@semiont/observability
OpenTelemetry-based tracing for Semiont — Tier 2 of OBSERVABILITY.md. Process-init helpers (Node + Web), withSpan helper, W3C traceparent inject/extract for bus payloads. No-op when no exporter is configured.
Supply chain provenance
Status for the latest visible version.
Maintainers
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| provenance | no-provenance | AI (provenance): Provenance absence is common; no other risk signals present for this package. | ai | |
| dependencies | unvetted-dep:@semiont/core | AI (dependencies): Same-org monorepo sibling package; wildcard is a workspace convention, not an external supply-chain risk. | ai |
Versions (showing 8 of 8)
| Version | Deps | Published |
|---|---|---|
| 0.5.5 | 12 / 5 | |
| 0.5.4 | 12 / 3 | |
| 0.5.3 | 12 / 3 | |
| 0.5.2 | 12 / 3 | |
| 0.5.1 | 11 / 3 | |
| 0.5.0 | 11 / 3 | |
| 0.4.22 | 11 / 3 | |
| 0.4.21 | 11 / 3 |
v0.5.5
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.4
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.3
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.2
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.
v0.5.0
1 findingPublished via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.