),F=E=>E.replace(s,`
import{a as g}from"./chunk-E4AHFVE2.mjs";var e=/\uFEFF/g,t=/([\u200B-\u200D\u2060\u00AD\u3164\uFFA0]|[\u{E0000}-\u{E007F}])/gu,n=/[\uFE00-\uFE0F]/g,r=/<!--[\s\S]*?-->/g,u=/\[\]\([^)]*\)/g,o=/[\u00A0\u2000-\u200A\u202F\u205F\u3000\uFF01-\uFF5E]/g,s=/\r\n?/g,c=E=>E.normalize("NFKC"),F=E=>E.replace(s,`
`).replace(e,"").replace(t,"").replace(n,"").replace(r,"").replace(u,"").replace(o,c),i=E=>F(E).normalize("NFKC");export{g as applyFixes,F as sanitize,i as sanitizeStrict};
+4
-3
package.json

@@ -5,3 +5,3 @@ {

"private": false,
"version": "0.0.1",
"version": "0.0.2",
"description": "PromptShield sanitizer that applies safe, deterministic fixes to text based on detected prompt-injection threats such as invisible characters, markdown smuggling, and BOM artifacts.",

@@ -55,3 +55,4 @@ "license": "MIT",

],
"icon": "Shield"
"icon": "Shield",
"description": "Deterministic threat stripper"
},

@@ -92,3 +93,3 @@ "funding": [

"dependencies": {
"@promptshield/core": "0.1.0"
"@promptshield/core": "1.0.0"
},

@@ -95,0 +96,0 @@ "scripts": {

-1
dist/chunk-JETCG3HP.mjs
import{ThreatCategory as s}from"@promptshield/core";var d=(a,l)=>{if(!l.length)return{text:a,fixed:[],skipped:[]};let p=[...l].sort((e,r)=>r.loc.index-e.loc.index),o=[],n=[],t=a;for(let e of p){let{index:r}=e.loc,i=e.offendingText;if(!(r<0||!i))switch(e.category){case s.Invisible:case s.Trojan:t=t.slice(0,r)+t.slice(r+i.length),o.push(e);break;case s.Smuggling:e.readableLabel==="[Hidden Comment]"||e.readableLabel==="[Empty Link]"?(t=t.slice(0,r)+t.slice(r+i.length),o.push(e)):n.push(e);break;case s.Normalization:t=t.slice(0,r)+i.normalize("NFKC")+t.slice(r+i.length),o.push(e);break;default:n.push(e);break}}return{text:t,fixed:o,skipped:n}};export{d as a};