Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
3.0 KiB
package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
| package | version | tier | decision | date | deciders | adr | filter-results | verification-commands | accepted-cves | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @payloadcms/richtext-lexical | ^3.14.0 | core | approved | 2026-05-14 |
|
null |
|
|
Filter: license
npm view @payloadcms/richtext-lexical license returns MIT. MIT is on the allowlist.
Filter: types
@payloadcms/richtext-lexical is part of the Payload CMS monorepo, authored in TypeScript, and ships its own .d.ts declaration files.
Filter: maintenance
Maintained as part of the Payload CMS project. Versioned and released together with the payload core package; receives the same release cadence.
Filter: boundary-fit
@payloadcms/richtext-lexical is the rich-text field plugin for Payload CMS, used exclusively in @repo/core-cms to configure rich-text fields in Payload collections. Feature packages access rich-text content as plain data through repository interfaces. This is the correct placement for a CMS-layer content plugin.
Filter: shadow-check
@payloadcms/richtext-lexical is the sole rich-text editor plugin in the workspace. The alternative Payload rich-text plugin (@payloadcms/richtext-slate) is not present.
Filter: eu-residency
@payloadcms/richtext-lexical is a server-side content plugin with no network communication to vendor-controlled endpoints. EU residency does not apply.
Filter: cve-scan
pnpm audit --audit-level=moderate reports no advisories against @payloadcms/richtext-lexical at the time of this trace.
Filter: named-consumer
@repo/core-cms uses @payloadcms/richtext-lexical to define the rich-text editor for content fields in the blog and other content collections. Named, non-hypothetical consumer exists today.
Prompt: replaces
@payloadcms/richtext-lexical replaces @payloadcms/richtext-slate, which was deprecated in Payload 3.x. Lexical is the recommended and actively maintained rich-text engine in the Payload 3.x ecosystem.
Prompt: migration-cost-out
Moderate. Rich-text data stored via Lexical is serialized in Lexical's internal JSON format. Migrating to a different rich-text engine would require a data migration for all existing rich-text content. The plugin is confined to core-cms, limiting the surface area.
Prompt: alternatives-considered
@payloadcms/richtext-slate— Deprecated in Payload 3.x; Lexical is the recommended successor.- Plain textarea fields — Rejected: insufficient for content that requires formatting, links, and embedded media (blog articles, marketing pages).