Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
1.6 KiB
1.6 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| clsx | ^2.1.1 | core | approved | 2026-05-14 |
|
null |
|
|
Filter: license
MIT — on the workspace allowlist.
Filter: types
Ships first-party TypeScript types in its distribution.
Filter: maintenance
Active. Maintained by Luke Edwards; stable, minimal API.
Filter: boundary-fit
Core UI package. clsx is a utility for constructing className strings; appropriate for core-ui. No boundary rule violation.
Filter: shadow-check
No competing className utility in the workspace. No shadow.
Filter: eu-residency
Pure compute; no network calls or vendor data transmission. n/a.
Filter: cve-scan
No advisories at adoption time.
Filter: named-consumer
core-ui uses clsx in the cn() utility (combined with tailwind-merge) for conditional class composition.
Prompt: replaces
Nothing — this is the initial UI scaffold.
Prompt: migration-cost-out
Mechanical: replace clsx() calls with template literals or equivalent. Minimal API surface.
Prompt: alternatives-considered
- classnames — the older predecessor;
clsxis smaller and faster. - Template literals — verbose; no conditional logic support.
clsxis the de-facto standard lightweight className utility.