Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
3.4 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @opentelemetry/context-async-hooks | ^1.28.0 | core | approved | 2026-05-14 |
|
adr-017 |
|
|
Filter: license
npm view @opentelemetry/context-async-hooks license returns Apache-2.0. Apache-2.0 is on the allowlist.
Filter: types
@opentelemetry/context-async-hooks is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.
Filter: maintenance
Actively maintained by the OpenTelemetry community. Versioned with the OTel JS SDK at 1.x; the package tracks Node.js async_hooks API stability and receives updates alongside the SDK.
Filter: boundary-fit
ADR-017 mandates OTel as the instrumentation substrate. @opentelemetry/context-async-hooks provides the Node.js AsyncLocalStorage-based context manager required for automatic span propagation across async boundaries. It lives exclusively in core-shared/instrumentation/otel/ and core-audit init paths.
Filter: shadow-check
@opentelemetry/context-async-hooks is the standard OTel context manager for Node.js. No competing context propagation mechanism is present in the workspace.
Filter: eu-residency
@opentelemetry/context-async-hooks is a pure context propagation adapter with no network communication or data transmission. EU residency does not apply.
Filter: cve-scan
pnpm audit --audit-level=moderate reports no advisories against @opentelemetry/context-async-hooks at the time of this trace.
Filter: named-consumer
packages/core-shared/src/instrumentation/otel/ registers AsyncLocalStorageContextManager from this package during OTel SDK init to enable automatic trace context propagation across Node.js async operations. packages/core-audit depends on it for span context in audit records.
Prompt: replaces
Replaces the manual context threading that would otherwise be required to pass span context through async call chains. Without this package, every async function would need to explicitly forward a context argument — defeating the automatic propagation guarantee of OTel.
Prompt: migration-cost-out
Low. @opentelemetry/context-async-hooks is registered in one place during OTel SDK initialization. Swapping to a different context manager (e.g., @opentelemetry/context-zone for browser) is a one-line change in the SDK init file.
Prompt: alternatives-considered
@opentelemetry/context-zone— Zone.js-based context manager designed for Angular/browser environments. Not applicable for a Node.js server;async_hooksis the correct primitive for server-side async context.- Manual context passing — Thread context explicitly through every function signature. Rejected: error-prone at scale and defeats the auto-instrumentation value of the OTel SDK.
See ADR-017 for the full decision rationale.