Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
langchain
Advanced tools
The langchain npm package is designed to facilitate the development of applications that leverage language models. It provides tools for chaining together different language model operations, managing prompts, and integrating with various data sources.
Prompt Management
This feature allows you to create and manage prompts easily. You can define templates and format them with dynamic data.
const { PromptTemplate } = require('langchain');
const template = new PromptTemplate('Translate the following text to French: {text}');
const prompt = template.format({ text: 'Hello, how are you?' });
console.log(prompt); // Output: Translate the following text to French: Hello, how are you?
Chaining Operations
This feature allows you to chain together multiple operations, where the output of one step becomes the input to the next.
const { Chain } = require('langchain');
const chain = new Chain();
chain.addStep(async (input) => `Step 1: ${input}`);
chain.addStep(async (input) => `Step 2: ${input}`);
chain.run('Initial Input').then(console.log); // Output: Step 2: Step 1: Initial Input
Integration with Data Sources
This feature allows you to integrate with various data sources, making it easy to fetch and use data within your language model operations.
const { DataSource } = require('langchain');
const dataSource = new DataSource('https://api.example.com/data');
dataSource.fetch().then(data => console.log(data));
The openai npm package provides a simple interface to interact with OpenAI's GPT-3 and other models. While it focuses on direct interaction with OpenAI's API, langchain offers more advanced features like prompt management and chaining operations.
The node-nlp package is a natural language processing library for Node.js. It provides tools for entity extraction, sentiment analysis, and more. While it offers a broad range of NLP functionalities, langchain is more specialized in chaining language model operations and managing prompts.
Compromise is a lightweight NLP library for Node.js. It focuses on text processing and manipulation. Compared to langchain, compromise is more about text analysis and less about chaining language model operations or managing prompts.
β‘ Building applications with LLMs through composability β‘
Looking for the Python version? Check out LangChain.
To help you ship LangChain apps to production faster, check out LangSmith. LangSmith is a unified developer platform for building, testing, and monitoring LLM applications.
You can use npm, yarn, or pnpm to install LangChain.js
npm install -S langchain
or yarn add langchain
or pnpm add langchain
LangChain is written in TypeScript and can be used in:
LangChain is a framework for developing applications powered by language models. It enables applications that:
This framework consists of several parts.
The LangChain libraries themselves are made up of several different packages.
@langchain/core
: Base abstractions and LangChain Expression Language.@langchain/community
: Third party integrations.langchain
: Chains, agents, and retrieval strategies that make up an application's cognitive architecture.Integrations may also be split into their own compatible packages.
This library aims to assist in the development of those types of applications. Common examples of these applications include:
βQuestion Answering over specific documents
π¬ Chatbots
The main value props of the LangChain libraries are:
Off-the-shelf chains make it easy to get started. Components make it easy to customize existing chains and build new ones.
Components fall into the following modules:
π Model I/O:
This includes prompt management, prompt optimization, a generic interface for all LLMs, and common utilities for working with LLMs.
π Retrieval:
Data Augmented Generation involves specific types of chains that first interact with an external data source to fetch data for use in the generation step. Examples include summarization of long pieces of text and question/answering over specific data sources.
π€ Agents:
Agents allow an LLM autonomy over how a task is accomplished. Agents make decisions about which Actions to take, then take that Action, observe the result, and repeat until the task is complete. LangChain provides a standard interface for agents, along with LangGraph.js for building custom agents.
Please see here for full documentation, which includes:
As an open-source project in a rapidly developing field, we are extremely open to contributions, whether it be in the form of a new feature, improved infrastructure, or better documentation.
For detailed information on how to contribute, see here.
Please report any security issues or concerns following our security guidelines.
This is built to integrate as seamlessly as possible with the LangChain Python package. Specifically, this means all objects (prompts, LLMs, chains, etc) are designed in a way where they can be serialized and shared between languages.
FAQs
Typescript bindings for langchain
The npm package langchain receives a total of 503,333 weekly downloads. As such, langchain popularity was classified as popular.
We found that langchain demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago.Β It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonarβs acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.