← Home

@opentelemetry/otlp-transformer

npm Repository Homepage

Transform OpenTelemetry SDK data into OTLP

51
Versions
Apache-2.0
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dyladanpichlermarcoverbalancenpmjs-accounttrentmmartinkuba

Keywords

opentelemetrynodejsgrpcprotobufotlptracingmetrics

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff large-new-source-files AI (source-diff): New files are protobufjs-generated static code (root.js and source maps) for OTLP proto schema — expected for this package's protobuf support addition. ai
source-diff source-size-tripled AI (source-diff): Size increase is due to bundled protobuf-generated code (root.js ~827KB x3 build targets + maps), a legitimate architectural change for OTLP protobuf serialization. ai
publish-pattern new-deps-added AI (publish-pattern): protobufjs is a well-known, widely-used library added for legitimate OTLP protobuf serialization support in this package. ai
provenance publisher-changed AI (provenance): Publisher changed from individual maintainer to GitHub Actions CI/CD with SLSA provenance. This is the expected pattern for CNCF/OpenTelemetry projects. ai

Versions (showing 51 of 64)

View all versions
Version Deps Published
0.218.0 6 / 18
0.217.0 7 / 17
0.216.0 7 / 17
0.215.0 7 / 17
0.214.0 7 / 16
0.213.0 7 / 16
0.212.0 7 / 16
0.211.0 7 / 16
0.210.0 7 / 16
0.209.0 7 / 16
0.208.0 7 / 16
0.207.0 7 / 16
0.206.0 7 / 16
0.205.0 7 / 17
0.204.0 7 / 17
0.203.0 7 / 18
0.202.0 7 / 18
0.201.1 7 / 18
0.201.0 7 / 18
0.200.0 7 / 18
0.57.2 7 / 18
0.57.1 7 / 18
0.57.0 7 / 18
0.56.0 7 / 18
0.55.0 7 / 18
0.54.2 7 / 18
0.54.1 7 / 18
0.54.0 7 / 18
0.53.0 7 / 19
0.52.1 7 / 20
0.52.0 7 / 20
0.51.1 6 / 19
0.51.0 6 / 19
0.50.0 6 / 19
0.49.1 6 / 19
0.49.0 6 / 19
0.48.0 6 / 19
0.47.0 6 / 19
0.46.0 6 / 19
0.45.1 6 / 19
0.45.0 6 / 19
0.44.0 6 / 19
0.43.0 6 / 19
0.42.0 6 / 19
0.41.2 6 / 19
0.41.1 6 / 19
0.41.0 7 / 19
0.40.0 6 / 19
0.39.1 6 / 18
0.39.0 5 / 18
0.38.0 4 / 19

v0.218.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.217.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.216.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.215.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.214.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.213.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.212.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.211.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.210.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.209.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.208.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.207.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.206.0

2 findings
HIGH Publisher changed: dyladan → GitHub Actions (on 2025-10-06) provenance

This version was published by a different npm account than previous versions on 2025-10-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.205.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.204.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.203.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.202.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.201.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.201.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.200.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.57.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.57.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.57.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.56.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.55.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.54.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.54.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

v0.54.0

2 findings
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.

INFO Publisher changed: pichlermarc → dyladan (on 2024-10-23) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2024-10-23. This could indicate a legitimate maintainer transition or an account compromise.

v0.53.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.52.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.52.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.51.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.51.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.50.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.49.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.49.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.48.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.47.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.46.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.45.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.45.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.44.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.43.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.42.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.41.2

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → pichlermarc (on 2023-08-08) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2023-08-08. This could indicate a legitimate maintainer transition or an account compromise.

v0.41.1

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: pichlermarc → dyladan (on 2023-07-24) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2023-07-24. This could indicate a legitimate maintainer transition or an account compromise.

v0.41.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.40.0

2 findings
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

INFO Publisher changed: dyladan → pichlermarc (on 2023-06-06) provenance

[Accepted risk] This version was published by a different npm account than previous versions on 2023-06-06. This could indicate a legitimate maintainer transition or an account compromise.

v0.39.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.39.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.

v0.38.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Consider requesting the maintainer enable provenance via CI/CD.