Apps overview

Apps overview

Netwarden Apps is the error-tracking and dependency-monitoring surface inside Netwarden. It's a sibling of the host-monitoring product — same tenant, same dashboard, same alert preferences — and it's the right starting point if your goal is to track errors in a deployed web or backend application, not the health of a server.

This page is the "Start here for Apps" entry point. It explains what Apps is, who it's for, what it does and doesn't do, and where to go next.

What Apps is

Three things wrapped into one product, behind two SDKs.

Error tracking. Sentry-style. The SDK captures uncaught exceptions and unhandled promise rejections from browsers and Node servers. Errors are grouped into Issues by stack-trace fingerprint, deduped, counted, and decorated with first-seen / last-seen / users-affected. Source maps uploaded on deploy symbolicate browser stacks back to your source code. Auto-reopen fires when a previously-resolved issue regresses in a later release.

Dependency-update notifications. This is the wedge. On SDK init, the package reads your resolved lockfile and reports the package + version pairs to the platform. A daily cross-reference against the OSV.dev advisory feed covers eight ecosystems — npm, PyPI, RubyGems, Go modules, Cargo, Maven, NuGet, and Composer. When a CVE patch lands for a package in your lockfile, the platform fires a module_vulnerable finding, routes it to your configured channels (email, push, webhook), and prints the fixed version as a copy-paste line. There's no SCA dashboard to set up, no SBOM ceremony — the input is whatever the SDK reports.

Lite analytics. A single track('event_name', { props }) call. Pageviews and unique visitors are cookieless (we hash IP plus User-Agent with a daily-rotated salt). One five-step funnel per project. That's the entire analytics surface — no cohorts, no retention curves, no heatmaps. It's deliberately less than PostHog.

Who it's for

The buyer we built Apps around is a solo developer or small team with one to three production apps. Stack is typically Next.js, Remix, SvelteKit, Hono, Express, FastAPI, or Bun. Hosts on Vercel, Railway, Fly.io, or Render. The kind of buyer who has shipped real things but doesn't want to install OpenTelemetry and read flamegraphs.

Apps is also a fit for:

• The small SaaS team that already pays Netwarden for host monitoring. Apps is a tab inside the existing tenant — same dashboard, same invoice, same alert preferences.
• The agency running multiple client apps. Per-project dashboards, fixed pricing, and the dependency-CVE wedge are the differentiators here.

If you're an enterprise SRE running Datadog and 50 microservices on Kubernetes, this is not the product. We are not that product.

The 3 pillars in detail

Errors

Error capture is on by default in both SDKs. The JavaScript / Node SDK hooks window.onerror and unhandledrejection in browsers, process.on('uncaughtException') and process.on('unhandledRejection') in Node, and Next.js's instrumentation.ts and middleware hooks if it detects them. The Python SDK ships Flask, FastAPI, and Django middlewares.

Each captured error becomes an Issue, identified by a stack-trace fingerprint. Subsequent occurrences of the same fingerprint update last_seen_at, event_count, and users_affected rather than creating a new Issue. Auto-reopen kicks in when an Issue marked resolved appears in a later release.

Six SDK config keys are honored: dsn, environment, release, sampleRate, tracesSampleRate, beforeSend. The capture API mirrors Sentry's: captureException, captureMessage, setUser, setContext, addBreadcrumb, withScope. If you're migrating from Sentry, the migration guide covers the swap in detail.

Dependency-update notifications

The wedge feature, and the thing no other error tracker ships.

On SDK init, the client reads the resolved lockfile in your project root. Eight lockfile types are supported: package-lock.json, pnpm-lock.yaml, bun.lock, yarn.lock, requirements.txt, poetry.lock, Pipfile.lock, Gemfile.lock, go.sum, Cargo.lock, Maven pom.xml (resolved), *.csproj (NuGet), composer.lock. Package + version pairs are reported once per init.

Server-side, a daily job pulls the OSV.dev advisory feed for each ecosystem and joins every project's installed packages against the affected ranges. A match fires a module_vulnerable finding. The finding includes the GHSA / CVE identifier, severity (critical / high / medium / low), the affected version range, the patched version, and a copy-paste install command (npm install <pkg>@<patched>, pip install <pkg>==<patched>, etc.).

Findings route through the same notifier that handles host-side security alerts: email by default, push if you have the mobile app installed, webhook if you've configured one. Severity-based routing rules (e.g., "page me on critical, digest the rest") are configured per project in the dashboard.

Auto-resolve closes the finding when the next snapshot omits the affected version — i.e., when you upgrade and redeploy.

Lite analytics

The track() API:

jsCopy
import { track } from "@netwarden/sdk";

track("signup_completed", { plan: "studio" });
track("checkout_abandoned", { step: 3 });

Custom events are stored, counted, and groupable by property. Pageviews are auto-tracked in the browser SDK if you call init({ pageviews: true }).

