实现示例type Purl = { type: string; name: string; version?: string; qualifiers?: Record<string,string>; namespace?: string }
const allowTypes = new Set<string>(['npm','maven','pypi','golang','nuget','github'])
function validName(n: string): boolean { return !!n && !/\s/.test(n) }
function semverLike(v?: string): boolean { return v ? /^(\d+\.\d+\.\d+)(?:[-A-Za-z0-9_.]+)?$/.test(v) : true }
function qualifierAllowed(q?: Record<string,string>): boolean {
if (!q) return true
for (const [k,v] of Object.entries(q)) {
if (!/^[a-z0-9_\-]+$/.test(k)) return false
if (!/^[A-Za-z0-9_.:\-]+$/.test(v)) return false
}
return true
}
function evaluate(p: Purl): { ok: boolean; errors: string[] } {
const errors: string[] = []
if (!allowTypes.has(p.type)) errors.push('type')
if (!validName(p.name)) errors.push('name')
if (!semverLike(p.version)) errors.push('version')
if (!qualifierAllowed(p.qualifiers)) errors.push('qualifiers')
return { ok: errors.length === 0, errors }
}
审计与运行治理审计 PURL 组件的类型、名称、版本与限定符;异常阻断并输出修复建议。与 SBOM 对齐组件标识,确保跨生态一致性。
发表评论 取消回复