Scoped令牌泄露应急与强制轮换治理（检测-吊销-回退）最佳实践

实现示例type Token = { id: string; scope: string; created: number; expires: number; perms: string[] }

function validScope(s: string): boolean { return /^@[a-z0-9_\-]+$/.test(s) }

function minimalPerms(perms: string[]): boolean { return perms.length === 1 && perms[0] === 'read:packages' }

function leaked(s: string): boolean {

return /(ghp_[A-Za-z0-9]{36}|npm_[A-Za-z0-9]{36})/.test(s)

}

function within(created: number, expires: number, now: number, leewaySec: number): boolean {

if (expires <= created) return false

return now + leewaySec * 1000 >= created && now - leewaySec * 1000 <= expires

}

function evaluate(t: Token, now: number): { ok: boolean; actions: string[] } {

const actions: string[] = []

const ok = validScope(t.scope) && minimalPerms(t.perms) && within(t.created, t.expires, now, 60)

if (!ok) actions.push('rotate')

return { ok, actions }

}

审计与运行治理记录令牌作用域、权限与时间窗口；异常触发吊销与轮换并回退到可信配置。禁止高权限令牌在构建环境使用；默认只读。