@opentelemetry/context-async-hooks

OpenTelemetry AsyncLocalStorage-based Context Manager

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dyladanpichlermarcnpmjs-accounttrentm

Keywords

opentelemetrynodejstracingprofilingmetricsstats

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): Transition from human publisher (dyladan) to GitHub Actions CI/CD with SLSA provenance; standard for OpenTelemetry project.	ai	2026/04/23
maintainer-change	maintainer-removed	AI (maintainer-change): Routine maintainer roster change in the large OpenTelemetry project; no takeover indicators.	ai	2026/04/23

Versions (showing 87 of 87)

Version	Deps	Published
2.7.1	0 / 6	2026-04-29
2.7.0	0 / 6	2026-04-17
2.6.1	0 / 6	2026-03-25
2.6.0	0 / 6	2026-03-03
2.5.1	0 / 6	2026-02-12
2.5.0	0 / 6	2026-01-21
2.4.0	0 / 6	2026-01-14
2.3.0	0 / 6	2026-01-08
2.2.0	0 / 6	2025-10-21
2.1.0	0 / 7	2025-09-04
2.0.1	0 / 8	2025-05-15
2.0.0	0 / 8	2025-03-17
1.30.1	0 / 8	2025-01-14
1.30.0	0 / 8	2024-12-18
1.29.0	0 / 8	2024-12-04
1.28.0	0 / 8	2024-11-18
1.27.0	0 / 8	2024-10-23
1.26.0	0 / 9	2024-08-28
1.25.1	0 / 10	2024-06-20
1.25.0	0 / 10	2024-06-05
1.24.1	0 / 10	2024-05-07
1.24.0	0 / 10	2024-04-24
1.23.0	0 / 10	2024-04-03
1.22.0	0 / 10	2024-02-29
1.21.0	0 / 10	2024-01-26
1.20.0	0 / 10	2024-01-15
1.19.0	0 / 10	2023-12-14
1.18.1	0 / 10	2023-11-08
1.18.0	0 / 10	2023-11-07
1.17.1	0 / 10	2023-10-10
1.17.0	0 / 10	2023-09-12
1.16.0	0 / 10	2023-09-11
1.15.2	0 / 10	2023-08-08
1.15.1	0 / 10	2023-07-24
1.15.0	1 / 10	2023-07-06
1.14.0	0 / 8	2023-06-06
1.13.0	0 / 8	2023-05-11
1.12.0	0 / 9	2023-04-13
1.11.0	0 / 9	2023-03-30
1.10.1	0 / 9	2023-03-20
1.10.0	0 / 9	2023-03-13
1.9.1	0 / 9	2023-01-30
1.9.0	0 / 9	2023-01-11
1.8.0	0 / 9	2022-11-09
1.7.0	0 / 9	2022-09-16
1.6.0	0 / 9	2022-08-24
1.5.0	0 / 9	2022-07-26
1.4.0	0 / 9	2022-07-06
1.3.1	0 / 9	2022-06-06
1.3.0	0 / 9	2022-05-27
1.2.0	0 / 9	2022-04-22
1.1.1	0 / 9	2022-03-22
1.1.0	0 / 9	2022-03-18
1.0.1	0 / 9	2021-11-11
1.0.0	0 / 9	2021-09-30
0.26.0	0 / 9	2021-09-30
0.25.0	0 / 10	2021-08-18
0.24.0	0 / 10	2021-07-28
0.23.0	0 / 11	2021-06-30
0.22.0	0 / 11	2021-06-17
0.21.0	0 / 11	2021-06-10
0.20.0	0 / 11	2021-06-03
0.19.0	0 / 12	2021-04-22
0.18.2	1 / 11	2021-03-30
0.18.1	1 / 11	2021-03-29
0.18.0	1 / 11	2021-03-02
0.17.0	1 / 11	2021-02-17
0.16.0	1 / 11	2021-02-01
0.15.0	1 / 11	2021-01-21
0.14.0	1 / 11	2020-12-17
0.13.0	1 / 11	2020-12-04
0.12.0	1 / 11	2020-10-19
0.11.0	1 / 11	2020-09-01
0.10.2	1 / 11	2020-08-03
0.10.1	1 / 11	2020-07-28
0.10.0	1 / 11	2020-07-27
0.9.0	1 / 11	2020-06-18
0.8.3	1 / 11	2020-05-28
0.8.2	1 / 11	2020-05-21
0.8.1	1 / 13	2020-05-18
0.8.0	1 / 13	2020-05-12
0.7.0	1 / 13	2020-04-24
0.6.1	1 / 13	2020-04-08
0.6.0	1 / 13	2020-04-02
0.5.2	1 / 13	2020-03-27
0.5.1	1 / 13	2020-03-20
0.5.0	1 / 13	2020-03-16

v2.7.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.5.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.4.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.3.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.2.0

2 findings

HIGH Publisher changed: dyladan → GitHub Actions (on 2025-10-21) provenance

This version was published by a different npm account than previous versions on 2025-10-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v2.1.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v2.0.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v2.0.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.30.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.30.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.29.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v1.28.0

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

INFO Publisher changed: pichlermarc → dyladan (on 2024-11-18) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-11-18. This could indicate a legitimate maintainer transition or an account compromise.

v1.27.0

2 findings

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

INFO Publisher changed: pichlermarc → dyladan (on 2024-10-23) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-23. This could indicate a legitimate maintainer transition or an account compromise.