fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
14762d4ba0d534876dda3cd33aba3c70722e1485
agentic-dev-template/docs/library-decisions/2026-05-14-@tanstack/react-query.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces 
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

3.0 KiB
Raw Blame History

package, version, tier, decision, date, deciders, adr, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr filter-results verification-commands accepted-cves
@tanstack/react-query ^5.59.0 core approved 2026-05-14
Danijel Martinek
null
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer socketRisk
MIT native active pass pass n/a clean pass clean
npm view @tanstack/react-query license
npm view @tanstack/react-query version
pnpm audit --audit-level=moderate

Filter: license

npm view @tanstack/react-query license returns MIT. MIT is on the allowlist.

Filter: types

@tanstack/react-query is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/ package is needed.

Filter: maintenance

Actively maintained by the TanStack team. The 5.x line is the current stable major. Regular releases; strong community adoption alongside tRPC.

Filter: boundary-fit

@tanstack/react-query is listed as a runtime dependency of @repo/core-testing to provide the QueryClient and QueryClientProvider needed when rendering components that use TanStack Query hooks in tests. The production apps consume it through their framework layer. No boundary rule restricts React Query to a specific tier.

Filter: shadow-check

@tanstack/react-query is the sole server-state management library in the workspace. No competing library (SWR, Apollo Client, RTK Query, etc.) is present for the same purpose.

Filter: eu-residency

@tanstack/react-query is a pure client-side state management library with no network communication to vendor-controlled endpoints. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against @tanstack/react-query at the time of this trace.

Filter: named-consumer

@repo/core-testing uses @tanstack/react-query to set up QueryClient wrappers for component tests. The Next.js app uses TanStack Query for client-side data fetching with tRPC. Named, non-hypothetical consumers exist today.

Prompt: replaces

@tanstack/react-query replaces manual useEffect + useState patterns for server-state caching, deduplication, and background refetching. It is the standard companion to tRPC's React adapter.

Prompt: migration-cost-out

Hard. TanStack Query's useQuery / useMutation hooks are used in feature UI components across the Next.js app. The cache key structure (trpc.* query keys) is tightly coupled to tRPC's query key format. Migrating out requires replacing all data-fetching hooks and the cache invalidation strategy.

Prompt: alternatives-considered

  1. SWR — Similar feature set but less integration with tRPC's query key format; TanStack Query's devtools and cache invalidation API are more expressive.
  2. Apollo Client — GraphQL-centric; incompatible with tRPC's RPC model.