Runtime security for Node-RED

Block attacks before
they reach your flows

Sentinel intercepts credential theft, monkey-patching, hook injection, and 30+ attack vectors at runtime — without modifying the Node-RED core.

Get a license → Read the docs
Local / Host
$ cd ~/.node-red
$ npm install @allanoricil/nrg-sentinel
$ NODE_OPTIONS="--require @allanoricil/nrg-sentinel/preload" node-red
Docker
$ docker pull allanoricil/nrg-sentinel
$ docker run -p 1880:1880 -v ~/.node-red:/data allanoricil/nrg-sentinel
33+
Attack vectors blocked
0
Dependencies
0
Core modifications
Protection layers

Everything locked down by default

Every third-party package starts with zero privileges. You explicitly grant only what each package needs.

🔑
Credential Protection
Blocks unauthorized reads and writes to node credentials. Each package must be explicitly granted node:credentials:read before it can touch any secret.
🛡️
Node Isolation
Every inter-node call passes through a capability-checked proxy. A package without the right grant cannot read, write, rewire, or close another node's instance.
📦
Module Loader Lock
Hooks require() for fs, http, child_process, vm, and worker_threads. Blocked calls are logged with the exact grant needed to allow them.
🌐
Network Policy
Outbound HTTP, raw sockets, and DNS lookups are gated separately. Combine with the URL allowlist to restrict exactly which hosts each package can reach.
Hook Integrity
Prevents rogue packages from registering onSend/onReceive hooks to silently intercept or modify messages in the pipeline.
📋
Editor Sidebar
Admin-only UI panel inside Node-RED for managing package grants and per-node-type permissions live — no settings.js edit or restart needed.
Change control

Every flow change reviewed before it lands

In production, a single accidental or malicious deploy can break a running system. Sentinel intercepts deployments before they apply and holds them in a persistent queue until an admin approves.

🚦
Deployment Queue
Flow deployments are intercepted by Sentinel and written to a persistent queue instead of being applied immediately. The queue survives restarts — a pending deployment stays pending until explicitly approved or rejected by an admin. Non-admin users receive a notification that their change is awaiting review.
🔬
Visual Deployment Review
A dedicated review interface opens for each queued deployment and shows a side-by-side diff of exactly what changed — new nodes, removed nodes, rewired connections, and modified properties. Admins approve or reject with a single click. Approved changes are applied atomically; rejected ones are discarded.
What Sentinel blocks
Monkey Patching
Hook Injection
Credential Theft
Wire Manipulation
Direct Receive Injection
Express Middleware Hijack
EventEmitter Hijack
Node Enumeration
Prototype Pollution
Flow File Tampering
Settings.js Tampering
Express Route Backdoor
Config Node Z-Forgery
Symbol Property Bypass
Child Process Exec
Filesystem Read / Write
Process Env Exfiltration
Process Exit DoS
VM Sandbox Escape
Worker Thread Escape
Raw Socket Exfiltration
DNS Tunneling
Registry Type Hijack
Settings Mutation
Comms Publish Spoofing
Context Store Theft
Flows Injection
Node Event Hijack
Deep Stack Bypass
HTTP Route Deletion
Source Tampering
Message Provenance Forgery
How it works

17 techniques. 5 layers. One process.

Sentinel shares the Node.js process with the packages it protects against — no sandbox, no separate runtime. Defense comes from layered JavaScript hardening applied before any third-party code loads.

🧬
Prototype hardening
Object.preventExtensions on every built-in prototype before the first require(). Blocks prototype pollution from injecting properties that would silently pass capability checks.
🔗
Module loader interception
Hooks Module._load and immediately locks it configurable: false. Every require('fs'), require('child_process'), and require('vm') goes through a capability check before the module is handed to the caller.
🔒
ES6 Proxy node isolation
Every node returned by getNode() is wrapped in a Proxy with get, set, and defineProperty traps. Credentials, wires, and context are guarded at the language level — there is no way to bypass a Proxy from JavaScript without the original reference.
📍
Intrinsic capture
Every built-in method the guard logic depends on — String.prototype.includes, Array.prototype.indexOf, WeakMap.prototype.get, and 20+ more — is pinned as a bound function before any package loads, so overwriting a prototype method cannot blind a guard.
🔍
Call-stack introspection
Caller identity is resolved by parsing the V8 stack trace at every guard site. There is no way to forge this from JavaScript. Anonymous frames from new Function() and eval are treated as untrusted, closing the deep-stack-bypass attack class.
🛡️
File integrity watchdog
A 30-second interval re-hashes preload.js and plugin.js against their startup baseline and checks for permission bit changes. On-disk tampering is detected even if the attacker gained filesystem write access through a separate vulnerability.

