Install the Node.js agent

Install the Node.js agent on your system.


Installing the Sqreen Node.js agent enables you to monitor the security of your application and block attacks in realtime. The installation process is the same as adding any new module:

  • Sign up to Sqreen to create your account.
  • Pick up your first application name and language. The name of the application can be the name of the repository, or anything that will help you identify the app in your Sqreen dashboard.
  • Follow the procedure detailed below.

Standard Node.js application

From a terminal, install the Sqreen module and save it into your project:

npm install --save sqreen

You must require the Sqreen Node.js module first at the top of your main script:


Then, from a terminal, set up your Sqreen token (provided from the user interface) in your home directory:

echo '{ "token": "mysecrettoken" }' > sqreen.json

Why must the Sqreen module be required first?

If the Sqreen agent is not required as the first module at the top of your main script, the following applies:

  • Modules required before the Sqreen agent cannot be instrumented. For example, the database driver is not protected with Sqreen logic.
  • Request context lost: the agent might not be able to determine to which HTTP request the code relates to.
  • Protection on file access or command executions from Node.js core modules is not available.

To help you troubleshoot your setup, the agent informs you if it is not the first module included. It lists all the modules required before it. Please note that Node.js core modules are not detected and thus won't be listed.

Install the agent in a non-production environment

Typically you install the Sqreen agent in your production environment. You can create several applications using your Sqreen dashboard, and specify the environment (development, staging, production). Each of your applications has a unique Sqreen token.

Use different Sqreen applications for different environments

We recommend using different Sqreen applications for different environments.

Basic configuration

The Sqreen agent stores your configuration in a sqreen.json file. It contains your Sqreen token.

You can also use the SQREEN_TOKEN environment variable to set up your token:

export SQREEN_TOKEN=mysecrettoken

The Sqreen Node.js agent provides flexible configuration settings. Refer to Configuration for Node.js for more detailed information.

Uninstall the agent

To uninstall the Sqreen agent, remove the sqreen module from your application.


The Sqreen Node.js agent is available on npm.