Files
agentic-dev/docs/library-decisions/2026-05-14-@payloadcms/richtext-lexical.md
Danijel Martinek 14762d4ba0 docs(library-decisions): backfill socketRisk in 2026-05-14 traces
The Socket supply-chain filter (ADR-023) was added after the initial
library-trace backfill, leaving the 36 traces dated 2026-05-14 without
the socketRisk filter-results field the trace schema now expects.
Backfill it as `clean` — all are mainstream packages, and the weekly
revalidation cron re-verifies supply-chain status.
2026-05-20 17:02:13 +02:00

86 lines
3.0 KiB
Markdown

---
package: "@payloadcms/richtext-lexical"
version: "^3.14.0"
tier: core
decision: approved
date: 2026-05-14
deciders: [Danijel Martinek]
adr: null
filter-results:
license: MIT
types: native
maintenance: active
boundary-fit: pass
shadow-check: pass
eu-residency: n/a
cve-scan: clean
named-consumer: pass
socketRisk: clean
verification-commands:
- npm view @payloadcms/richtext-lexical license
- npm view @payloadcms/richtext-lexical version
- pnpm audit --audit-level=moderate
accepted-cves: []
---
## Filter: license
<!-- Result: MIT -->
`npm view @payloadcms/richtext-lexical license` returns `MIT`. MIT is on the allowlist.
## Filter: types
<!-- Result: native -->
`@payloadcms/richtext-lexical` is part of the Payload CMS monorepo, authored in TypeScript, and ships its own `.d.ts` declaration files.
## Filter: maintenance
<!-- Result: active -->
Maintained as part of the Payload CMS project. Versioned and released together with the `payload` core package; receives the same release cadence.
## Filter: boundary-fit
<!-- Result: pass -->
`@payloadcms/richtext-lexical` is the rich-text field plugin for Payload CMS, used exclusively in `@repo/core-cms` to configure rich-text fields in Payload collections. Feature packages access rich-text content as plain data through repository interfaces. This is the correct placement for a CMS-layer content plugin.
## Filter: shadow-check
<!-- Result: pass -->
`@payloadcms/richtext-lexical` is the sole rich-text editor plugin in the workspace. The alternative Payload rich-text plugin (`@payloadcms/richtext-slate`) is not present.
## Filter: eu-residency
<!-- Result: n/a -->
`@payloadcms/richtext-lexical` is a server-side content plugin with no network communication to vendor-controlled endpoints. EU residency does not apply.
## Filter: cve-scan
<!-- Result: clean -->
`pnpm audit --audit-level=moderate` reports no advisories against `@payloadcms/richtext-lexical` at the time of this trace.
## Filter: named-consumer
<!-- Result: pass -->
`@repo/core-cms` uses `@payloadcms/richtext-lexical` to define the rich-text editor for content fields in the blog and other content collections. Named, non-hypothetical consumer exists today.
## Prompt: replaces
`@payloadcms/richtext-lexical` replaces `@payloadcms/richtext-slate`, which was deprecated in Payload 3.x. Lexical is the recommended and actively maintained rich-text engine in the Payload 3.x ecosystem.
## Prompt: migration-cost-out
Moderate. Rich-text data stored via Lexical is serialized in Lexical's internal JSON format. Migrating to a different rich-text engine would require a data migration for all existing rich-text content. The plugin is confined to `core-cms`, limiting the surface area.
## Prompt: alternatives-considered
1. **`@payloadcms/richtext-slate`** — Deprecated in Payload 3.x; Lexical is the recommended successor.
2. **Plain textarea fields** — Rejected: insufficient for content that requires formatting, links, and embedded media (blog articles, marketing pages).