If you use nodejs and are running it within mocha, you can import it through something like:
const lib = require('safe-app/native/lib');
lib.test_create_app().then( (app) => ...)
The test helpers aren't exposed at the moment. Though we could argu about moving those helper (only) over into the package to make that slightly easier.
Please note, that I said secure location. Keytar provides access to the system owned keypass management part. That is fairly secure. One reason, we want to integrate it, is because otherwise apps start storing these tokens insecurely. If we built this in, you'd get both: security and convenience.