npm包发布源域名与2FA治理（源-2FA-门禁）最佳实践

实现示例type PublishCtx = { issuerDomain: string; user2fa: boolean; pkg: string; version: string }

const allowDomains = new Set<string>(['npmjs.com','registry.npmjs.org'])

function domainAllowed(d: string): boolean { return allowDomains.has(d) }

function evaluate(ctx: PublishCtx): { ok: boolean; errors: string[] } {

const errors: string[] = []

if (!domainAllowed(ctx.issuerDomain)) errors.push('domain')

if (ctx.user2fa !== true) errors.push('2fa')

if (!ctx.pkg || !/^\d+\.\d+\.\d+/.test(ctx.version)) errors.push('pkg')

return { ok: errors.length === 0, errors }

}

审计与发布治理审计发布源域名与2FA状态；不合规阻断并输出修复建议。变更需审批与归档。