@opentelemetry/instrumentation-fastify Apache-2.0 16 versions

@opentelemetry/instrumentation-fastify

npm Repository Homepage

OpenTelemetry instrumentation for `fastify` http web application framework

16

Versions

Apache-2.0

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

dyladanpichlermarc

Keywords

fastifyinstrumentationnodejsopentelemetryprofilingtracing

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
provenance	publisher-changed	AI (provenance): OpenTelemetry JS contrib migrated to GitHub Actions CI publishing; SLSA provenance attestation confirms legitimate CI origin.	ai	2026/04/27
publish-pattern	dormant-publish	AI (publish-pattern): Dormancy reflects monorepo release cadence, not account takeover; SLSA attestation and org repo URL confirm legitimacy.	ai	2026/04/27

Versions (showing 16 of 16)

Version	Deps	Published
0.57.0	3 / 8	2026-03-04
0.56.0	3 / 8	2026-02-17
0.55.0	3 / 8	2026-01-22
0.54.0	3 / 8	2026-01-15
0.53.1	3 / 8	2025-12-17
0.53.0	3 / 16	2025-11-06
0.52.0	3 / 16	2025-10-21
0.51.0	3 / 16	2025-10-06
0.50.3	3 / 16	2025-09-29
0.50.2	3 / 16	2025-09-29
0.50.0	3 / 16	2025-09-10
0.49.0	3 / 16	2025-09-08
0.48.0	3 / 17	2025-07-09
0.47.1	3 / 17	2025-07-07
0.47.0	3 / 17	2025-06-02
0.46.0	3 / 17	2025-05-15

v0.57.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.56.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.55.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.54.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.53.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.53.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.52.0

2 findings

HIGH Publisher changed: dyladan → GitHub Actions (on 2025-10-21) provenance

This version was published by a different npm account than previous versions on 2025-10-21. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.51.0

2 findings

HIGH Publisher changed: dyladan → GitHub Actions (on 2025-10-06) provenance

This version was published by a different npm account than previous versions on 2025-10-06. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.50.3

2 findings

HIGH Publisher changed: dyladan → GitHub Actions (on 2025-09-29) provenance

This version was published by a different npm account than previous versions on 2025-09-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.50.2

2 findings

HIGH Publisher changed: dyladan → GitHub Actions (on 2025-09-29) provenance

This version was published by a different npm account than previous versions on 2025-09-29. This could indicate a legitimate maintainer transition or an account compromise.

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.50.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.49.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.48.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.47.1

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.47.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v0.46.0

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v0.2). This is the strongest supply chain integrity signal.