← Home

@opentelemetry/exporter-metrics-otlp-http

npm Repository Homepage

OpenTelemetry Collector Metrics Exporter allows user to send collected metrics to the OpenTelemetry Collector

51
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dyladanpichlermarcoverbalancenpmjs-accounttrentmmartinkuba

Keywords

opentelemetrynodejsbrowsertracingprofilingmetricsstats

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
provenance publisher-changed AI (provenance): OpenTelemetry moved to GitHub Actions CI/CD publishing with SLSA provenance; this is the expected publisher going forward. ai
phantom-deps phantom-dep:@opentelemetry/resources AI (phantom-deps): Same-org dependency declared in package.json; likely used conditionally or re-exported. Stable for this package. ai

Versions (showing 51 of 66)

View all versions
Version Deps Published
0.218.0 5 / 22
0.217.0 5 / 22
0.216.0 5 / 22
0.215.0 5 / 22
0.214.0 5 / 22
0.213.0 5 / 22
0.212.0 5 / 22
0.211.0 5 / 22
0.210.0 5 / 22
0.209.0 5 / 22
0.208.0 5 / 22
0.207.0 5 / 22
0.206.0 5 / 22
0.205.0 5 / 23
0.204.0 5 / 23
0.203.0 5 / 24
0.202.0 5 / 24
0.201.1 5 / 24
0.201.0 5 / 24
0.200.0 5 / 24
0.57.2 5 / 25
0.57.1 5 / 25
0.57.0 5 / 25
0.56.0 5 / 25
0.55.0 5 / 25
0.54.2 5 / 25
0.54.1 5 / 25
0.54.0 5 / 25
0.53.0 5 / 26
0.52.1 5 / 27
0.52.0 5 / 27
0.51.1 5 / 28
0.51.0 5 / 28
0.50.0 5 / 28
0.49.1 5 / 28
0.49.0 5 / 28
0.48.0 5 / 28
0.47.0 5 / 27
0.46.0 5 / 27
0.45.1 5 / 27
0.45.0 5 / 27
0.44.0 5 / 27
0.43.0 5 / 27
0.42.0 5 / 27
0.41.2 5 / 27
0.41.1 5 / 27
0.41.0 6 / 27
0.40.0 5 / 25
0.39.1 5 / 25
0.39.0 5 / 25
0.38.0 5 / 26

v0.218.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.217.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.216.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.215.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.214.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.213.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.212.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.211.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.210.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.209.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.208.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.207.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.206.0

2 findings
HIGH Publisher changed: dyladan → GitHub Actions (on 2025-10-06) provenance

This version was published by a different npm account than previous versions on 2025-10-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.205.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.204.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.203.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.202.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.201.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.201.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.200.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.57.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.57.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.56.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.55.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.54.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.54.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.54.0

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

INFO Publisher changed: pichlermarc → dyladan (on 2024-10-23) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-23. This could indicate a legitimate maintainer transition or an account compromise.

v0.53.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.52.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.52.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.51.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.51.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.50.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.49.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.49.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.48.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.47.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.46.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.45.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.45.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.44.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.43.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.42.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.41.2

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → pichlermarc (on 2023-08-08) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2023-08-08. This could indicate a legitimate maintainer transition or an account compromise.

v0.41.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: pichlermarc → dyladan (on 2023-07-24) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2023-07-24. This could indicate a legitimate maintainer transition or an account compromise.

v0.41.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.40.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → pichlermarc (on 2023-06-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2023-06-06. This could indicate a legitimate maintainer transition or an account compromise.

v0.39.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.39.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.38.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.