OpenTelemetry JavaScript Client
Installations
npm install @opentelemetry/resources
Score
92.9
Supply Chain
86.1
Quality
91
Maintenance
100
Vulnerability
99.3
License
Releases
semconv/v1.28.0
Published on 20 Nov 2024
experimental/v0.55.0
Published on 18 Nov 2024
v1.28.0
Published on 18 Nov 2024
experimental/v0.54.2
Published on 07 Nov 2024
experimental/v0.54.1
Published on 05 Nov 2024
experimental/v0.54.0
Published on 23 Oct 2024
Contributors
Developer
Developer Guide
Module System
CommonJS, UMD
Min. Node Version
>=14
Typescript Support
Yes
Node Version
18.20.4
NPM Version
lerna/6.6.2/node@v18.20.4+x64 (linux)
Statistics
2,766 Stars
2,357 Commits
811 Forks
53 Watching
23 Branches
486 Contributors
Updated on 28 Nov 2024
Bundle Size
16.77 kB
Minified
4.70 kB
Minified + Gzipped
Languages
TypeScript (96.7%)
JavaScript (3.1%)
Jinja (0.1%)
Shell (0.08%)
HTML (0.02%)
Total Downloads
Cumulative downloads
Total Downloads
645,718,191
Last day
2.1%
2,208,873
Compared to previous day
Last week
10.1%
12,321,049
Compared to previous week
Last month
13.3%
48,573,816
Compared to previous month
Last year
158.4%
402,765,396
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Peer Dependencies
1
Getting Started   •  API and SDK Reference
Contributing   •  Examples
About this project
This is the JavaScript version of OpenTelemetry, a framework for collecting traces, metrics, and logs from applications.
Quick Start
Much of OpenTelemetry JS documentation is written assuming the compiled application is run as CommonJS. For more details on ECMAScript Modules vs CommonJS, refer to esm-support.
The following describes how to set up tracing for a basic web application. For more detailed documentation, see the website at https://opentelemetry.io/docs/instrumentation/js/.
Installation
Dependencies with the latest
tag on NPM should be compatible with each other.
See the version compatibility matrix below for more information.
1npm install --save @opentelemetry/api 2npm install --save @opentelemetry/sdk-node 3npm install --save @opentelemetry/auto-instrumentations-node
Note: auto-instrumentations-node
is a meta package from opentelemetry-js-contrib that provides a simple way to initialize multiple Node.js instrumentations.
Set up Tracing
1// tracing.js 2 3'use strict' 4 5const process = require('process'); 6const opentelemetry = require('@opentelemetry/sdk-node'); 7const { getNodeAutoInstrumentations } = require('@opentelemetry/auto-instrumentations-node'); 8const { ConsoleSpanExporter } = require('@opentelemetry/sdk-trace-base'); 9const { Resource } = require('@opentelemetry/resources'); 10const { SEMRESATTRS_SERVICE_NAME } = require('@opentelemetry/semantic-conventions'); 11 12// configure the SDK to export telemetry data to the console 13// enable all auto-instrumentations from the meta package 14const traceExporter = new ConsoleSpanExporter(); 15const sdk = new opentelemetry.NodeSDK({ 16 resource: new Resource({ 17 [SEMRESATTRS_SERVICE_NAME]: 'my-service', 18 }), 19 traceExporter, 20 instrumentations: [getNodeAutoInstrumentations()] 21}); 22 23// initialize the SDK and register with the OpenTelemetry API 24// this enables the API to record telemetry 25sdk.start(); 26 27// gracefully shut down the SDK on process exit 28process.on('SIGTERM', () => { 29 sdk.shutdown() 30 .then(() => console.log('Tracing terminated')) 31 .catch((error) => console.log('Error terminating tracing', error)) 32 .finally(() => process.exit(0)); 33});
Run Your Application
1node -r ./tracing.js app.js
The above example will emit auto-instrumented telemetry about your Node.js application to the console. For a more in-depth example, see the Getting Started Guide. For more information about automatic instrumentation see @opentelemetry/sdk-trace-node, which provides auto-instrumentation for Node.js applications. If the automatic instrumentation does not suit your needs, or you would like to create manual traces, see @opentelemetry/sdk-trace-base
Library Author
If you are a library author looking to build OpenTelemetry into your library, please see the documentation. As a library author, it is important that you only depend on properties and methods published on the public API. If you use any properties or methods from the SDK that are not officially a part of the public API, your library may break if an application owner uses a different SDK implementation.
