DEV Community

RESK
RESK

Posted on

Protect Your Node.js LLM from Prompt Injection with resk-llm-ts

Links

  • GitHub: github.com/Resk-Security/resk-llm-ts
  • NPM: npmjs.com/package/resk-llm-ts
  • Web: resk.fr

If you serve LLM endpoints in Node.js, you face the same security risks as Python deployments — prompt injection, jailbreak attempts, PII leakage, and tool abuse. The difference? Most AI security toolkits are Python-only.

resk-llm-ts changes that. It is a TypeScript-first LLM security toolkit with 11 threat detectors that plugs into Express, Hono, or any OpenAI-compatible client.

Quick Start

npm install resk-llm-ts
Enter fullscreen mode Exit fullscreen mode

Express Middleware Example

import express from 'express';
import { createMiddleware } from 'resk-llm-ts';

const app = express();
app.use(express.json());

// Attach threat detection to your LLM route
app.post('/api/chat', 
  createMiddleware({
    detectors: ['injection', 'jailbreak', 'pii'],
    mode: 'block' // or 'log'
  }),
  async (req, res) => {
    // If we reach here, the input passed all detectors
    const reply = await callYourLLM(req.body.message);
    res.json({ reply });
  }
);

app.listen(3000);
Enter fullscreen mode Exit fullscreen mode

What Gets Detected

Detector What It Catches
Prompt Injection DAN, ignore-prior-instructions patterns
Jailbreak Role-play escapes, hypothetical traps
PII Leakage Phone numbers, emails, SSNs
Exfiltration Prompt-stealing, data-dumping attempts
Toxic Content Hate speech, harassment
And 6 more... Code injection, URL phishing, etc.

Why TypeScript Matters

The Node.js ecosystem powers AI agents, middleware, and API gateways. If your security scanner only exists in Python, you ship blind on the JS side. resk-llm-ts closes that gap with first-class type definitions, zero-dependency core, and framework-native integration.

Next Steps

npm install resk-llm-ts
# Or check the docs on resk.fr
Enter fullscreen mode Exit fullscreen mode

Try it on your next project and open an issue if a detector misses something — this is community-driven security.

Top comments (0)