Node.js SDK for user monitoring

Sqreen protects your application users against major threats, such as account takeover, password bruteforce, suspicious activities coming from TOR or unusual VPN.

Sqreen supports passport-local and passport-http authentication, out of the box, for automatic User Context.

Advanced User Context allows you to set up user monitoring in your application with flexibility and powerful additional features. You will need to integrate Sqreen SDK in your application (< 10 minutes).

User monitoring SDK

Two lines are enough to monitor your users activities with Sqreen.

Calls to Sqreen.auth_track should be performed when creating your user session, basically at signup, and login.

const Sqreen = require('sqreen');

Sqreen.auth_track(<auth_success>, <collect_object>);

Where: auth_success is a Boolean: true if the login is successful. collect_object is an object containing the data that will be sent to Sqreen

Implementation example

const auth_user = function (username, password, callback) {
    AuthenticateUser(username, password, function (loginSuccess, user) {

    Sqreen.auth_track(loginSuccess, { username: username });
    return callback(loginSuccess, user);


The collect_object arguments identify information about your users. They’re displayed on the dashboard to help you detect if a customer is at risk, or is a risk for your application. Object values should only be strings.

User identification

If your users can be identified with a single value (email, nickname...), you can send proceed that way:

Sqreen.auth_track(true, { email: });
// Or, if the autentication failled
Sqreen.auth_track(false, { email: });

If your users are identified with a composite primary key (multiple values), all of them should be sent in order to identify them accurately on Sqreen's user interface.

For example, if you are a white label shop and your users are identified by their email and the shop id, you can send these identifiers like this:

Sqreen.auth_track(true, { email:, platform_id: user.platform_id });

Sqreen SDK only accepts user identifiers

Don't send any other information (like the auth failure reason). Sqreen will consider them as part of the user identifier, and will not be able to merge successful and failed authentications.