Errors and dependency CVEs for the apps you ship.
Netwarden Apps is an error tracker plus a dependency-CVE alert system for web and Node.js applications. Fingerprint dedup, source-map symbolication, auto-reopen on regression. On top of that, a daily OSV.dev cross-reference across 8 ecosystems: npm, PyPI, RubyGems, Go, Cargo, Maven, NuGet, Composer. Pricing is fixed monthly ($0 / $9 / $29 / $79). Never per-event.
Three capabilities, one DSN, zero per-event math
Drop the SDK in, set one env var, and you get errors, dependency alerts, and lite analytics from the same install. One pipeline, one dashboard, one bill.
Stack traces you can actually read
Hook the SDK in once. We fingerprint by stack frames + error class so noisy errors collapse into one issue. Source maps uploaded on every deploy resolve minified bundles back to your source files. When a fixed issue regresses, it auto-reopens.
- Fingerprint-based dedup: sha1 of normalized frames plus error class
- Source-map symbolication via npx @netwarden/cli upload-sourcemaps
- Auto-reopen on regression, with the deploy that broke it attached
TypeError: Cannot read property 'foo' of undefined at n (main-7c2b9a.js:1:14829) at r.D (main-7c2b9a.js:1:9402) at P (chunk-4f01.js:1:2841) at e.exports (chunk-4f01.js:1:1207)
The only error tracker that watches your package.json
On boot the SDK reports your resolved manifest (actual installed versions, not spec ranges). A daily job cross-references against OSV.dev. The day a CVE patch ships for a package you ship to production, you get a finding with the fix command pre-built.
- Daily OSV.dev reconciliation against installed versions
- 8 ecosystems shipped: npm, PyPI, RubyGems, Go, Cargo, Maven, NuGet, Composer
- Copy-paste fix command per finding: npm install, pip install, cargo update, and friends.
GHSA-7p2x-9vw3-q5h2: server-action authorization bypass in the App Router. Affects 2 of your projects.
npm install [email protected]Pageviews, funnels, and self-host on the same plan
We picked the 5% of analytics solo devs actually use: cookieless pageviews, custom events, and a single 5-step funnel per project. Everything ships in the same Bun binary you can run on your own box.
- Cookieless visitor counts: daily-salted IP+UA hash, no banner needed
- One 5-step funnel per project with drop-off at each step
- Self-hostable: same Bun binary, point your DSN at it, ship
5-step funnel · last 24h
cookieless · sha256(ip+ua+salt)$ ./netwardenboot ok · sqlite · :3000jobs ok · osv reconciler armedevents ok · 0 backlog› open http://localhost:3000
One install. One init. One env var.
Two SDKs at alpha. Six config knobs total: dsn, release, environment, tracesEnabled, eventsEnabled, beforeSend. No 47-knob integrations array.
$ npm install @netwarden/sdk
// app/layout.tsximport { init } from "@netwarden/sdk";init({dsn: process.env.NEXT_PUBLIC_NETWARDEN_DSN,release: process.env.VERCEL_GIT_COMMIT_SHA,});
TypeError: Cannot read property 'foo' of undefined
npx @netwarden/cli upload-sourcemaps or with the Vite, Webpack, and Next.js plugins. Recipes for Vercel, Railway, Fly, Cloudflare Pages, and Netlify in the docs.What this is not
Apps is deliberately scoped. We picked a small set of features so those features actually ship, and so the price stays fixed. Here's what we don't do, and why.
Not session replay
We don't record the DOM, mouse moves, or keystrokes. We don't plan to. If replay is what you need, Highlight is the right answer.
Not feature flags or A/B tests
Different product. LaunchDarkly, Statsig, and PostHog Flags exist; we focus on what ships, not what's hidden behind a flag.
Not distributed tracing
No traceparent propagation, no waterfall UI. We surface per-route p50/p95/p99 instead. 90% of what most teams need.
Not profiling or flamegraphs
Runtime sampling that doesn't fit serverless and a UI most solo devs won't read. We surface slow routes as numbers.
Not a SIEM or log aggregator
Logs at scale need Elasticsearch and a budget for it. We capture errors as events. Use Better Stack or Axiom for free-text logs.
Not per-event pricing
Every Apps tier is fixed monthly. Soft caps pause ingestion for 24h with an email. Nothing auto-charges. Ever.
Where we beat them, and where we don't
Sentry is more complete. PostHog has deeper analytics. We don't try to win on either axis. We win on the dependency wedge, fixed pricing, and self-hosting in one binary.
| Feature | Netwarden Apps | Sentry | PostHog | Bugsnag |
|---|---|---|---|---|
| Error tracking with source maps | ||||
| Dependency CVE alerts on lockfile | ||||
| Cookieless pageviews + funnels | ||||
| Distributed tracing | ||||
| Session replay | ||||
| Mobile SDKs (iOS, Android, RN) | ||||
| Self-hostable in one binary | ||||
| Fixed monthly price (no per-event) |
Fixed monthly. Soft caps. Never per-event.
Pick a tier by project count, not event volume. If you exceed the cap, ingestion pauses for 24h with an email. Nothing auto-charges.
Free
1 project · dependency wedge included
Solo
Best value3 projects · 30-day retention
Studio
10 projects · 60-day retention
Agency
Unlimited projects (fair-use)
The whole Apps surface ships in the same Bun binary
Error ingestion, the OSV.dev advisory matcher, the events pipeline, and the dashboard. Every capability on this page ships in the single Bun-compiled binary you can run yourself. Bring your own SQLite or Postgres, point your DSN at it, ship.
Ship your app. We'll watch the rest.
Free tier covers one project, dependency wedge included. The first time a CVE patch ships for a package you're running, you'll know. Even on Free.