← Home

logfire

npm Repository Homepage

JavaScript API for Logfire - https://pydantic.dev/logfire

24
Versions
MIT
License
No
Install Scripts
Verified
Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures No source commit

Maintainers

petyosipydantic-user

Keywords

logfireobservabilityopentelemetrytracingprofilingstatsmonitoring

Accepted risks

Findings the reviewer chose to accept rather than block on.

SourceRuleReasonAccepted byWhen
source-diff obfuscated-file:dist/logfireApiConfig-CcPYJWpD.js AI (source-diff): Standard Vite/Rollup minified ESM bundle; OTel config/scrubbing logic. ai
source-diff obfuscated-file:dist/evals-DzBb-aXS.js AI (source-diff): Standard Vite/Rollup minified ESM bundle; evaluator framework code. ai
source-diff obfuscated-file:dist/evals-CmFqli-O.cjs AI (source-diff): Standard Vite/Rollup minified bundle; content is evaluator framework code. ai
source-diff obfuscated-file:dist/index-Cqy7dSrd.d.ts AI (source-diff): TypeScript declaration file with long lines; not executable obfuscation. ai
source-diff obfuscated-file:dist/logfireApiConfig-1uYv6Eqz.cjs AI (source-diff): Standard Vite/Rollup minified bundle; content is OTel config/scrubbing logic. ai
source-diff obfuscated-file:dist/logfireApiConfig-jcz9LPdL.js AI (source-diff): Standard minified build artifact from Pydantic's CI; content is readable OTel/logfire logic, not obfuscated malware. ai
source-diff obfuscated-file:dist/logfireApiConfig-DdcRzAoc.cjs AI (source-diff): Standard minified build artifact from Pydantic's CI; content is readable OTel/logfire logic, not obfuscated malware. ai
source-diff obfuscated-file:dist/logfireApiConfig-DQ0spFqa.js AI (source-diff): ESM counterpart of the same minified build artifact; same rationale as the CJS file. ai
source-diff obfuscated-file:dist/logfireApiConfig-CtptxXPj.cjs AI (source-diff): Standard minified build artifact from vite/rollup; content is readable OpenTelemetry instrumentation logic, not obfuscated malware. ai
source-diff obfuscated-file:dist/logfireApiConfig-DLa42ltL.cjs AI (source-diff): Standard minified build artifact from Pydantic's logfire-js; content is readable OTel/logfire logic, not obfuscated malware. ai
source-diff obfuscated-file:dist/logfireApiConfig-QZM4f0Qj.js AI (source-diff): Standard minified build artifact from Pydantic's logfire-js; content is readable OTel/logfire logic, not obfuscated malware. ai
source-diff obfuscated-file:dist/evals-CwcmqSsB.cjs AI (source-diff): Standard Vite/Rollup bundle output for a legitimate Pydantic observability SDK. ai
source-diff obfuscated-file:dist/logfireApiConfig-C77Jik4s.cjs AI (source-diff): Standard Vite/Rollup bundle output for a legitimate Pydantic observability SDK. ai
source-diff obfuscated-file:dist/index-CO88iIAf.d.ts AI (source-diff): TypeScript declaration file with long lines; not obfuscated code. ai
source-diff obfuscated-file:dist/logfireApiConfig-RLye4X61.js AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/cli.cjs AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/datasets.cjs AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/evals-D56YQmTr.cjs AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/logfireApiConfig-CSt2ZIGC.cjs AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/referenceSyntax-CeGNnQNL.cjs AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/index-D8pkV0EB.d.cts AI (source-diff): TypeScript declaration file with long lines; not obfuscated. ai
source-diff obfuscated-file:dist/cli.js AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/datasets.js AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/evals-onsV6Djb.js AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/referenceSyntax-CBsfb2cy.js AI (source-diff): Standard Rollup/Vite bundle output; readable logic, no obfuscation. ai
source-diff obfuscated-file:dist/index-DzGlvINU.d.ts AI (source-diff): TypeScript declaration file with long lines; not obfuscated. ai
dependencies unvetted-dep:handlebars AI (dependencies): handlebars is a well-established templating library used legitimately for reference syntax rendering. ai
phantom-deps phantom-dep:handlebars AI (phantom-deps): Bundled into dist; not directly imported in source but used via bundle — stable false positive. ai
dependencies unvetted-dep:@pydantic/logfire-api AI (dependencies): Sibling package from the same Pydantic org; expected monorepo dependency pattern. ai
phantom-deps phantom-dep:p-retry AI (phantom-deps): Bundled into dist output by Vite; not directly imported at runtime. ai
phantom-deps phantom-dep:js-yaml AI (phantom-deps): Bundled into dist output by Vite; not directly imported at runtime. ai
phantom-deps phantom-dep:zod AI (phantom-deps): Bundled into dist output by Vite; not directly imported at runtime. ai
source-diff obfuscated-file:dist/vars.js AI (source-diff): Standard Vite/Rollup minified bundle output; readable OTel instrumentation code, not obfuscation. ai
source-diff obfuscated-file:dist/logfireApiConfig-nMrOSvHr.js AI (source-diff): Standard Vite/Rollup minified bundle output; readable OTel instrumentation code, not obfuscation. ai
source-diff obfuscated-file:dist/vars.cjs AI (source-diff): Standard Vite/Rollup minified bundle output; readable OTel instrumentation code, not obfuscation. ai
source-diff obfuscated-file:dist/logfireApiConfig-BNBplQH8.cjs AI (source-diff): Standard Vite/Rollup minified bundle output; readable OTel instrumentation code, not obfuscation. ai
provenance missing-githead AI (provenance): SLSA provenance attestation provides stronger integrity guarantee than gitHead; acceptable for this package. ai

