Files
agentic-dev/docs/library-decisions/2026-05-14-@opentelemetry/resources.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

88 lines
3.2 KiB
Markdown

---
package: "@opentelemetry/resources"
version: "^1.27.0"
tier: core
decision: approved
date: 2026-05-14
deciders: [Danijel Martinek]
adr: adr-017
filter-results:
license: Apache-2.0
types: native
maintenance: active
boundary-fit: pass
shadow-check: pass
eu-residency: n/a
cve-scan: clean
named-consumer: pass
socketRisk: clean
verification-commands:
- npm view @opentelemetry/resources license
- npm view @opentelemetry/resources version
- pnpm audit --audit-level=moderate
accepted-cves: []
---
## Filter: license
<!-- Result: Apache-2.0 -->
`npm view @opentelemetry/resources license` returns `Apache-2.0`. Apache-2.0 is on the allowlist.
## Filter: types
<!-- Result: native -->
`@opentelemetry/resources` is authored in TypeScript and ships its own `.d.ts` declaration files. No separate `@types/` package is needed.
## Filter: maintenance
<!-- Result: active -->
Actively maintained by the OpenTelemetry community. The 1.27.x line is on the stable 1.x track and receives regular releases. Stable versioning reflects the maturity of the resources specification.
## Filter: boundary-fit
<!-- Result: pass -->
ADR-017 §8 restricts `@opentelemetry/resources` to `**/instrumentation/otel/**` and app init paths. The `Resource` class is used in `initOtelServerNode` to attach service name, version, and environment attributes to all telemetry signals. Feature packages never import it directly.
## Filter: shadow-check
<!-- Result: pass -->
`@opentelemetry/resources` is the standard OTel resource detection package. No competing resource attribution mechanism is present in the workspace.
## Filter: eu-residency
<!-- Result: n/a -->
`@opentelemetry/resources` is a pure configuration package that attaches static metadata to telemetry signals. It has no network communication or data transmission. EU residency does not apply.
## Filter: cve-scan
<!-- Result: clean -->
`pnpm audit --audit-level=moderate` reports no advisories against `@opentelemetry/resources` at the time of this trace.
## Filter: named-consumer
<!-- Result: pass -->
`packages/core-shared/src/instrumentation/otel/init-otel-server-node.ts` uses `Resource` to tag all OTel signals with `service.name`, `service.version`, and `deployment.environment` attributes, enabling filtering by service in Sentry and future backends.
## Prompt: replaces
Manual tag propagation that would otherwise require attaching service metadata to every span and log record individually. `Resource` is set once at SDK init time and propagates to all signals automatically.
## Prompt: migration-cost-out
Low. `@opentelemetry/resources` is used in one SDK init file. Removing it means losing automatic service metadata on signals — signals would still be emitted but lose `service.name` attribution unless manually added to each span.
## Prompt: alternatives-considered
1. **Manual span attributes** — Set `service.name` on every `startSpan()` call. Rejected: error-prone at scale; resources are a first-class OTel concept designed for this exact purpose.
2. **Sentry release/environment config** — Sentry SDK accepts `release` and `environment` directly. Rejected: Sentry-specific; OTel Resource is the vendor-neutral mechanism that works with any exporter.
See ADR-017 for the full decision rationale.