---
package: "@sentry/node"
version: "^10.51.0"
tier: core
decision: approved
date: 2026-05-14
deciders: [Danijel Martinek]
adr: adr-014
filter-results:
  license: MIT
  types: native
  maintenance: active
  boundary-fit: pass
  shadow-check: pass
  eu-residency: ok
  cve-scan: clean
  named-consumer: pass
  socketRisk: clean
verification-commands:
  - npm view @sentry/node license
  - npm view @sentry/node version
  - pnpm audit --audit-level=moderate
accepted-cves: []
---

## Filter: license

<!-- Result: MIT -->

`npm view @sentry/node license` returns `MIT`. MIT is on the allowlist.

## Filter: types

<!-- Result: native -->

`@sentry/node` is authored in TypeScript and ships its own `.d.ts` declaration files. No separate `@types/` package is needed.

## Filter: maintenance

<!-- Result: active -->

Actively maintained by Sentry Inc. The 10.x line is the current major. Regular releases track Node.js LTS versions and fix security issues promptly.

## Filter: boundary-fit

<!-- Result: pass -->

ADR-014 designates Sentry as the error-capture and tracing backend for Node.js server processes. `@sentry/node` is an optional peer dependency of `core-shared` — it is consumed exclusively within `core-shared/instrumentation/sentry/init-server-node.ts` and the CMS app's `instrumentation.ts`. Feature packages MUST NOT import `@sentry/node` directly (ESLint `no-restricted-imports`, ADR-014 §6).

## Filter: shadow-check

<!-- Result: pass -->

`@sentry/node` is the sole Node.js server error-monitoring SDK in the workspace. No competing APM agent or crash reporter is present.

## Filter: eu-residency

<!-- Result: ok -->

Sentry offers EU-region data residency (`de.sentry.io`). The `CMS_SENTRY_DSN` environment variable can point to an EU-hosted project; all payloads route to the DSN host. PII scrubbing at the OTel processor layer (ADR-017, ADR-014 §4) ensures only scrubbed data is exported.

## Filter: cve-scan

<!-- Result: clean -->

`pnpm audit --audit-level=moderate` reports no advisories against `@sentry/node` at the time of this trace.

## Filter: named-consumer

<!-- Result: pass -->

`packages/core-shared` lists `@sentry/node` as an optional peer dependency. `apps/cms/src/instrumentation.ts` is the concrete consumer, initializing the Node SDK for the Payload CMS process. A named, non-hypothetical consumer exists today.

## Prompt: replaces

No prior server-side error monitoring was in place for the CMS process. `@sentry/node` replaces unstructured `console.error` calls that left CMS mutation failures undetected in production.

## Prompt: migration-cost-out

Low. `@sentry/node` is used only in `core-shared/instrumentation/sentry/init-server-node.ts` and the CMS app's `instrumentation.ts`. The interface boundary (ADR-014 §1) means no feature package references it. Replacement requires swapping the initialization file and updating the `CMS_SENTRY_DSN` env var.

## Prompt: alternatives-considered

1. **`@sentry/nextjs` for CMS** — Rejected: the Payload CMS process is a plain Node server, not a Next.js app. `@sentry/node` is the correct SDK for non-Next processes.
2. **OpenTelemetry OTLP exporter only** — Considered but deferred; Sentry's session grouping and alert routing add value beyond raw OTLP. The bridge via `@sentry/opentelemetry` preserves OTel portability.

See ADR-014 for the full decision rationale.