Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
3.1 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @payloadcms/db-postgres | ^3.14.0 | core | approved | 2026-05-14 |
|
null |
|
|
Filter: license
npm view @payloadcms/db-postgres license returns MIT. MIT is on the allowlist.
Filter: types
@payloadcms/db-postgres is part of the Payload CMS monorepo, authored in TypeScript, and ships its own .d.ts declaration files.
Filter: maintenance
Maintained as part of the Payload CMS project. Versioned and released together with the payload core package; receives the same release cadence.
Filter: boundary-fit
@payloadcms/db-postgres is the PostgreSQL database adapter for Payload CMS, used exclusively in @repo/core-cms to configure the Payload instance. Feature packages do not reference this package directly. This is the correct placement for a CMS-layer infrastructure adapter.
Filter: shadow-check
@payloadcms/db-postgres is the sole database adapter in the workspace. No competing Payload database adapter (MongoDB, SQLite, etc.) is present.
Filter: eu-residency
@payloadcms/db-postgres connects to a self-hosted PostgreSQL instance (configured via DATABASE_URI). No data is transmitted to Payload-controlled or third-party-controlled endpoints. EU residency is determined by the PostgreSQL host deployment environment.
Filter: cve-scan
pnpm audit --audit-level=moderate reports no advisories against @payloadcms/db-postgres at the time of this trace.
Filter: named-consumer
@repo/core-cms uses @payloadcms/db-postgres as the database adapter in the Payload configuration. Named, non-hypothetical consumer exists today.
Prompt: replaces
@payloadcms/db-postgres replaces the need for a separate ORM (Prisma, Drizzle, etc.) alongside Payload — Payload's built-in adapter unifies the data access layer and admin UI schema in one package.
Prompt: migration-cost-out
Hard. The PostgreSQL adapter is tightly coupled to the Payload schema definitions in core-cms. Migrating to a different adapter (e.g., MongoDB) would require reshaping all collection definitions and potentially the database migration history. The Payload interface boundary limits exposure to core-cms only.
Prompt: alternatives-considered
@payloadcms/db-mongodb— Not applicable for this deployment target; the infrastructure uses PostgreSQL (ADR-015 references the database stack).- Prisma + separate Payload adapter — Rejected: Payload's integrated adapter eliminates the N+1 problem of maintaining two data access layers for the same database.