Supported Runtimes
Platform Version | Supported |
---|---|
Node.JS v22 | :heavy_check_mark: |
Node.JS v20 | :heavy_check_mark: |
Node.JS v18 | :heavy_check_mark: |
Node.JS v16 | :heavy_check_mark: |
Node.JS v14 | :heavy_check_mark: |
Older Node Versions | See Node Support |
Web Browsers | See Browser Support below |
Node Support
Only Node.js Active or Maintenance LTS versions are supported.
Previous versions of node may work, but they are not tested by OpenTelemetry and they are not guaranteed to work.
Note that versions of Node.JS v8 prior to v8.12.0
will NOT work, because OpenTelemetry Node depends on the
perf_hooks
module introduced in v8.5.0
and performance.timeOrigin
that is set correctly starting in v8.12.0
.
Browser Support
[!IMPORTANT] Client instrumentation for the browser is experimental and mostly unspecified. If you are interested in helping out, get in touch with the Client Instrumentation SIG.
There is currently no list of officially supported browsers. OpenTelemetry is developed using standard web technologies and aims to work in currently supported versions of major browsers.
Package Version Compatibility
OpenTelemetry is released as a set of distinct packages in 3 categories: API, stable SDK, and experimental. The API is located at /api, the stable SDK packages are in the /packages directory, and the experimental packages are listed in the /experimental/packages directory. There may also be API packages for experimental signals in the experimental directory. All stable packages are released with the same version, and all experimental packages are released with the same version. The below table describes which versions of each set of packages are expected to work together.
Stable Packages | Experimental Packages |
---|---|
1.21.x | 0.48.x |
1.20.x | 0.47.x |
1.19.x | 0.46.x |
1.18.x | 0.45.x |
1.17.x | 0.44.x |
Older version compatibility matrix
Stable Packages | Experimental Packages |
---|---|
1.16.x | 0.42.x |
1.15.x | 0.41.x |
1.14.x | 0.40.x |
1.13.x | 0.39.x |
1.12.x | 0.38.x |
1.11.x | 0.37.x |
1.10.x | 0.36.x |
1.9.x | 0.35.x |
1.8.x (this and later versions require API >=1.3.0 for metrics) | 0.34.x |
1.7.x | 0.33.x |
1.6.x | 0.32.x |
1.5.x | 0.31.x |
1.4.x | 0.30.x |
1.3.x | 0.29.x |
1.2.x | 0.29.x |
1.1.x | 0.28.x |
1.0.x | 0.27.x |
1.0.x (this and later versions require API >=1.0.0 for traces) | 0.26.x |
Versioning
The current version for each package can be found in the respective package.json
file for that module. For additional details see the versioning and stability document in the specification.
Feature Status
Signal | API Status | SDK Status |
---|---|---|
Tracing | Stable | Stable |
Metrics | Stable | Stable |
Logs | Development | Development |
For a more detailed breakdown of feature support see the specification compliance matrix.
Contributing
We'd love your help!. Use tags up-for-grabs and good first issue to get started with the project. For instructions to build and make changes to this project, see the CONTRIBUTING guide.
We have a weekly SIG meeting! See the community page for meeting details and notes.
Community members
Maintainers (@open-telemetry/javascript-maintainers)
- Amir Blum, Odigos
- Chengzhong Wu, Bloomberg
- Daniel Dyla, Dynatrace
- Jamie Danielson, Honeycomb
- Marc Pichler, Dynatrace
- Trent Mick, Elastic
Find more about the maintainer role in the community repository.
Approvers (@open-telemetry/javascript-approvers)
- David Luna, Elastic
- Hector Hernandez, Microsoft
- Martin Kuba, Lightstep
- Matthew Wear, LightStep
- Naseem K. Ullah, Transit
- Neville Wylie, Microsoft
- Purvi Kanal, Honeycomb
- Svetlana Brennan, New Relic
- Marylia Gutierrez, Grafana Labs
Find more about the approver role in the community repository.
