docs(opentelemetry-node): update readme

[david-luna]

Leftover from last release. The entry related to not using a custom GCP resource detector shouldn't be there.

[trentm]

That lint failure: Getting harder to defend continuing to use npm for anything.

The initial command that npm run lint:license-files uses to determine the set of non-dev deps to scan for licenses is: npm ls --omit=dev --all --parseable. Since this recent commit:

commit 8ca0fdec971d5527bf7be40e21bf67e898be1b1e (HEAD -> main, origin/main, origin/HEAD)
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   2025-11-03T16:42:19+01:00 (30 minutes ago)

    chore(deps-dev): bump @aws-sdk/client-s3 from 3.908.0 to 3.913.0 in /packages/opentelemetry-node (#1138)

There are "extraneous" deps in that listing:

@elastic/[email protected] /Users/trentm/el/elastic-otel-node4/packages/opentelemetry-node
├─┬ @aws-sdk/[email protected] extraneous
│ ├─┬ @aws-sdk/[email protected]
│ │ ├── @smithy/[email protected] deduped
│ │ └── [email protected] deduped
│ ├─┬ @smithy/[email protected]
│ │ ├── @smithy/[email protected] deduped
│ │ └── [email protected] deduped
│ ├─┬ @smithy/[email protected]
│ │ └── [email protected] deduped
│ └── [email protected]
├─┬ @aws-sdk/[email protected] extraneous
│ ├── @aws-sdk/[email protected] deduped
│ ├── @smithy/[email protected] deduped
│ └── [email protected] deduped
├─┬ @aws-sdk/[email protected] extraneous
...

That first "extraneous" entry in package-lock.json is:

    "node_modules/@aws-sdk/middleware-host-header": {
      "version": "3.901.0",
      "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.901.0.tgz",
      "integrity": "sha512-yWX7GvRmqBtbNnUW7qbre3GvZmyYwU0WHefpZzDTYDoNgatuYq6LgUIQ+z5C04/kCRoFkAFrHag8a3BXqFzq5A==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
        "@aws-sdk/types": "3.901.0",
        "@smithy/protocol-http": "^5.3.0",
        "@smithy/types": "^4.6.0",
        "tslib": "^2.6.2"
      },
      "engines": {
        "node": ">=18.0.0"
      }
    },

Note that that is "dev": true, but the --omit=dev argument used with npm ls now no longer excludes it. There is no --omit=extraneous, or at least we can assume because npm behaviour doesn't change when using that value and extraneous isn't mentioned in docs as an option for that.

Impolite conclusion: Internal npm package lock tree state management is convolving different things, and this command is unreliable. Blame for not having removed those extraneous entries in #1138 could perhaps be put on Dependabot, but I'm inclined to put it on partially on npm package-lock management being ill defined and broken (or at least not expressive enough).

Perhaps partially contributing here is our inability to find a dependabot config that works to get @aws-sdk/* deps to be updating in a group:

elastic-otel-node/.github/dependabot.yml

Lines 28 to 34 in 8ca0fde

	aws-sdk:
	dependency-type: "development"
	patterns:
	- "@aws-sdk/*"
	- "@smithy/*"
	update-types:
	- "minor"

The "fix" here is to run npm prune.

[trentm]

The "fix" here is to run npm prune.

#1144 for that