You're probably overdue for a Sentry SDK upgrade
You're probably overdue for a Sentry SDK upgrade
Session Replay. Structured logs. AI monitoring. Automatic OpenTelemetry tracing. Feature flag tracking. If you haven't seen these in your Sentry dashboard, your SDK version is probably the reason.
Whether you're on @sentry/react, @sentry/nextjs, @sentry/vue, @sentry/angular, @sentry/sveltekit, or any other @sentry/* package, they all version together. When we say v10, we mean all of them.
Here's the thing: based on npm download numbers, roughly half of all Sentry JavaScript SDK installs are still on v8 or older.
The numbers
We pulled npm download stats for the major @sentry/* packages. Here's where weekly installs land as of March 2026:
Package | Weekly total | Still on v7 | v7 + v8 combined |
| 14.9M | 4.8M (32%) | 7.3M (49%) |
| 14.5M | 3.2M (22%) | 7.3M (50%) |
| 9.9M | 2.0M (20%) | 4.9M (49%) |
| 3.7M | 524K (14%) | 1.5M (41%) |
| 1.1M | 307K (28%) | 642K (59%) |
The pattern holds across every package: roughly half of all installs are two or more major versions behind current.
If that's you, this post is a map of what you're missing and how to close the gap.
The SDK isn't just an error catcher anymore
The Sentry SDK started as a crash reporter. Today it's a full observability client: errors, performance traces, session replays, structured logs, cron monitors, user feedback, and AI agent monitoring. Each capability feeds context into the others. A replay shows you what the user did before the error. A trace shows you which microservice was slow. Logs give you the application-level "why."
If you're on an old version, you have the error. On the current version, you have the story.
What you're missing
Session Replay (v8+)
Session Replay captures what happened in the browser before, during, and after an error. It reconstructs the DOM, user clicks, navigation, and console output into a video-like playback. It's privacy-aware by default: text and inputs are masked, and you control what gets captured.
The key part: replays link directly to errors and traces. When you're looking at a bug report, you can watch the user reproduce it. No more having to ask users what happened. No more waiting for them to get back to you. No more guessing what "it doesn't work" means.
Available in @sentry/browser, @sentry/react, @sentry/vue, @sentry/angular, and @sentry/svelte.
Structured Logs (v9+)
Sentry.logger.info(), Sentry.logger.error(), and four more severity levels, with structured attributes that link to traces and errors.
Sentry.logger.error('Payment processing failed', {
orderId: 'order-123',
amount: 99.99,
gateway: 'stripe',
retryCount: 3,
});These aren't console.log replacements floating in CloudWatch or Datadog. They're logs that show up in the same Sentry issue, linked to the trace that was active when they fired.
The Logs API also supports template strings that Sentry can group and search:
Sentry.logger.info(Sentry.logger.fmt`User ${userId} completed checkout for order ${orderId}`, {
amount: 99.99,
paymentMethod: 'credit_card',
});AI Monitoring (v9+/v10+)
If you're calling LLMs from your backend, the SDK can instrument those calls automatically. OpenAI and LangChain support landed in v9. Anthropic and Vercel AI SDK support followed in v10. With AI monitoring, you get token usage, latency, and error tracking for every call.
Sentry.init({
dsn: '__DSN__',
integrations: [
Sentry.openAIIntegration(), // OpenAI
Sentry.anthropicAIIntegration(), // Anthropic/Claude
Sentry.vercelAIIntegration(), // Vercel AI SDK
Sentry.langChainIntegration(), // LangChain
],
});OpenTelemetry Tracing (v8+)
v8 rebuilt performance monitoring on OpenTelemetry. The old mental model treated "transactions" and "spans" as separate concepts with manual lifecycle management. The new model: everything is a span, and the lifecycle is automatic.
// v7: manual transaction management
const transaction = Sentry.startTransaction({ name: 'checkout' });
const span = transaction.startChild({ op: 'db.query' });
// ... do work ...
span.finish();
transaction.finish();
// v8+: just wrap your code
const result = Sentry.startSpan({ name: 'checkout', op: 'db.query' }, () => {
return db.query('SELECT ...');
});That's less code, but it's also a different relationship with instrumentation. You don't manage span lifecycles. You describe what you're measuring, and the SDK handles the rest. Nested spans work automatically:
Sentry.startSpan({ name: 'checkout' }, () => {
Sentry.startSpan({ name: 'validate-cart', op: 'function' }, () => {
// automatically a child of 'checkout'
validateCart();
});
Sentry.startSpan({ name: 'charge-card', op: 'db.query' }, () => {
// also a child of 'checkout'
chargeCard();
});
});On Node.js, Express, Fastify, Hapi, Postgres, MongoDB, Redis, Prisma, GraphQL, MySQL, and Mongoose are all auto-instrumented with zero manual setup. Just Sentry.init().
