onion-ai 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +1 -0
  2. package/dist/config.d.ts +1 -0
  3. package/dist/index.js +4 -0
  4. package/dist/layers/vault.js +8 -4
  5. package/package.json +2 -1
package/README.md CHANGED
@@ -8,6 +8,7 @@ Think of it as **[Helmet](https://helmetjs.github.io/) for LLMs**.
8
8
 
9
9
  [![npm version](https://img.shields.io/npm/v/onion-ai.svg?style=flat-square)](https://www.npmjs.com/package/onion-ai)
10
10
  [![license](https://img.shields.io/npm/l/onion-ai.svg?style=flat-square)](https://github.com/himanshu-mamgain/onion-ai/blob/main/LICENSE)
11
+ [![Documentation](https://img.shields.io/badge/docs-onion--ai-8b5cf6?style=flat-square&logo=github)](https://himanshu-mamgain.github.io/onion-ai/)
11
12
 
12
13
  ---
13
14
 
package/dist/config.d.ts CHANGED
@@ -326,6 +326,7 @@ export interface SimpleOnionConfig {
326
326
  enhance?: boolean;
327
327
  piiSafe?: boolean;
328
328
  debug?: boolean;
329
+ strict?: boolean;
329
330
  onWarning?: (threats: string[]) => void;
330
331
  }
331
332
  export interface SecurityResult {
package/dist/index.js CHANGED
@@ -74,6 +74,10 @@ class OnionAI {
74
74
  if (onWarning) {
75
75
  onWarning(secLikelihood.threats);
76
76
  }
77
+ // Strict Mode: Throw error if threats found
78
+ if (this.simpleConfig?.strict) {
79
+ throw new Error(`OnionAI Security Violation: ${secLikelihood.threats.join(", ")}`);
80
+ }
77
81
  }
78
82
  // 2. Enhance (if enabled)
79
83
  // We always try to enhance the output we have, even if it had warnings (as long as it wasn't empty)
package/dist/layers/vault.js CHANGED
@@ -16,11 +16,15 @@ class Vault {
16
16
  threats.push(`Forbidden SQL statement detected: ${statement}`);
17
17
  }
18
18
  }
19
- // If read-only mode, only SELECT is usually allowed
19
+ // If read-only mode, we need to be careful not to flag natural language.
20
+ // We only enforce "Must be SELECT" if the input actually looks like a SQL command.
20
21
  if (this.config.mode === 'read-only') {
21
- const isSelect = upperQuery.trim().startsWith('SELECT');
22
- if (!isSelect && query.trim().length > 0) {
23
- threats.push("Non-SELECT query detected in read-only mode");
22
+ const firstWord = upperQuery.split(/\s+/)[0];
23
+ const sqlCommands = ["INSERT", "UPDATE", "DELETE", "DROP", "ALTER", "CREATE", "GRANT", "REVOKE", "TRUNCATE", "MERGE", "REPLACE", "Upsert"];
24
+ // If it starts with a known SQL command that ISN'T Select, flag it.
25
+ // If it starts with "Hello", we ignore it (unless it hits a forbidden marker later).
26
+ if (sqlCommands.includes(firstWord)) {
27
+ threats.push(`Non-SELECT query detected in read-only mode (starts with ${firstWord})`);
24
28
  }
25
29
  }
26
30
  // Check for common SQL injection markers
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "onion-ai",
3
- "version": "1.0.4",
3
+ "version": "1.0.5",
4
4
  "description": "Layered security for AI prompting - input sanitization, injection protection, and output validation.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
@@ -17,6 +17,7 @@
17
17
  "type": "git",
18
18
  "url": "git+https://github.com/himanshu-mamgain/onion-ai.git"
19
19
  },
20
+ "homepage": "https://himanshu-mamgain.github.io/onion-ai/",
20
21
  "keywords": [
21
22
  "ai",
22
23
  "security",