fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
agentic-dev-template/docs/library-decisions/2026-05-14-react.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces 
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

2.9 KiB
Raw Permalink Blame History

package, version, tier, decision, date, deciders, adr, lastRevalidated, is-sub-processor, processes-pii, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr lastRevalidated is-sub-processor processes-pii filter-results verification-commands accepted-cves
react ^19.0.0 core approved 2026-05-14
Danijel Martinek
null null false false
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer socketRisk
MIT native active pass pass n/a clean pass clean
npm view react license
npm view react version
pnpm audit --audit-level=moderate

Filter: license

npm view react license returns MIT. MIT is on the allowlist.

Filter: types

React 19 ships its own TypeScript declaration files bundled in the package. No separate @types/react package is required at runtime (though @types/react is still used as a devDependency for type-checking in some packages).

Filter: maintenance

Actively maintained by Meta. React 19 is the current stable major release. Long-term support commitment from Meta; used in production by millions of applications.

Filter: boundary-fit

react is a dependency of @repo/core-testing to support React component rendering in test environments via @testing-library/react. The Next.js and TanStack Start apps consume React through their framework packages. No boundary rule restricts React usage in the testing tier.

Filter: shadow-check

React is the sole UI rendering library in the workspace. No competing component library (Vue, Svelte, Solid, etc.) is present.

Filter: eu-residency

react is a pure runtime library for UI rendering with no network communication to vendor-controlled endpoints. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against react at the time of this trace.

Filter: named-consumer

@repo/core-testing uses react as a peer for @testing-library/react. The Next.js and TanStack Start apps consume React through their framework layers. Named, non-hypothetical consumers exist today.

Prompt: replaces

React replaces no prior UI framework — it is the founding choice for the web layer of this monorepo.

Prompt: migration-cost-out

Impossible. React's component model and JSX syntax are used throughout both frontend apps and the testing layer. Replacing React would require rewriting all UI components, routing layers, and testing utilities across two apps.

Prompt: alternatives-considered

  1. Vue — Different component model; incompatible with the Next.js and tRPC ecosystem choices made at project inception.
  2. Solid — Excellent performance characteristics but smaller ecosystem; Next.js and the established tRPC/React Query integration made React the pragmatic choice.