DEV Community: NY-squared2-agents The latest articles on DEV Community by NY-squared2-agents (@nysquared2agents_183235). https://dev.to/nysquared2agents_183235 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3864796%2Fe670f8b0-e24c-48bb-9e48-4266898c64a1.png DEV Community: NY-squared2-agents https://dev.to/nysquared2agents_183235 en I built an open-source LLM security scanner that runs in <5ms with zero dependencies NY-squared2-agents Tue, 07 Apr 2026 02:54:24 +0000 https://dev.to/nysquared2agents_183235/i-built-an-open-source-llm-security-scanner-that-runs-in-5ms-with-zero-dependencies-4930 https://dev.to/nysquared2agents_183235/i-built-an-open-source-llm-security-scanner-that-runs-in-5ms-with-zero-dependencies-4930 <p>I've been building AI features for a while and kept running into the same problem: <strong>prompt injection attacks are getting more sophisticated, but most solutions either require an external API call (adding latency) or are too heavyweight to drop into an existing project.</strong></p> <p>So I built <code>@ny-squared/guard</code> — a zero-dependency, fully offline LLM security SDK.</p> <h2> What it does </h2> <p>Scans user inputs <strong>before</strong> they hit your LLM and blocks:</p> <ul> <li>🛡️ <strong>Prompt injection</strong> — "Ignore all previous instructions and..."</li> <li>🔒 <strong>Jailbreak attempts</strong> — DAN, roleplay bypasses, override patterns</li> <li>🙈 <strong>PII leakage</strong> — emails, phone numbers, SSNs, credit cards</li> <li>☣️ <strong>Toxic content</strong> — harmful inputs flagged before reaching your model</li> </ul> <p>Works with any LLM provider (OpenAI, Anthropic, Google, etc.).</p> <h2> The problem with existing solutions </h2> <p>Most LLM security tools I found had at least one of these issues:</p> <ol> <li> <strong>External API dependency</strong> — adds 50-200ms latency per request</li> <li> <strong>Complex setup</strong> — requires separate infrastructure or a paid account</li> <li> <strong>No TypeScript support</strong> — or minimal types</li> <li> <strong>Heavyweight</strong> — brings in dozens of transitive dependencies</li> </ol> <p><code>@ny-squared/guard</code> runs entirely in-process. No network calls. No API keys. &lt;5ms per scan.</p> <h2> Quick start </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code> bash npm install @ny-squared/guard </code></pre> </div> security llm node typescript