DEV Community

RESK
RESK

Posted on

resk-llm-ts: Open Source TypeScript Security Toolkit for LLM Applications

Links:


If you are building LLM-powered applications in Node.js or TypeScript, you have probably thought about security. Prompt injection, jailbreak attempts, PII leaks, and data exfiltration are real threats that traditional input sanitization does not catch at the LLM layer.

Most security toolkits are Python-only. TypeScript developers deserve the same protection.

resk-llm-ts is an open source TypeScript security toolkit with 11 threat detectors. It works as Express middleware, Hono middleware, or as an OpenAI-compatible wrapper.

Quick Start

npm install resk-llm-ts
Enter fullscreen mode Exit fullscreen mode

Basic Usage

import { LLMSecurity } from "resk-llm-ts";

const security = new LLMSecurity({
  enabledDetectors: ["injection", "jailbreak", "pii", "exfiltration"],
  mode: "block", // or "log"
});

// Use as middleware with Express
app.post("/api/chat", security.middleware(), async (req, res) => {
  // req.body has been scanned - threats are blocked or logged
  const response = await openai.chat.completions.create({
    model: "gpt-4",
    messages: req.body.messages,
  });
  res.json(response);
});
Enter fullscreen mode Exit fullscreen mode

Or use the OpenAI-compatible wrapper:

import { SecureOpenAI } from "resk-llm-ts";

const client = new SecureOpenAI({
  apiKey: process.env.OPENAI_API_KEY,
  detectors: ["injection", "jailbreak"],
});

const response = await client.chat.completions.create({
  model: "gpt-4",
  messages: [{ role: "user", content: userInput }],
});
Enter fullscreen mode Exit fullscreen mode

All 11 Detectors

Detector Purpose
injection Prompt injection detection
jailbreak Jailbreak pattern recognition
pii PII and sensitive data scanning
exfiltration Data exfiltration prevention
code-injection Code injection detection
toxic-content Toxic content filtering
political Political content detection
adversarial Adversarial suffix detection
encoded-payload Base64/hex encoded threat detection
role-play Role-play manipulation detection
system-prompt System prompt leak prevention

Why resk-llm-ts?

  • TypeScript-first: Full type definitions, works with any Node.js framework
  • Middleware-ready: Drop into Express, Hono, Fastify, or any connect-compatible framework
  • OpenAI-compatible wrapper: Replace your OpenAI client with zero API changes
  • Dual mode: Block threats or log them for analysis
  • GPL-3.0 open source: Free to use, modify, and contribute to

Security for LLM applications should not be an afterthought. Add it as middleware and ship with confidence.

Check it out on GitHub: https://github.com/Resk-Security/resk-llm-ts

Install: https://npmjs.com/package/resk-llm-ts

Learn more: https://resk.fr

Top comments (0)