pnpm依赖去重与一致性治理（dedupe-范围-阻断）最佳实践

实现示例type Entry = { name: string; versions: string[] }

function semverValid(v: string): boolean { return /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?(?:\+[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?$/.test(v) }

function canUnify(versions: string[]): boolean { if (versions.length <= 1) return true; return versions.every(semverValid) }

function evaluate(entries: Entry[], maxDistinct: number): { ok: boolean; errors: string[] } {

const errors: string[] = []

for (const e of entries) {

const distinct = new Set(e.versions)

if (distinct.size > maxDistinct) errors.push(`${e.name}:${distinct.size}`)

if (!canUnify(e.versions)) errors.push(`invalid:${e.name}`)

}

return { ok: errors.length === 0, errors }

}

审计与CI门禁审计重复版本与统一策略；超过阈值阻断并输出修复建议。去重策略变更需审批与归档。