fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
agentic-dev-template/docs/library-decisions/2026-05-14-globals.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces 
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

2.7 KiB
Raw Permalink Blame History

package, version, tier, decision, date, deciders, adr, lastRevalidated, is-sub-processor, processes-pii, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr lastRevalidated is-sub-processor processes-pii filter-results verification-commands accepted-cves
globals ^17.6.0 core approved 2026-05-14
Danijel Martinek
null null false false
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer socketRisk
MIT native active pass pass n/a clean pass clean
npm view globals license
npm view globals version
pnpm audit --audit-level=moderate

Filter: license

npm view globals license returns MIT. MIT is on the allowlist.

Filter: types

globals ships its own TypeScript declaration files. No separate @types/globals package is needed.

Filter: maintenance

Maintained by the Sindre Sorhus ecosystem. Regularly updated to track ECMAScript specification changes and new browser/Node.js globals. Last release < 18 months.

Filter: boundary-fit

globals is a dependency of @repo/core-eslint, the shared ESLint configuration package. It provides the global variable definitions consumed by ESLint's languageOptions.globals configuration. This is the correct placement for a configuration-layer utility.

Filter: shadow-check

globals is the de-facto standard globals catalog for ESLint configurations. No competing globals package is present in the workspace.

Filter: eu-residency

globals is a static data package (JSON + TypeScript types) with no network communication. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against globals at the time of this trace.

Filter: named-consumer

@repo/core-eslint uses globals in its ESLint flat-config exports to declare browser and Node.js global environments. Named, non-hypothetical consumer exists today.

Prompt: replaces

globals replaces the deprecated env configuration approach in ESLint's legacy config format. In the flat config system, languageOptions.globals with the globals package is the recommended approach.

Prompt: migration-cost-out

Mechanical. globals is used in one configuration file (@repo/core-eslint). Migrating to a different globals source requires updating that file only.

Prompt: alternatives-considered

  1. Inline global declarations — Verbose and maintenance-heavy; the globals package is the ESLint ecosystem standard for this purpose.
  2. @types/node globals only — Insufficient for browser environments; globals covers both environments cleanly.