Getting Started with SecureNow and Express.js — From Install to Full Observability in 5 Minutes

If you run an Express.js API in production and have ever wondered "who is hitting my endpoints, and are any of those requests malicious?" — you are in the right place. SecureNow turns your existing application traces into a live security feed: SQL injection attempts, credential stuffing, API abuse, and anomalous traffic patterns are all surfaced automatically, without bolting on a WAF or rewriting your middleware stack.

This guide walks you through every step — installing the package, authenticating with the CLI, creating an application on the free trial, wiring up instrumentation, and verifying that traces arrive in the dashboard. Total time: about five minutes.

Prerequisites

• Node.js 18+ installed
• An existing Express.js project (or willingness to scaffold a quick one)
• A terminal and a browser

No SecureNow account yet? No problem — the CLI will open a browser-based signup/login flow for you.

Step 1: Install the Package

Open your project directory and install securenow:

npm install securenow

This single package bundles the OpenTelemetry SDK, auto-instrumentations for Node.js, an OTLP exporter, the SecureNow CLI, and optional console-log forwarding. There is nothing else to install.

Step 2: Log In via the CLI

SecureNow ships a CLI as securenow (or npx securenow if you installed it locally). Authenticate with one command:

npx securenow login

A browser tab opens at app.securenow.ai where you can sign up or log in. Once authenticated, the token is saved to ~/.securenow/credentials.json and every subsequent CLI command is authorized.

Prefer a non-interactive flow? Generate a CLI token from your dashboard at Settings → CLI Token, then run:

npx securenow login --token YOUR_TOKEN

Verify you are logged in:

npx securenow whoami

You should see your email and account details printed in the terminal.

Step 3: Create an Application (Free Trial)

Every application you monitor in SecureNow gets a unique identifier (the app key). Create one from the CLI:

npx securenow apps create my-express-api

The CLI will prompt you to pick a ClickHouse instance. Choose Free Trial — this provisions a managed OTLP collector at https://freetrial.securenow.ai:4318 at no cost and with no credit card.

After creation you will see output like:

✔ Application created

  SECURENOW_APPID=a1b2c3d4-e5f6-7890-abcd-ef1234567890
  SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318

Add these to your .env file.

Copy those two values — you will need them in the next step.

Optionally, set the new app as your default so CLI commands like securenow traces and securenow status target it automatically:

npx securenow config set defaultApp a1b2c3d4-e5f6-7890-abcd-ef1234567890

Step 4: Configure Environment Variables

Create (or update) a .env file in your project root:

SECURENOW_APPID=a1b2c3d4-e5f6-7890-abcd-ef1234567890
SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
SECURENOW_LOGGING_ENABLED=1
SECURENOW_CAPTURE_BODY=1

Step 5: Instrument Your Express App

You have two options — pick whichever fits your workflow.

Option A: Two Lines at the Top of Your Entry File (Recommended)

Add these lines before any other require or import:

require('securenow/register');
require('securenow/console-instrumentation');

const express = require('express');
const app = express();

app.use(express.json());

app.get('/api/health', (req, res) => {
  res.json({ status: 'ok' });
});

app.get('/api/users', async (req, res) => {
  console.log('Fetching users', { query: req.query });
  const users = await fetchUsersFromDb();
  res.json(users);
});

app.post('/api/users', async (req, res) => {
  console.info('Creating user', { email: req.body.email });
  const user = await createUserInDb(req.body);
  res.status(201).json(user);
});

const PORT = process.env.PORT || 3000;
app.listen(PORT, () => {
  console.log(`Server running on port ${PORT}`);
});

securenow/register starts the OpenTelemetry SDK, reads your .env, and auto-instruments HTTP, Express, database drivers, and more. securenow/console-instrumentation forwards console.* calls as OTel log records so they appear alongside your traces in the dashboard.

Option B: Zero Code Changes with NODE_OPTIONS

If you prefer not to touch your source files at all, preload the modules via NODE_OPTIONS:

NODE_OPTIONS="-r securenow/register -r securenow/console-instrumentation" node app.js

Or add it to your package.json scripts:

{
  "scripts": {
    "start": "node app.js",
    "start:observe": "NODE_OPTIONS='-r securenow/register -r securenow/console-instrumentation' node app.js"
  }
}

Then run:

npm run start:observe

Step 6: Start and Verify

Run your app:

node app.js

You should see confirmation in your terminal:

[securenow] OTel SDK started → https://freetrial.securenow.ai:4318/v1/traces
[securenow] 📋 Logging: ENABLED → https://freetrial.securenow.ai:4318/v1/logs
[securenow] Console instrumentation installed
Server running on port 3000

Generate some traffic — curl http://localhost:3000/api/health a few times — then check your dashboard:

npx securenow status

You should see your app listed as protected. You can also browse traces directly from the terminal:

npx securenow traces

Or open the full dashboard at app.securenow.ai to explore traces, logs, security issues, and analytics.

Bonus: Useful CLI Commands

Once your app is instrumented, the CLI becomes your terminal-based control plane:

Production Deployment with PM2

For production, use PM2 with an ecosystem config:

// ecosystem.config.js
module.exports = {
  apps: [{
    name: 'my-express-api',
    script: './app.js',
    instances: 4,
    exec_mode: 'cluster',
    node_args: '-r securenow/register -r securenow/console-instrumentation',
    env: {
      SECURENOW_APPID: 'a1b2c3d4-e5f6-7890-abcd-ef1234567890',
      SECURENOW_INSTANCE: 'https://freetrial.securenow.ai:4318',
      SECURENOW_LOGGING_ENABLED: '1',
      SECURENOW_NO_UUID: '1',
      NODE_ENV: 'production',
    }
  }]
};

pm2 start ecosystem.config.js

Setting SECURENOW_NO_UUID=1 ensures all cluster workers report under the same service name.

Docker Deployment

FROM node:20-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
ENV SECURENOW_APPID=my-express-api
ENV SECURENOW_INSTANCE=https://freetrial.securenow.ai:4318
ENV SECURENOW_LOGGING_ENABLED=1
ENV NODE_ENV=production
EXPOSE 3000
CMD ["node", "app.js"]

What SecureNow Detects Automatically

Once traces are flowing, SecureNow watches for:

• SQL injection — malicious patterns in query parameters and request bodies
• XSS attempts — script injection in user input
• Credential stuffing — high-velocity failed authentication attempts
• API abuse — unusual request patterns, rate-limit evasion, unauthorized endpoint access
• Anomalous traffic — AI-powered detection of behavioral outliers
• Supply-chain signals — unexpected outbound calls from your service
• Performance degradation — slow queries, high error rates, latency spikes

All of this happens without writing a single detection rule. Security issues surface in the dashboard and can trigger alerts via email, Slack, or custom webhooks.

Recap

Five steps, five minutes, zero middleware changes. Your Express API is now observable and protected.

Next Steps

• Explore the SecureNow dashboard to view traces, logs, and security issues
• Set up alert rules for critical security events
• Run npx securenow forensics to ask natural-language questions about your traffic
• Read the full environment variable reference for advanced tuning

Happy shipping — and happy securing.