fraqtal/agentic-dev
Template
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
main
agentic-dev/docs/library-decisions/2026-05-14-@trpc/client.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces 
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

2.7 KiB
Raw Permalink Blame History

package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr filter-results verification-commands accepted-cves
@trpc/client ^11.0.0 core approved 2026-05-14
Danijel Martinek
null
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer socketRisk
MIT native active pass pass n/a clean pass clean
npm view @trpc/client license
npm view @trpc/client version
pnpm audit --audit-level=moderate

Filter: license

npm view @trpc/client license returns MIT. MIT is on the allowlist.

Filter: types

@trpc/client is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.

Filter: maintenance

Actively maintained alongside @trpc/server by the tRPC team. Versioned and released together with the server package.

Filter: boundary-fit

@trpc/client is used in @repo/core-testing to provide a mock tRPC client for test setups. This is the correct tier for test infrastructure utilities. No boundary rule restricts @trpc/client usage here.

Filter: shadow-check

@trpc/client is the sole tRPC client implementation in the workspace. No competing client adapter is present.

Filter: eu-residency

@trpc/client is a pure client-side RPC library with no vendor-controlled network endpoints. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against @trpc/client at the time of this trace.

Filter: named-consumer

@repo/core-testing uses @trpc/client to build the mock tRPC client used in integration test setups. Named, non-hypothetical consumer exists today.

Prompt: replaces

@trpc/client is the natural companion to @trpc/server; no alternative client approach was evaluated separately. Using @trpc/client ensures the test setup mirrors the production client configuration.

Prompt: migration-cost-out

Low. @trpc/client is confined to @repo/core-testing's test utilities. Migrating out requires updating the mock client setup in one package. Feature packages reference tRPC types from @trpc/server, not @trpc/client.

Prompt: alternatives-considered

  1. Direct HTTP fetch in tests — Rejected: bypasses tRPC middleware and type inference, making tests less representative of real client behavior.
  2. @trpc/server createCaller (server-side calling) — Valid alternative for pure unit tests; @trpc/client is used where the test needs to exercise the actual HTTP transport or client link chain.