PromptShield logo PromptShield
API DocsInterfaces

ThreatReport

Defined in: types.ts:224

Threat report enriched with human-readable location information.

ThreatReport extends the base ThreatReportWithoutLocation by replacing the offset-based range with resolved line/column locations. This format is intended for environments where diagnostics must be presented to humans, such as:

  • CLI output
  • CI reports
  • logs
  • editor diagnostics

The core scanner operates purely on absolute character offsets for performance and interoperability with editor APIs (e.g., Tiptap, LSP). Location resolution is performed later using utilities such as enrichWithLoc.

Each range endpoint includes:

  • line — 1-based line number
  • column — 1-based column number
  • index — original 0-based character offset

Keeping the original index ensures deterministic mapping back to the source text while still providing user-friendly diagnostics.

Example

{
  ruleId: "PSU001",
  severity: "LOW",
  message: "Invisible Unicode characters detected.",
  range: {
    start: { line: 2, column: 5, index: 17 },
    end:   { line: 2, column: 6, index: 18 }
  }
}

Extends

Properties

category

category: ThreatCategory

Defined in: types.ts:123

Threat classification

Inherited from

ThreatReportWithoutLocation.category

decodedPayload?

optional decodedPayload: string

Defined in: types.ts:173

Optional decoded payload extracted from concealed content.

Example: "ignore previous instructions"

Inherited from

ThreatReportWithoutLocation.decodedPayload

message

message: string

Defined in: types.ts:134

Human-readable diagnostic message.

Describes WHAT was detected and WHY it matters. This should not include remediation steps.

Inherited from

ThreatReportWithoutLocation.message

offendingText

offendingText: string

Defined in: types.ts:150

The substring responsible for the detection.

This may contain multiple characters if the threat represents a sequence.

Inherited from

ThreatReportWithoutLocation.offendingText

range

range: object

Defined in: types.ts:226

end

end: Location

End position of the detected threat span.

start

start: Location

Start position of the detected threat span.

readableLabel?

optional readableLabel: string

Defined in: types.ts:158

Optional readable label for UI rendering.

Example: "[ZWSP × 3]"

Inherited from

ThreatReportWithoutLocation.readableLabel

referenceUrl

referenceUrl: string

Defined in: types.ts:181

Reference documentation explaining the risk.

Example: https://promptshield.js.org/docs/detectors/invisible-chars#PSU001

Inherited from

ThreatReportWithoutLocation.referenceUrl

ruleId

ruleId: string

Defined in: types.ts:120

Stable rule identifier.

Example: "PSU001", "PST001", "PSI002"

Inherited from

ThreatReportWithoutLocation.ruleId

severity

severity: Severity

Defined in: types.ts:126

Risk severity

Inherited from

ThreatReportWithoutLocation.severity

suggestion?

optional suggestion: string

Defined in: types.ts:165

Suggested remediation guidance.

This is optional and may vary by environment (editor, CI, UI).

Inherited from

ThreatReportWithoutLocation.suggestion

ScanResult

Previous Page

ThreatReportWithoutLocation

Next Page

On this page

ExampleExtendsPropertiescategoryInherited fromdecodedPayload?Inherited frommessageInherited fromoffendingTextInherited fromrangeendstartreadableLabel?Inherited fromreferenceUrlInherited fromruleIdInherited fromseverityInherited fromsuggestion?Inherited from