The funnel is a single five-step ordered sequence per project, configured in the dashboard. Each step maps to a custom event name. The funnel UI shows step-by-step conversion percentages and total drop-off.

If you need cohort analysis, retention curves, A/B testing, or session replay, this isn't that product. PostHog or Mixpanel are.

The 2 SDKs

@netwarden/sdk — the JavaScript / Node package. One npm install, dual-target browser and Node, zero peer dependencies, MIT-licensed. Browser bundle is around 5 KB gzipped; Node bundle is similar.

jsCopy
import { init } from "@netwarden/sdk";

init({ dsn: process.env.NETWARDEN_DSN });

netwarden — the Python package. Flask, FastAPI, and Django middlewares included; same dsn shape; same track() API. Currently in alpha; Flask and FastAPI work cleanly, Django sync code paths work, Django async views are the rougher edge during alpha.

pythonCopy
from netwarden import init

init(dsn=os.environ["NETWARDEN_DSN"])

Both SDKs:

• Report the resolved lockfile on init (the dependency wedge's input).
• Batch up to 100 events into a single POST.
• Expose track(name, props) for custom events.
• Honor a beforeSend hook for redaction or drop-rules.

There is no mobile SDK in v1. iOS, Android, and React Native need dSYMs / ProGuard handling and offline buffering — different engineering disciplines from the web SDK and a different audience from our buyer. If a third SDK gets added, it'll be React Native first.

Quickstart

The fast path:

1. Sign up at app.netwarden.com. Free tier covers one project, no card.
2. Create a new App project from the dashboard. Copy the DSN.
3. Install the SDK: npm install @netwarden/sdk or pip install netwarden.
4. Call init({ dsn }) once at app boot.
5. Deploy. Wait for your first error or your first dependency finding — whichever comes first.

The full step-by-step is in the getting-started guide. Source-map setup for browser apps is in installation.

Pricing summary

Apps is fixed-price. No per-event line item, ever.

• Apps Free — 1 project, 50,000 events/month, 7-day retention, dependency findings included, $0.
• Apps Solo — 3 projects, 250,000 events, 30-day retention, $9/month.
• Apps Studio — 10 projects, 1,000,000 events, 60-day retention, $29/month.
• Apps Agency — unlimited projects (fair-use 50), 5,000,000 events, 90-day retention, $79/month.

Caps are soft. Exceeding the monthly event cap pauses ingestion for 24 hours and emails you. Nothing auto-charges. There is no overage line on any invoice.

If you're already a Netwarden Pro tenant for hosts, Apps Solo is bundled at no extra charge.

The pricing reasoning is in the alternatives post — short version, per-event billing is the psychological reason a lot of solo developers refuse to use Sentry, and we picked the opposite trade.

Self-hosted note

Apps ships in the same netwarden Bun-compiled binary as the host monitor. If you're already running Netwarden self-hosted, the upgrade path to enable Apps is one binary version bump and one new APPS_DSN environment variable. The migration script that creates the events_ts, issues, project_manifests, and module_advisories tables runs once on first boot.

If you're starting fresh self-hosted, the self-hosting guide walks through the binary install, the database (SQLite for under ~10 hosts and ~100K events/day, Postgres above that), and the environment-variable surface. The OSV.dev advisory feed runs on your machine. Every event lands in your database. The CLI for source-map upload is the same binary in two-letter mode (netwarden upload-maps).

There is no feature gate between hosted and self-hosted. The "Apps Free" tier in our hosted product corresponds, in self-hosted, to "you ran the binary."

What Apps does not do

A short list of things people sometimes ask about. Each is a deliberate "no":

• No session replay. The storage cost is at odds with $9/month pricing. If you need replay, Highlight or Sentry are the right answers.
• No feature flags. Different product (LaunchDarkly, Statsig, PostHog Flags, OpenFeature).
• No distributed tracing in v1. No span trees across services. Apps captures the request that produced an error with timing breadcrumbs, but it's not an APM tool.
• No profiling. No flame graphs.
• No mobile SDKs in v1. See above.
• No log aggregation. Apps is errors, dependency findings, and events — not logs.
• No heatmaps, surveys, or AI session summaries.
• No native Slack / PagerDuty / Discord. Email, push, and webhook are the channels. Webhook covers the rest by routing to your existing tools.

The reasoning behind each "no" is in the launch post. The short version is that we shipped seven features instead of forty so the seven would actually work.

Where to go next

• Getting started — full walkthrough including account creation, SDK install, and your first error.
• Installation — source-map setup, build-tool plugins, framework integration.
• Migrating from Sentry to Netwarden in 30 minutes — if you're swapping out an existing Sentry install.
• Sentry alternatives without per-event bills — the comparison post for context on the pricing model.
• Announcing Netwarden Apps (alpha) — the launch post and the long-form product reasoning.
• Apps features — the marketing-side capability tour with screenshots.
• Pricing — the full tier breakdown.