What changed under the hood
The features above are the headline reasons to upgrade. Here's the compressed version of what changed structurally at each major version.
v8: Package consolidation
@sentry/tracing@sentry/hub@sentry/integrations@sentry/replay
These were all merged into the core SDKs. Integrations became functions (new BrowserTracing() became browserTracingIntegration()) for better tree-shaking. User Feedback widget, Cron Monitoring, and FID collection shipped. Angular v14+ became required. The new scope model (getCurrentScope(), getIsolationScope(), getGlobalScope()) was introduced, deprecating Hub, getCurrentHub(), and configureScope() with console warnings. This is the single biggest source of breaking-change noise when upgrading from v7.
v9: Deprecated API removal
HubgetCurrentHub()configureScope()
The deprecated scope APIs were deleted. @sentry/utils merged into @sentry/core, @sentry/types deprecated. ES2020 became the baseline. Feature flag tracking arrived with built-in LaunchDarkly and OpenFeature support. Node.js 18 became the minimum.
v10: OpenTelemetry v2
The underlying OpenTelemetry dependencies upgraded to v2.x. FID collection removed in favor of INP (Interaction to Next Paint), the metric Google actually uses for Core Web Vitals. @sentry/node-core shipped a lightweight mode for teams that want error tracking, logs, and metrics without full OpenTelemetry instrumentation. Next.js Turbopack support landed.
Quick reference: features by version
Feature | Minimum version | Packages | Docs |
Cron Monitoring | v7+ | node, all server SDKs | |
Session Replay | v8+ | browser, react, vue, angular, svelte | |
User Feedback Widget | v8+ | browser, all frontend SDKs | |
Structured Logs | v9+ | all | |
Feature Flag Tracking | v9+ | all | |
AI Monitoring (OpenAI, LangChain) | v9+ | node | |
AI Monitoring (Anthropic, Vercel AI) | v10+ | node | |
INP (as sole Core Web Vital) | v10+ | browser, all frontend SDKs | — |
Deprecated packages you might still have
If you see any of these in your lockfile, you're at least two major versions behind:
@sentry/tracing(merged into core SDKs in v8)@sentry/hub(merged into@sentry/corein v8)@sentry/integrations(merged into core SDKs in v8)@sentry/replay(merged into@sentry/browserin v8)@sentry/types(deprecated in v9, use@sentry/core)@sentry/utils(deprecated in v9, use@sentry/core)
These packages still resolve on npm, so they won't break your install. But they're unmaintained and they add dead weight to your node_modules. If you see them, your Sentry setup needs attention.
Security and performance
Even if you don't care about new features, staying current keeps you patched and lean.
Security:
CVE-2023-46729: SSRF risk via insufficient validation of the Next.js tunnel route. Patched in v7.77.0, but only users on a current v7.x got the fix. If you were pinned to an older v7 release, you stayed vulnerable.
IP address inference removed by default. Starting in v9 (fully enforced in v10.4.0), the SDK no longer instructs the Sentry backend to infer user IP addresses unless you set
sendDefaultPii: true. Privacy-by-default.fetchProxyScriptNonceremoved in v9. The SvelteKit option was dropped due to security concerns around CSP bypass.Transitive dependency CVE patches (fast-xml-parser, rollup, tar, nuxt) only land on the current major version line. If you're pinned to v7, you're not getting these fixes.
Performance:
@sentry/browserbase bundle: 26 KB gzipped (v10). Tree-shaking flags can bring it down to ~24.5 KB.ES5 polyfills dropped in v8, ES2020 baseline in v9. Smaller transpiled output for the vast majority of environments that support these natively.
6 legacy packages removed in v8, 2 more deprecated in v9. Simpler dependency graph, less duplication in your
node_modules.Replay bundle reduced by ~20 KB via tree-shaking improvements (v7.73.0+).
Let your AI assistant handle it
You don't have to upgrade or configure Sentry by hand. Sentry publishes agent skills: instruction sets that teach AI coding assistants how to work with Sentry in your project. They work with Claude Code, Cursor, GitHub Copilot, OpenAI Codex, and more.