Versions (showing 24 of 24)

Version Deps Published
0.20.0 4 / 8
0.19.0 3 / 7
0.18.0 3 / 7
0.17.0 3 / 7
0.16.0 3 / 7
0.15.2 3 / 7
0.15.1 3 / 7
0.15.0 3 / 7
0.14.0 3 / 7
0.13.2 0 / 3
0.13.1 0 / 3
0.13.0 0 / 3
0.12.0 0 / 3
0.11.1 0 / 10
0.11.0 0 / 8
0.10.0 2 / 18
0.9.1 2 / 18
0.9.0 2 / 18
0.8.0 1 / 18
0.7.0 1 / 18
0.6.0 1 / 17
0.5.2 1 / 17
0.5.1 1 / 17
0.5.0 1 / 17

v0.20.0

13 findings
HIGH New obfuscated file: dist/cli.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/datasets.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/evals-D56YQmTr.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-CSt2ZIGC.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/referenceSyntax-CeGNnQNL.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-D8pkV0EB.d.cts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cli.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/datasets.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/evals-onsV6Djb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-RLye4X61.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/referenceSyntax-CBsfb2cy.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-DzGlvINU.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.19.0

11 findings
HIGH New obfuscated file: dist/cli.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/datasets.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/evals-CwcmqSsB.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-C77Jik4s.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-D8pkV0EB.d.cts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/cli.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/datasets.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/evals-onsV6Djb.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-RLye4X61.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-CO88iIAf.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.18.0

9 findings
HIGH New obfuscated file: dist/datasets.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/evals-CmFqli-O.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-1uYv6Eqz.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-D8pkV0EB.d.cts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/datasets.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/evals-DzBb-aXS.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-CcPYJWpD.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/index-Cqy7dSrd.d.ts source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.17.0

3 findings
HIGH New obfuscated file: dist/logfireApiConfig-DdcRzAoc.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-jcz9LPdL.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.16.0

3 findings
HIGH New obfuscated file: dist/logfireApiConfig-CtptxXPj.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-DQ0spFqa.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.2

3 findings
HIGH New obfuscated file: dist/logfireApiConfig-DLa42ltL.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-QZM4f0Qj.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.1

5 findings
HIGH New obfuscated file: dist/logfireApiConfig-BNBplQH8.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/vars.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-nMrOSvHr.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/vars.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.15.0

5 findings
HIGH New obfuscated file: dist/logfireApiConfig-BNBplQH8.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/vars.cjs source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/logfireApiConfig-nMrOSvHr.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

HIGH New obfuscated file: dist/vars.js source-diff

Newly added source file contains lines over 3000 chars, suggesting minified or obfuscated code. New obfuscated files are a strong attack indicator.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.14.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.2

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.13.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.12.0

2 findings
HIGH Missing gitHead — previous versions had it provenance

This version has no gitHead field linking it to a source commit, but previous versions did. This suggests the publish environment changed. Published by: GitHub Actions.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.11.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.10.0

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.1

1 finding
INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.9.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.8.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.7.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.6.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.2

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.1

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v0.5.0

1 finding
LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.