@cap-js/telemetry No license 8 versions

@cap-js/telemetry

npm Repository Homepage

8

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

sap_extncreposcap-npm

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
npm-metadata	url-dep:@cap-js/telemetry	AI (npm-metadata): Self-referencing file:. in devDependencies is a standard test setup pattern; not a runtime risk.	ai	2026/05/30
semgrep	semgrep:dynamic-require	AI (semgrep): Config-driven OTel module loader; module names come from structured CDS config, not arbitrary external input.	ai	2026/05/18
phantom-deps	phantom-dep:@opentelemetry/instrumentation-http	AI (phantom-deps): Declared runtime dep loaded dynamically via config-driven require(); not a phantom dependency.	ai	2026/05/18

Versions (showing 8 of 8)

Version	Deps	Published
1.6.0	9 / 19	2025-12-16
1.5.4	9 / 19	2025-10-27
1.5.3	9 / 19	2025-09-01
1.5.2	9 / 19	2025-08-18
1.5.1	9 / 19	2025-08-11
1.5.0	9 / 19	2025-07-16
1.4.1	9 / 19	2025-06-27
1.4.0	9 / 19	2025-06-05

v1.6.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.5.4

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.5.3

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.5.2

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.5.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.5.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.1

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.

v1.4.0

1 finding

LOW No provenance attestation provenance

Package was published without Sigstore provenance. Only ~12% of npm packages have provenance, so this is common but not ideal.