Peer依赖一致性与冲突治理（范围-匹配-阻断）最佳实践

实现示例function semverValid(v: string): boolean { return /^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?(?:\+[0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*)?$/.test(v) }

function matchRange(range: string, v: string): boolean {

const m = /^(\^|~)?(\d+)\.(\d+)\.(\d+)$/.exec(range)

if (!m || !semverValid(v)) return false

const op = m[1] || ''

const R = { M: parseInt(m[2],10), m: parseInt(m[3],10), p: parseInt(m[4],10) }

const V = v.split('.').map(x => parseInt(x,10))

if (op === '^') return V[0] === R.M && (V[1] > R.m || (V[1] === R.m && V[2] >= R.p))

if (op === '~') return V[0] === R.M && V[1] === R.m && V[2] >= R.p

return V[0] === R.M && V[1] === R.m && V[2] === R.p

}

type Peer = { name: string; required: string; installed: string }

function evaluate(peers: Peer[]): { ok: boolean; errors: string[] } {

const errors: string[] = []

for (const p of peers) {

if (!matchRange(p.required, p.installed)) errors.push(`${p.name}:${p.required}:${p.installed}`)

}

return { ok: errors.length === 0, errors }

}

审计与CI门禁输出不满足约束的清单并阻断；建议升级或统一到兼容版本。关键 peer 约束变更需审批与回归验证。