核心要点按环境与白名单修剪依赖树,移除开发与未使用依赖。输出精简清单与差异;对关键路径依赖保留证据链。实现示例type Node = { name: string; version: string; deps: string[]; dev?: boolean; optional?: boolean }
function semverValid(v: string): boolean {
return /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?(?:\+[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?$/.test(v)
}
function buildGraph(nodes: Node[]): Map<string, Node> {
const m = new Map<string, Node>()
for (const n of nodes) m.set(`${n.name}@${n.version}`, n)
return m
}
function prune(graph: Map<string, Node>, allow: Set<string>, env: 'prod' | 'dev'): Set<string> {
const keep = new Set<string>()
const stack: string[] = Array.from(allow)
while (stack.length) {
const key = stack.pop() as string
if (keep.has(key)) continue
const n = graph.get(key)
if (!n || !semverValid(n.version)) continue
if (env === 'prod' && (n.dev || n.optional)) continue
keep.add(key)
for (const d of n.deps) stack.push(d)
}
return keep
}
function diff(all: Map<string, Node>, kept: Set<string>): { removed: string[]; kept: string[] } {
const removed: string[] = []
const keptArr: string[] = []
for (const k of all.keys()) {
if (kept.has(k)) keptArr.push(k)
else removed.push(k)
}
return { removed, kept: keptArr }
}
审计与CI门禁记录修剪前后差异与关键路径;生产构建仅加载保留清单。关键依赖变更需审批与回归校验;异常检出阻断并输出证据。
发表评论 取消回复