npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@scoutflo/alert-correlation

v0.2.1

Published

Pure alert-to-topology correlation contracts and policies for Scoutflo alert investigation workflows.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

scoutfloscoutflo

Keywords

scoutfloalert-correlationtopology

Readme

@scoutflo/alert-correlation

Pure alert-to-topology correlation contracts and policies for Scoutflo alert investigation workflows.

This package intentionally owns only shared contracts, extraction, matching, scoring, and decision logic. Provider detail fetching, tenant authorization, topology loading, topology slice construction, and API response shaping stay in Gateway. Investigation lifecycle and supervisor startup stay in Voyager.

Relationship To Correlation Core

Reusable cross-mode contracts live in @scoutflo/correlation-core.

@scoutflo/alert-correlation remains alert-specific. It owns AlertRef, alert time windows, provider alert extractors, alert-to-topology matching, alert-specific scoring, and alert decision behavior.

This package consumes core entity, fact, and status primitives where safe. It also exports correlationCore as a namespace for compatibility during migration, without replacing existing alert-specific export names.

Version

Current package version: 0.2.1.

Gateway and Voyager should consume the exact published version:

"@scoutflo/alert-correlation": "0.2.1"

During local development, consumers may temporarily use a file: dependency pointed at ../integration-sdk/packages/alert-correlation, then replace it with the exact npm version before release.

Correlation Semantics

This package treats provider facts as evidence, not canonical topology identity. Provider-specific extractors should preserve source keys exactly when the key has operational meaning.

Important matching rules:

  • service_name and service are distinct facts.
  • Topology relationship attribute serviceName matches explicit service-name facts such as service_name, serviceName, and service.name.
  • Topology relationship attribute serviceLabel matches generic Prometheus-style service labels.
  • Workload ownership evidence such as deployment, pod, container, and namespace outranks monitoring backend exporter labels.
  • Trace evidence such as service_name, http_route, http_status_code, http_method, trace_id, span_id, span_kind, and env is preserved for provider-aware matching.
  • Prometheus-compatible extractors preserve grouped alert common labels/annotations and per-alert labels/annotations.
  • Prometheus-compatible extractors include rule/query/evaluation facts such as rule.name, rule.query, expr, query, for, activeAt, lastEvaluation, value, and alertstate.
  • The Sentry extractor includes issue, project/org, metadata, SDK, release, transaction, latest-event, and trace identity facts when present.

Release Flow

Use this flow when releasing only @scoutflo/alert-correlation. Do not publish the root @scoutflo/integration-sdk package for an alert-correlation-only release.

1. Local Preflight

Run the package build, package tests, root SDK build, and package dry run:

npm run build --workspace @scoutflo/alert-correlation
npm test --workspace @scoutflo/alert-correlation
npm run build
npm pack --dry-run --workspace @scoutflo/alert-correlation

If local npm cache permissions fail during npm pack --dry-run, use a repo-local temporary cache instead of changing global cache ownership:

mkdir -p .tmp/npm-cache
npm_config_cache=.tmp/npm-cache npm pack --dry-run --workspace @scoutflo/alert-correlation

2. Check The Registry

Before publishing, verify whether the exact version already exists:

npm view @scoutflo/alert-correlation@<version> version

If npm returns the version, do not publish again. If npm returns E404, the version is not visible from the current registry/auth context and can be published if release approval exists.

3. Publish This Workspace Only

Publish only the alert-correlation workspace:

npm publish --workspace @scoutflo/alert-correlation

Do not run npm publish from the repository root for this release.

4. Confirm The Published Version

After publish succeeds, confirm the exact version:

npm view @scoutflo/alert-correlation@<version> version

If npm view returns E404 immediately after a successful publish, wait and retry before moving consumers. This can indicate registry propagation delay, package visibility, or auth scope issues.

5. Roll Out To Consumers

After the version is visible, update Gateway and Voyager from any local file: dependency to the exact published version, for example:

"@scoutflo/alert-correlation": "0.2.1"

Run install and the relevant tests in each consumer repo after updating its dependency lockfile.

Open and merge PRs in dependency order:

  1. integration-sdk
  2. Gateway
  3. Voyager
  4. Client

Safety Notes

  • Do not commit .npmrc.
  • Do not publish root @scoutflo/integration-sdk when releasing only alert correlation.
  • Do not reuse a version after npm publish succeeds; bump the package version for any follow-up release.
  • Do not move Gateway or Voyager from local file: dependencies until the published package is visible with npm view.

The package is configured for public npm publishing through its publishConfig.