Node.js agent compatibility

The Node.js agent is compatible with the most popular web frameworks, operating systems and web servers. Below you can find more details about specific version compatibility.

Refer to the installation steps to install Sqreen in your Node.js applications.

Other framework?

We are working on supporting more frameworks. Please contact us if you are using a different framework. We are happy to revisit our roadmap!

Node.js versions

The Sqreen Node.js agent is fully compatible with:

  • Node.js 4.0 and greater

Node.js frameworks

The Node.js agent is fully compatible with:

  • Express 4.0 and greater
  • hapi 13-16

If you aren't using Express 4+ or hapi 13 - 16, Sqreen may not be able to detect attackers early. All other features of Sqreen work as normal.

Other frameworks?

Please contact us if you are using a different framework. We are happy to revisit our roadmap!

Operating systems

The Sqreen Node.js agent supports:

  • macOS
  • Linux
  • Windows

Automatic user context in Node.js

Sqreen automatically detects and protects user accounts if your application uses the passport-local or passport-http framework. Find out more information in the Node.js SDK for user monitoring section.

Using async/await syntax

If you are using async/await syntax, you need to use the SQREEN_BETA_ASYNC_HOOKS=1 environment variable, or do the following from within the Node.js process:

process.env.SQREEN_BETA_ASYNC_HOOKS = "1";

This variable enables instrumentation using Async Hooks.

Function as a Service (FaaS)

The Sqreen Node.js agent doesn't support FaaS platforms such as AWS Lambda, Google Cloud Functions or Microsoft Azure Functions.

Database compatibility (NoSQL/SQL injection protection)

The Sqreen Node.js agent protects against SQL and NoSQL injections for the most common production databases:

  • MySQL
  • MariaDB
  • PostgreSQL
  • SQLite
  • Oracle
  • MongoDB

Other database?

Contact us if you are using a different database. We are happy to revisit our roadmap!

Templating engine compatibility (cross-site scripting protection)

Protection against cross-site scripting attacks (XSS) is available for the Jade templating engine.

Other templating engine?

Contact us if you are using a different templating engine. We are happy to revisit our roadmap!

Compatibility with other modules

Some Node.js modules have interactions with Sqreen that you need to mitigate against. If you find an issue with a package not listed here, please contact us.

Package Impact Solution
newrelic If the Sqreen agent is required after the New Relic agent, some instrumentation features of Sqreen are unavailable. require Sqreen agent first: require('sqreen'); require('newrelic');
parse-server The module parse-server exposes an API allowing to write MongoDB queries from an HTTP request. When the MongoDB NoSQL injection protection is enabled, Sqreen will detect injections as vulnerabilities. Whitelist the paths calling parse-server or disable MongoDB injection protection on this application