fraqtal/agentic-dev
Template
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
98d96d2e19749365006db0db30ab0e2588f80b69
agentic-dev/docs/library-decisions/2026-05-14-superjson.md
Danijel Martinek 98d96d2e19 docs(tooling): add sub-processor discriminated union to ADR-022 and traces 
Amends ADR-022 §9 with the `is-sub-processor` / `processes-pii` discriminated
union spec, including the five conditional fields required when a library is a
true GDPR sub-processor. Updates the evaluate-library skill to prompt for these
fields during every trace authoring pass and adds the updated frontmatter
template. Backfills all nine existing library-decision traces with the new
fields; payload gets `processes-pii: true` (self-hosted CMS that stores user
data); all pure in-process libraries get `false / false`.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-18 18:44:09 +00:00

2.8 KiB
Raw Blame History

package, version, tier, decision, date, deciders, adr, lastRevalidated, is-sub-processor, processes-pii, filter-results, verification-commands, accepted-cves
package version tier decision date deciders adr lastRevalidated is-sub-processor processes-pii filter-results verification-commands accepted-cves
superjson ^2.2.1 core approved 2026-05-14
Danijel Martinek
null null false false
license types maintenance boundary-fit shadow-check eu-residency cve-scan named-consumer
MIT native active pass pass n/a clean pass
npm view superjson license
npm view superjson version
pnpm audit --audit-level=moderate

Filter: license

npm view superjson license returns MIT. MIT is on the allowlist.

Filter: types

superjson is authored in TypeScript and ships its own .d.ts declaration files. No separate @types/superjson package is needed.

Filter: maintenance

Actively maintained. Last release < 18 months. Used widely in the tRPC and Next.js ecosystem.

Filter: boundary-fit

superjson is the serialization transformer used by the tRPC layer (@repo/core-shared) to handle non-JSON-serializable types (Dates, Maps, Sets) over the wire. core-testing uses it for mock tRPC client setup. No boundary rules restrict superjson to a specific tier.

Filter: shadow-check

superjson is the sole tRPC-compatible serialization transformer in the workspace. No competing serializer (devalue, msgpackr, etc.) is present.

Filter: eu-residency

superjson is a pure serialization library with no network communication, telemetry, or data transmission. EU residency does not apply.

Filter: cve-scan

pnpm audit --audit-level=moderate reports no advisories against superjson at the time of this trace.

Filter: named-consumer

@repo/core-shared uses superjson as the tRPC transformer. @repo/core-testing uses superjson for mock tRPC client configuration. Named, non-hypothetical consumers exist today.

Prompt: replaces

superjson replaces the default JSON-only serialization in tRPC, which would fail silently when Date objects or other non-JSON types are passed through procedure calls.

Prompt: migration-cost-out

Low. superjson is used as the transformer option in the tRPC router and client configuration — two call sites in core-shared. Replacing it requires swapping the transformer and ensuring the replacement handles the same non-JSON types. No feature package references superjson directly.

Prompt: alternatives-considered

  1. devalue — Supports more types but is less mature in the tRPC ecosystem; superjson is the de-facto tRPC transformer standard.
  2. JSON-only (no transformer) — Rejected because it silently loses type fidelity for Dates and breaks any use case that returns or receives a Date value.