Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
3.4 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @opentelemetry/api-logs | ^0.55.0 | core | approved | 2026-05-14 |
|
adr-017 |
|
|
Filter: license
npm view @opentelemetry/api-logs license returns Apache-2.0. Apache-2.0 is on the allowlist.
Filter: types
@opentelemetry/api-logs is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.
Filter: maintenance
Actively maintained by the OpenTelemetry community under the CNCF as part of the unified OTel JS repository. Versioned alongside the SDK packages; the 0.55.x line is current and aligns with the SDK release cycle.
Filter: boundary-fit
ADR-017 §4 designates @opentelemetry/api-logs as the Logs API for OtelLogger in core-shared/instrumentation/. Feature packages interact with logging only via the ILogger interface (ADR-014 R34); they do not import this package directly.
Filter: shadow-check
@opentelemetry/api-logs is the only OTel Logs API in the workspace. It complements @opentelemetry/api (traces) and @opentelemetry/sdk-metrics (metrics) to form the complete three-signal OTel pipeline. No competing logging API is present.
Filter: eu-residency
@opentelemetry/api-logs is a pure API package with no network communication or data transmission. EU residency does not apply.
Filter: cve-scan
pnpm audit --audit-level=moderate reports no advisories against @opentelemetry/api-logs at the time of this trace.
Filter: named-consumer
packages/core-shared/src/instrumentation/otel/otel-logger.ts implements ILogger using @opentelemetry/api-logs to emit log records via the OTel Logs API (ADR-017 §4). packages/core-audit also depends on it for structured audit log emission.
Prompt: replaces
OtelLogger replaces the former SentryLogger which called Sentry SDK methods directly. @opentelemetry/api-logs provides the vendor-neutral log emission surface so that the downstream exporter (Sentry via @sentry/opentelemetry) can be swapped without touching logger code.
Prompt: migration-cost-out
Hard. @opentelemetry/api-logs is called in every OtelLogger log-emission path in core-shared. Moving to a different logs API (e.g., a custom abstraction) would require rewriting both the logger implementation and the OTel SDK initialization. The ILogger interface boundary (ADR-014) limits blast radius to core-shared.
Prompt: alternatives-considered
- Winston / Pino as the log API — Considered before ADR-017. Rejected because a separate log library alongside OTel would create a split-pipeline problem: traces and logs would travel through different channels, losing correlation.
- Sentry SDK breadcrumb API directly — Rejected in ADR-017: direct Sentry coupling prevents vendor swap without code changes.
See ADR-017 for the full decision rationale.