Triager (@open-telemetry/javascript-triagers)
- N/A
Find more about the triager role in the community repository.
Emeriti
- Bartlomiej Obecny, LightStep, Maintainer
- Daniel Khan, Dynatrace, Maintainer
- Mayur Kale, Google, Maintainer
- Rauno Viskus, Maintainer
- Valentin Marchaud, Maintainer
- Brandon Gonzalez, LightStep, Approver
- Roch Devost, DataDog, Approver
- John Bley, Splunk, Approver
- Mark Wolff, Microsoft, Approver
- Olivier Albertini, Ville de Montréal, Approver
- Gerhard Stöbich, Dynatrace, Approver
- Haddas Bronfman, Cisco, Approver
Find more about the emeritus role in community repository.
Thanks to all the people who already contributed
Packages
API
Package | Description |
---|---|
@opentelemetry/api | This package provides TypeScript interfaces, enums and no-op implementations for the OpenTelemetry core trace and metrics model. It is intended for use both on the server and in the browser. |
@opentelemetry/core | This package provides default and no-op implementations of the OpenTelemetry api for trace and metrics. It's intended for use both on the server and in the browser. |
Implementation / SDKs
Package | Description |
---|---|
@opentelemetry/sdk-trace-base | This module provides a full control over instrumentation and span creation. It doesn't load async_hooks or any instrumentation by default. It is intended for use both on the server and in the browser. |
@opentelemetry/sdk-metrics | This module provides instruments and meters for reporting of time series data. |
@opentelemetry/sdk-trace-node | This module provides automatic tracing for Node.js applications. It is intended for use on the server only. |
@opentelemetry/sdk-trace-web | This module provides automated instrumentation and tracing for Web applications. It is intended for use in the browser only. |
Compatible Exporters
OpenTelemetry is vendor-agnostic and can upload data to any backend with various exporter implementations. Even though, OpenTelemetry provides support for many backends, vendors/users can also implement their own exporters for proprietary and unofficially supported backends.
See the OpenTelemetry registry for a list of exporters available.
Instrumentations
OpenTelemetry can collect tracing data automatically using instrumentations.
To request automatic tracing support for a module not on this list, please file an issue. Alternatively, Vendor/Users can write an instrumentation yourself.
Currently, OpenTelemetry supports automatic tracing for:
Node Instrumentations
Core
Contrib
These instrumentations are hosted at https://github.com/open-telemetry/opentelemetry-js-contrib/tree/master/plugins/node
Web Instrumentations
Core
Contrib
These instrumentations are hosted at https://github.com/open-telemetry/opentelemetry-js-contrib/tree/master/plugins/web
Shims
Package | Description |
---|---|
@opentelemetry/shim-opentracing | OpenTracing shim allows existing OpenTracing instrumentation to report to OpenTelemetry |
Useful links
- Upgrade guidelines: Upgrade Guide
- For more information on OpenTelemetry, visit: https://opentelemetry.io/
- For help or feedback on this project, join us in GitHub Discussions
License
Apache 2.0 - See LICENSE for more information.
No vulnerabilities found.