Read the full technical reference →

Setup

Up and running in minutes

Three steps. No Node-RED fork, no custom runtime, no infrastructure changes.

STEP 01
Install
Install the package into your Node-RED user directory. Sentinel loads automatically as a plugin on the next restart.
cd ~/.node-red npm install @allanoricil/nrg-sentinel
STEP 02
Enable full protection
Set NODE_OPTIONS so the preload guard is injected before any node package is imported, then start Node-RED as usual.
NODE_OPTIONS="--require @allanoricil/nrg-sentinel/preload" node-red
STEP 03
Grant capabilities
Every package starts with zero privileges. Explicitly grant only what each package needs in settings.js.
sentinel: { license: "your-key", allow: { "my-node": ["registry:register"] } }
STEP 01
Pull the image
Pull the official Sentinel image from Docker Hub. It wraps Node-RED with the preload guard already active.
docker pull allanoricil/nrg-sentinel
STEP 02
Run with your data mounted
Mount your Node-RED user directory so flows, credentials, and the grants file persist across restarts.
docker run -p 1880:1880 \ -v ~/.node-red:/data \ allanoricil/nrg-sentinel
STEP 03
Grant capabilities
Every package starts with zero privileges. Explicitly grant only what each package needs in settings.js.
sentinel: { license: "your-key", allow: { "my-node": ["registry:register"] } }
Pricing

Per-instance licensing

One license key per Node-RED instance. No seat counting, no phone-home.

Trial
Free / 14 days
Evaluate every feature. No key required to get started.
  • All protection layers active
  • Editor sidebar included
  • Full capability system
  • No license key required
Read the docs →
Most popular
Pro
$29 / month per instance
For teams running Node-RED in production.
  • Everything in Trial
  • 12-month key validity
  • Email support
  • License key delivered by email
Buy Pro →
Enterprise
$99 / month per instance
For regulated environments and larger deployments.
  • Everything in Pro
  • Perpetual license option
  • Priority support
  • OEM / redistribution rights
Contact us →
FAQ

Common questions

Does Sentinel modify Node-RED?
No. Sentinel loads as a standard Node-RED plugin and an optional --require preload. It does not patch Node-RED's source, fork the runtime, or require any custom build. Removing Sentinel is as simple as uninstalling the package.
Does it phone home or require internet access?
No. License keys are verified entirely on the local machine using an Ed25519 signature check against a public key baked into the distribution. No data is sent to any server — not your license key, not your customer ID, not any flow or credential data. Sentinel works in fully air-gapped environments.
What happens when my license expires?
Sentinel continues running and protecting your instance. After expiry the product falls back to trial-expired mode: protection stays active but management features (such as the Permissions sidebar) are disabled until a valid key is configured.
Can I use one license across multiple instances?
Licenses are issued per instance. Each Node-RED deployment that runs Sentinel in production requires its own key. The 14-day trial is available on every new instance with no key required.
How do I receive my license key after purchasing?
After your payment is confirmed via Stripe, your license key is sent to the email address you provided at checkout. Keys are typically delivered within a few minutes. If you have not received yours after 30 minutes, email allanoricil@proton.me.
Is the source code available?
NRG Sentinel is dual-licensed. The distributed npm package is a compiled and obfuscated build under a commercial license. The source is available under AGPL-3.0 — if you use it in a product or service distributed to others you must open-source that product, or purchase a commercial license. See LICENSE.md in the package for the full terms.