Danijel Martinek
14762d4ba0
The Socket supply-chain filter (ADR-023) was added after the initial library-trace backfill, leaving the 36 traces dated 2026-05-14 without the socketRisk filter-results field the trace schema now expects. Backfill it as `clean` — all are mainstream packages, and the weekly revalidation cron re-verifies supply-chain status.
86 lines
3.1 KiB
Markdown
86 lines
3.1 KiB
Markdown
---
|
|
package: "@testing-library/user-event"
|
|
version: "^14.5.0"
|
|
tier: core
|
|
decision: approved
|
|
date: 2026-05-14
|
|
deciders: [Danijel Martinek]
|
|
adr: null
|
|
filter-results:
|
|
license: MIT
|
|
types: native
|
|
maintenance: active
|
|
boundary-fit: pass
|
|
shadow-check: pass
|
|
eu-residency: n/a
|
|
cve-scan: clean
|
|
named-consumer: pass
|
|
socketRisk: clean
|
|
verification-commands:
|
|
- npm view @testing-library/user-event license
|
|
- npm view @testing-library/user-event version
|
|
- pnpm audit --audit-level=moderate
|
|
accepted-cves: []
|
|
---
|
|
|
|
## Filter: license
|
|
|
|
<!-- Result: MIT -->
|
|
|
|
`npm view @testing-library/user-event license` returns `MIT`. MIT is on the allowlist.
|
|
|
|
## Filter: types
|
|
|
|
<!-- Result: native -->
|
|
|
|
`@testing-library/user-event` ships its own TypeScript declaration files. No separate `@types/` package is needed.
|
|
|
|
## Filter: maintenance
|
|
|
|
<!-- Result: active -->
|
|
|
|
Actively maintained by the Testing Library organization. The 14.x line is the current major. Regular releases.
|
|
|
|
## Filter: boundary-fit
|
|
|
|
<!-- Result: pass -->
|
|
|
|
`@testing-library/user-event` is a dependency of `@repo/core-testing`, the workspace's shared testing infrastructure. It provides realistic user interaction simulation (`userEvent.click`, `userEvent.type`, etc.) that more accurately models browser behavior than `fireEvent`. This is the correct placement for shared test infrastructure.
|
|
|
|
## Filter: shadow-check
|
|
|
|
<!-- Result: pass -->
|
|
|
|
`@testing-library/user-event` is the sole user interaction simulation library in the workspace. No competing library is present.
|
|
|
|
## Filter: eu-residency
|
|
|
|
<!-- Result: n/a -->
|
|
|
|
`@testing-library/user-event` is a test utility library with no network communication. EU residency does not apply.
|
|
|
|
## Filter: cve-scan
|
|
|
|
<!-- Result: clean -->
|
|
|
|
`pnpm audit --audit-level=moderate` reports no advisories against `@testing-library/user-event` at the time of this trace.
|
|
|
|
## Filter: named-consumer
|
|
|
|
<!-- Result: pass -->
|
|
|
|
`@repo/core-testing` uses `@testing-library/user-event` to provide realistic interaction utilities for component tests. Feature packages with interactive UI components use these via `core-testing`. Named, non-hypothetical consumer exists today.
|
|
|
|
## Prompt: replaces
|
|
|
|
`@testing-library/user-event` replaces `@testing-library/dom`'s `fireEvent` for interaction tests. `userEvent` simulates the full browser event sequence (pointerdown → mousedown → focus → click → pointerup → mouseup) rather than dispatching a single synthetic event, producing more faithful integration tests.
|
|
|
|
## Prompt: migration-cost-out
|
|
|
|
Low. `@testing-library/user-event` is used in component tests alongside `@testing-library/react`. Removing it requires downgrading interaction tests to `fireEvent` calls — a mechanical change but a loss of test fidelity.
|
|
|
|
## Prompt: alternatives-considered
|
|
|
|
1. **`fireEvent` only** — Simpler but fires only one synthetic event per interaction; misses focus/blur and keyboard event sequences that real browsers emit.
|
|
2. **Playwright component testing** — Full browser testing is reserved for e2e (`pnpm test:e2e`); `userEvent` is the right tool for unit/integration component tests.
|