Show HN: A tiny TypeScript library to guard against prompt injection (andersmyrmel.com)

A new tiny TypeScript library, vard (@andersmyrmel/vard), offers a drop-in guard against common prompt-injection attacks so developers can skip repeatedly writing the same regex-based boilerplate. Zero-config usage will block obvious attacks or throw a PromptInjectionError; a fluent API (moderate(), delimiters(), block(), sanitize(), maxLength()) lets you tailor protections for chat inputs. It also provides safeParse for API routes so TypeScript narrows success vs. threat results (result.data vs. result.threats) rather than relying on try/catch. Technically, vard uses pattern-based detection (built-in rules plus user-defined regex patterns with confidence scores and labels) to catch delimiter injection, instruction overrides, encoding attacks and domain- or language-specific probes. You can add custom patterns (e.g., Spanish phrases or admin-specific keywords) and combine them with blocking/sanitization rules. No external services are required, it’s MIT-licensed, and the author claims pattern guards catch roughly ~90% of real-world attacks — a pragmatic, low-cost tradeoff for many projects. Note that prompt injection remains an unsolved problem; vard is positioned as an easy, extensible first line of defense rather than a complete solution.