Reason
all changesets reviewed
Reason
30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: github.com/open-telemetry/.github/SECURITY.md:1
- Info: Found linked content: github.com/open-telemetry/.github/SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/open-telemetry/.github/SECURITY.md:1
- Info: Found text in security policy: github.com/open-telemetry/.github/SECURITY.md:1
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/benchmark.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/benchmark.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/changelog.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/changelog.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/close-stale.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/close-stale.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/codeql-analysis.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-or-update-release-pr.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/create-or-update-release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/create-or-update-release-pr.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/create-or-update-release-pr.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/docs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/docs.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/docs.yaml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/docs.yaml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/docs.yaml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/peer-api.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/peer-api.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npm.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/publish-to-npm.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-to-npm.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/publish-to-npm.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/sbom.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/sbom.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom.yml:56: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/sbom.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom.yml:68: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/sbom.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sbom.yml:72: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/sbom.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-test.yml:50: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:63: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:88: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-test.yml:106: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:117: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:118: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/unit-test.yml:134: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:150: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/unit-test.yml:152: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/unit-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/w3c-integration-test.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/w3c-integration-test.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/w3c-integration-test.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/open-telemetry/opentelemetry-js/w3c-integration-test.yml/main?enable=pin
- Warn: pipCommand not pinned by hash: integration-tests/tracecontext-integration-test.sh:13
- Warn: pipCommand not pinned by hash: integration-tests/tracecontext-integration-test.sh:14
- Warn: npmCommand not pinned by hash: .github/workflows/benchmark.yml:30
- Warn: npmCommand not pinned by hash: .github/workflows/create-or-update-release-pr.yml:49
- Warn: npmCommand not pinned by hash: .github/workflows/peer-api.yml:21
- Warn: npmCommand not pinned by hash: .github/workflows/peer-api.yml:24
- Warn: npmCommand not pinned by hash: .github/workflows/sbom.yml:22
- Warn: npmCommand not pinned by hash: .github/workflows/unit-test.yml:162
- Warn: npmCommand not pinned by hash: .github/workflows/unit-test.yml:163
- Warn: npmCommand not pinned by hash: .github/workflows/unit-test.yml:35
- Warn: npmCommand not pinned by hash: .github/workflows/unit-test.yml:39
- Info: 0 out of 34 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 5 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 pipCommand dependencies pinned
- Info: 10 out of 19 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/sbom.yml:65
- Warn: no topLevel permission defined: .github/workflows/benchmark.yml:1
- Warn: no topLevel permission defined: .github/workflows/changelog.yml:1
- Warn: no topLevel permission defined: .github/workflows/close-stale.yml:1
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: no topLevel permission defined: .github/workflows/create-or-update-release-pr.yml:1
- Warn: no topLevel permission defined: .github/workflows/docs.yaml:1
- Warn: no topLevel permission defined: .github/workflows/label-releases.yml:1
- Warn: no topLevel permission defined: .github/workflows/lint.yml:1
- Warn: no topLevel permission defined: .github/workflows/peer-api.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-to-npm.yml:1
- Info: topLevel permissions set to 'read-all': .github/workflows/sbom.yml:6
- Warn: no topLevel permission defined: .github/workflows/unit-test.yml:1
- Warn: no topLevel permission defined: .github/workflows/w3c-integration-test.yml:1
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact semconv/v1.28.0 not signed: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/186506659
- Warn: release artifact v1.28.0 not signed: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/185909928
- Warn: release artifact experimental/v0.55.0 not signed: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/185909953
- Warn: release artifact experimental/v0.54.2 not signed: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/184145705
- Warn: release artifact experimental/v0.54.1 not signed: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/183682082
- Warn: release artifact semconv/v1.28.0 does not have provenance: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/186506659
- Warn: release artifact v1.28.0 does not have provenance: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/185909928
- Warn: release artifact experimental/v0.55.0 does not have provenance: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/185909953
- Warn: release artifact experimental/v0.54.2 does not have provenance: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/184145705
- Warn: release artifact experimental/v0.54.1 does not have provenance: https://api.github.com/repos/open-telemetry/opentelemetry-js/releases/183682082
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
20 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-ghr5-ch3p-vcr6
- Warn: Project is vulnerable to: GHSA-pfrx-2q88-qq97
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw
- Warn: Project is vulnerable to: GHSA-5rrq-pxf6-6jx5
- Warn: Project is vulnerable to: GHSA-8fr3-hfg3-gpgp
- Warn: Project is vulnerable to: GHSA-gf8q-jrpm-jvxq
- Warn: Project is vulnerable to: GHSA-2r2c-g63r-vccr
- Warn: Project is vulnerable to: GHSA-cfm4-qjh2-4765
- Warn: Project is vulnerable to: GHSA-x4jg-mjrx-434g
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
Score
5.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to @opentelemetry/resources
@opentelemetry/api-logs
Public logs API for OpenTelemetry
@opentelemetry/api
Public API for OpenTelemetry
@google-cloud/opentelemetry-resource-util
Resource util used by other @google-cloud/opentelemetry* packages
@opentelemetry/resource-detector-alibaba-cloud
OpenTelemetry resource detector for Alibaba Cloud