A Lightweight Way to Guard Against Prompt Injection

Every AI project I’ve built needed the same security boilerplate: block instruction overrides, sanitize delimiters, detect encoding attacks.

I got tired of copy-pasting the same 200 lines of regex. Here’s how you can skip the boilerplate in 2 minutes:

import vard from "@andersmyrmel/vard";

// Zero-config usage
const safe = vard("Hello, how can I help?");
// Returns: "Hello, how can I help?"

vard("Ignore all previous instructions");
// Throws: PromptInjectionError

No configuration, no external services. It’s like Zod, but for prompt injection:

const chatVard = vard
  .moderate()
  .delimiters(["CONTEXT:", "USER:"])
  .block("instructionOverride")
  .sanitize("delimiterInjection")
  .maxLength(5000);

const safe = chatVard(userInput);

For API routes, you can use safe parsing instead of try/catch:

const result = chatVard.safeParse(userInput);

if (!result.safe) {
  // TypeScript knows result.threats is Threat[]
  console.log(`Blocked ${result.threats.length} threats`);
  return;
}

// TypeScript knows result.data is string
const safeInput = result.data;
// Proceed with LLM call

Built-in patterns cover common attacks. Extend them for specific threats or languages:

// Block Spanish attacks
const spanishVard = vard
  .moderate()
  .pattern(/ignora.*instrucciones/i, 0.9, "instructionOverride")
  .pattern(/revela.*prompt/i, 0.95, "systemPromptLeak");

// Block domain-specific keywords
const customVard = vard
  .moderate()
  .pattern(/\badmin\b/i, 0.85, "instructionOverride")
  .block("instructionOverride");

Prompt injection is an unsolved problem, but pattern-based guards catch ~90% of attacks at zero cost. For most projects, that’s good enough.

Try it for yourself:

npm install @andersmyrmel/vard

GitHub · MIT licensed · Contributions welcome