The newest skill, sentry-sdk-upgrade, can handle the entire migration for you. It runs a 4-phase workflow: Detect (reads your package.json, finds Sentry configs, greps for deprecated patterns) → Recommend (categorizes changes as auto-fixable, AI-assisted, or manual-review) → Guide (applies changes file by file with explanations) → Cross-Link (verifies the build passes and suggests new features to enable). It covers v7→v8, v8→v9, and v9→v10.
Install the skills with one command:
# Claude Code
/install-plugin sentry
# Other AI assistants
npx skills add getsentry/sentry-agent-skillsThen ask your assistant to do the work:
What to say | What happens |
"Upgrade my Sentry SDK to v10" | Detects your version, scans for deprecated APIs, migrates code file by file |
"Add Sentry to my React app" | Sets up |
"Enable Sentry logging" | Configures Structured Logs in your |
"Monitor my OpenAI calls" | Adds |
"Add performance monitoring" | Configures tracing with the right integrations for your framework |
"Fix the recent Sentry errors" | Pulls issues from Sentry and applies fixes |
The upgrade skill is especially useful for the v7→v8 jump, where the number of API changes is large but most of them are mechanical renames. Your assistant can also wire up new features like Session Replay, Logs, or AI monitoring after the upgrade without you looking up the config. Skills are versioned and can be committed to your repo with dotagents so every team member gets the same setup.
"But upgrading is painful"
Let's be honest about the effort, then talk about the tooling.
v7 to v8 is the biggest jump. The performance monitoring API was rewritten on OpenTelemetry. Tracing concepts changed (transactions became spans), import order matters for Node.js auto-instrumentation, and 6 packages were consolidated. Expect a few hours for a typical app, more for complex setups with custom instrumentation.
v8 to v9 is moderate. Deprecated APIs were removed: Hub, getCurrentHub(), configureScope(), and others. If you fixed the deprecation warnings that v8 printed, this is straightforward. The hard gate is Node.js 18 minimum.
v9 to v10 is genuinely easy. 8 breaking changes, mostly internal. The CHANGELOG itself says "minimal breaking changes." OpenTelemetry v2 under the hood, FID removed (INP replaces it), and a handful of internal API cleanups.
Each jump gives you warning first. APIs are deprecated with console warnings for a full major version before they're removed. You don't get surprised.
The sentry-sdk-upgrade agent skill can automate much of this. It detects deprecated patterns with grep, applies mechanical renames automatically, and walks through complex changes with explanations. For the v7→v8 jump especially — where you'd otherwise be manually renaming dozens of integration constructors and scope APIs — the skill handles the tedious parts so you can focus on the genuinely tricky changes like custom instrumentation rewrites.
Migration guides with before/after code for every breaking change:
The practical upgrade path
Check where you stand.
Click to Copy# Check your version now npm ls @sentry/react @sentry/nextjs @sentry/vue @sentry/angular @sentry/sveltekit @sentry/node 2>/dev/null | grep @sentryPoint your AI assistant at it, or read the migration guide. If you have Sentry agent skills installed, tell your assistant "upgrade my Sentry SDK to v10" — it'll detect your version, scan for deprecated APIs, and walk through the migration file by file. Otherwise, read the migration guide for your jump on docs.sentry.io (v7 to v8, v8 to v9, v9 to v10).
If you're more than 2 major versions behind, upgrade one version at a time. Going v7 to v10 in one PR is a recipe for confusing errors. Go v7 to v8, verify, then v8 to v9, and so on.
Start with the core SDK, then enable new features incrementally. Get the base upgrade working first. Then add Session Replay. Then Logs. Each one is an independent
init()option or integration, so you don't have to adopt everything at once. Or install agent skills and let your AI coding assistant configure them for you.Use debug: true during migration.
Click to CopySentry.init({ dsn: '__DSN__', debug: true, // Logs SDK decisions to the console });This surfaces configuration issues, dropped events, and integration problems immediately.
Close the gap
The SDK team ships weekly. Every release you skip adds to the distance between where you are and what's available. With 4.8 million weekly @sentry/node installs still on v7, we know this isn't a small problem. That's why we've invested heavily in migration guides and agent skills — including the sentry-sdk-upgrade skill that can handle the migration for you — to make the path forward clear.
Pick one version jump. Read the migration guide. Close the gap.
# Check your version now
npm ls @sentry/react @sentry/nextjs @sentry/vue @sentry/angular @sentry/sveltekit @sentry/node 2>/dev/null | grep @sentryMigration guides: docs.sentry.io/platforms/javascript/migration
Changelog: github.com/getsentry/sentry-javascript/blob/develop/CHANGELOG.md
Agent skills: docs.sentry.io/ai/agent-skills
