核心要点代理域白名单与 `https` 强制;缓存命中需校验哈希与来源一致性。异常触发回退到主源或备用受控镜像,并记录证据链。实现示例type CacheEntry = { url: string; sha256: string; origin: string } const allowOrigins = new Set<string>(['https://registry.npmjs.org','https://registry.example.com']) function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) } function originAllowed(u: string): boolean { try { const x = new URL(u); return x.protocol === 'https:' && allowOrigins.has(x.origin) } catch { return false } } function validEntry(e: CacheEntry): boolean { return originAllowed(e.url) && originAllowed(e.origin) && hex64(e.sha256) } function pickFallback(candidates: string[]): string | null { for (const u of candidates) { try { const x = new URL(u); if (x.protocol === 'https:' && allowOrigins.has(x.origin)) return u } catch {} } return null } 审计与运行治理审计缓存命中、校验与回退来源;异常阻断并回退到受控来源。代理配置变更需审批与归档。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复