Lockfile漂移检测与安装一致性治理（node_modules-校验）最佳实践

实现示例type LockEntry = { name: string; version: string; integrity?: string } type ModuleEntry = { name: string; version: string } function parseSri(integrity?: string): { alg: 'sha256'; b64: string } | null { if (!integrity) return null; const m = /^sha256-([A-Za-z0-9+/=]+)$/.exec(integrity); return m ? { alg: 'sha256', b64: m[1] } : null } function compare(lock: LockEntry[], mods: ModuleEntry[]): { ok: boolean; diffs: string[] } { const lm = new Map<string, LockEntry>() for (const l of lock) lm.set(l.name, l) const diffs: string[] = [] for (const m of mods) { const le = lm.get(m.name) if (!le) { diffs.push(`missing:${m.name}`); continue } if (le.version !== m.version) diffs.push(`version:${m.name}`) const sri = parseSri(le.integrity || '') if (!sri) diffs.push(`integrity:${m.name}`) } return { ok: diffs.length === 0, diffs } } 审计与CI门禁记录漂移清单与哈希缺失；不一致阻断并提示重新安装或锁定。构建强制 `ci` 模式与离线缓存。