← Home

@opentelemetry/api

npm Repository Homepage

Public API for OpenTelemetry

44
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dyladanpichlermarcnpmjs-accounttrentm

Keywords

opentelemetrynodejsbrowsertracingprofilingstatsmonitoring

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
typosquat typosquat.levenshtein:hapi AI (typosquat): False positive: @opentelemetry/api is the official CNCF OpenTelemetry JS API. Edit-distance comparison of scoped package suffix 'api' to 'hapi' is a known artifact of naive Levenshtein on scoped packages. ai
typosquat typosquat.levenshtein:pg AI (typosquat): False positive: @opentelemetry/api is the official CNCF OpenTelemetry JS API. No impersonation of 'pg' is plausible. ai
typosquat typosquat.levenshtein:joi AI (typosquat): False positive: @opentelemetry/api is the official CNCF OpenTelemetry JS API. No impersonation of 'joi' is plausible. ai
typosquat typosquat.levenshtein:ajv AI (typosquat): False positive: @opentelemetry/api is the official CNCF OpenTelemetry JS API. No impersonation of 'ajv' is plausible. ai
provenance publisher-changed AI (provenance): pichlermarc is a long-standing OpenTelemetry JS maintainer (1277 approved packages, active 1073 days). Publisher transition from dyladan is a legitimate org-level handoff. ai
maintainer-change maintainer-added AI (maintainer-change): pichlermarc is a verified OpenTelemetry maintainer with strong track record; addition is consistent with legitimate project governance. ai

Versions (showing 44 of 44)

Hide prereleases
Version Deps Published
1.9.1 0 / 22
1.9.0 0 / 26
1.8.0 0 / 26
1.7.0 0 / 26
1.6.0 0 / 26
1.5.0 0 / 26
1.4.1 0 / 24
1.4.0 0 / 24
1.3.0 0 / 24
1.2.0 0 / 29
1.1.0 0 / 29
1.0.4 0 / 29
1.0.3 0 / 30
1.0.2 0 / 29
1.0.1 0 / 29
1.0.0 0 / 29
0.21.0 0 / 29
0.20.0 0 / 29
0.19.0 0 / 29
0.18.1 0 / 29
0.18.0 0 / 29
0.17.0 1 / 22
0.16.0 1 / 22
0.15.0 1 / 22
0.14.0 1 / 22
0.13.0 1 / 22
0.12.0 1 / 22
0.11.0 1 / 22
0.10.2 1 / 20
0.10.1 1 / 20
0.10.0 1 / 20
0.9.0 1 / 20
0.8.3 1 / 20
0.8.2 1 / 20
0.8.1 1 / 22
0.8.0 1 / 22
0.7.0 1 / 22
0.6.1 1 / 22
0.6.0 1 / 22
0.5.2 1 / 22
0.5.1 1 / 22
0.5.0 1 / 22
0.4.0 0 / 22
1.0.0-rc.0 0 / 29

v1.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.7.0

2 findings
HIGH Publisher changed: dyladan → pichlermarc (on 2023-11-07) provenance

This version was published by a different npm account than previous versions on 2023-11-07. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.6.0

2 findings
HIGH Publisher changed: dyladan → pichlermarc (on 2023-09-12) provenance

This version was published by a different npm account than previous versions on 2023-09-12. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.5.0

2 findings
HIGH Publisher changed: dyladan → pichlermarc (on 2023-09-11) provenance

This version was published by a different npm account than previous versions on 2023-09-11. This could indicate a legitimate maintainer transition or an account compromise.

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.3.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.2.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.1.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.4

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v1.0.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.21.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.20.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.19.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.18.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.18.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.17.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: obecny → dyladan (on 2021-02-17) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2021-02-17. This could indicate a legitimate maintainer transition or an account compromise.

v0.16.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → obecny (on 2021-02-01) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2021-02-01. This could indicate a legitimate maintainer transition or an account compromise.

v0.15.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.14.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.13.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: obecny → dyladan (on 2020-12-04) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-12-04. This could indicate a legitimate maintainer transition or an account compromise.

v0.12.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.11.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → obecny (on 2020-09-01) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-09-01. This could indicate a legitimate maintainer transition or an account compromise.

v0.10.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.10.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: mayurkale22 → dyladan (on 2020-07-27) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-07-27. This could indicate a legitimate maintainer transition or an account compromise.

v0.9.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → mayurkale22 (on 2020-06-18) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-06-18. This could indicate a legitimate maintainer transition or an account compromise.

v0.8.3

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.8.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: mayurkale22 → dyladan (on 2020-05-18) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-05-18. This could indicate a legitimate maintainer transition or an account compromise.

v0.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.7.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → mayurkale22 (on 2020-04-24) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-04-24. This could indicate a legitimate maintainer transition or an account compromise.

v0.6.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: mayurkale22 → dyladan (on 2020-04-08) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-04-08. This could indicate a legitimate maintainer transition or an account compromise.

v0.6.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → mayurkale22 (on 2020-04-02) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-04-02. This could indicate a legitimate maintainer transition or an account compromise.

v0.5.2

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: mayurkale22 → dyladan (on 2020-03-27) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-03-27. This could indicate a legitimate maintainer transition or an account compromise.

v0.5.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: mayurkale22 → dyladan (on 2020-03-20) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2020-03-20. This could indicate a legitimate maintainer transition or an account compromise.

v0.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.4.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.