telemetry

Rendered from docs/alerts/telemetry.md

Back to index

telemetry

Flags packages that contain telemetry/analytics behavior (usage tracking, event reporting, etc.).

Implemented in: src/lib/detection/plugins/telemetry.ts
Enabled by default: no (available plugin; enable in the detection service/plugin set)

What it means

The package includes code patterns consistent with tracking usage and sending data to external endpoints.

Why it matters

Telemetry can be legitimate, but it’s important to understand what data is collected and whether it contains identifiers or secrets.

What to do

  • Determine what data is sent and to where.
  • Look for configuration flags to disable telemetry.
  • Treat unexpected telemetry in low-level dependencies as a risk signal.

Common fields

  • filePath, codeSnippet
  • metadata may include the endpoint(s) or library identifier matched