Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
3.2 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @opentelemetry/resources | ^1.27.0 | core | approved | 2026-05-14 |
|
adr-017 |
|
|
Filter: license
npm view @opentelemetry/resources license returns Apache-2.0. Apache-2.0 is on the allowlist.
Filter: types
@opentelemetry/resources is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.
Filter: maintenance
Actively maintained by the OpenTelemetry community. The 1.27.x line is on the stable 1.x track and receives regular releases. Stable versioning reflects the maturity of the resources specification.
Filter: boundary-fit
ADR-017 §8 restricts @opentelemetry/resources to **/instrumentation/otel/** and app init paths. The Resource class is used in initOtelServerNode to attach service name, version, and environment attributes to all telemetry signals. Feature packages never import it directly.
Filter: shadow-check
@opentelemetry/resources is the standard OTel resource detection package. No competing resource attribution mechanism is present in the workspace.
Filter: eu-residency
@opentelemetry/resources is a pure configuration package that attaches static metadata to telemetry signals. It has no network communication or data transmission. EU residency does not apply.
Filter: cve-scan
pnpm audit --audit-level=moderate reports no advisories against @opentelemetry/resources at the time of this trace.
Filter: named-consumer
packages/core-shared/src/instrumentation/otel/init-otel-server-node.ts uses Resource to tag all OTel signals with service.name, service.version, and deployment.environment attributes, enabling filtering by service in Sentry and future backends.
Prompt: replaces
Manual tag propagation that would otherwise require attaching service metadata to every span and log record individually. Resource is set once at SDK init time and propagates to all signals automatically.
Prompt: migration-cost-out
Low. @opentelemetry/resources is used in one SDK init file. Removing it means losing automatic service metadata on signals — signals would still be emitted but lose service.name attribution unless manually added to each span.
Prompt: alternatives-considered
- Manual span attributes — Set
service.nameon everystartSpan()call. Rejected: error-prone at scale; resources are a first-class OTel concept designed for this exact purpose. - Sentry release/environment config — Sentry SDK accepts
releaseandenvironmentdirectly. Rejected: Sentry-specific; OTel Resource is the vendor-neutral mechanism that works with any exporter.
See ADR-017 for the full decision rationale.