fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
main
agentic-dev-template/docs/library-decisions/2026-05-14-vitest.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces 
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

2.9 KiB
Raw Permalink Blame History

package, version, tier, decision, date, deciders, adr, lastRevalidated, is-sub-processor, processes-pii, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr lastRevalidated is-sub-processor processes-pii filter-results verification-commands accepted-cves
vitest ^3.0.0 core approved 2026-05-14
Danijel Martinek
null null false false
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer socketRisk
MIT native active pass pass n/a clean pass clean
npm view vitest license
npm view vitest version
pnpm audit --audit-level=moderate

Filter: license

npm view vitest license returns MIT. MIT is on the allowlist.

Filter: types

vitest is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/vitest package is needed.

Filter: maintenance

Actively maintained by the Vite / Vitest team. The 3.x line is the current major. Regular releases with strong community momentum in the Vite ecosystem.

Filter: boundary-fit

vitest is listed as a runtime dependency of @repo/core-testing because it provides the test runner APIs (describe, it, expect, vi) that core-testing re-exports or uses in its test utilities. All feature packages declare vitest as a devDependency. This is the correct placement for a testing infrastructure package.

Filter: shadow-check

vitest is the sole test runner in the workspace. No competing runner (Jest, Jasmine, Mocha) is present.

Filter: eu-residency

vitest is a local test runner with no network communication to vendor-controlled endpoints. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against vitest at the time of this trace.

Filter: named-consumer

@repo/core-testing lists vitest as a runtime dependency. Every feature package uses vitest as a devDependency for running tests. Named, non-hypothetical consumers exist today.

Prompt: replaces

vitest replaces Jest as the test runner. The Vite-based transformation pipeline eliminates the need for Babel transforms and provides native ES module support, reducing test suite configuration complexity.

Prompt: migration-cost-out

Hard. vitest's describe / it / expect / vi.fn() APIs are used in every test file across all packages. Migrating to Jest or another runner requires updating all test files (largely mechanical API renames) and reconfiguring the coverage pipeline (ADR-020 L0 thresholds, @vitest/coverage-v8).

Prompt: alternatives-considered

  1. Jest — Mature but requires additional Babel/ESM configuration in a Vite-based monorepo; vitest provides native compatibility.
  2. Node.js node:test — Lightweight but lacks the ecosystem integrations (coverage, snapshot, mocking) that vitest provides out of the box.