实现示例type Wheel = { name: string; version: string; py: string; hash: string; url: string } const allowHosts = new Set<string>(['pypi.org','files.pythonhosted.org','pypi.example.com']) function hex64(h: string): boolean { return /^[A-Fa-f0-9]{64}$/.test(h) } function validUrl(u: string): boolean { try { const x = new URL(u); return x.protocol === 'https:' && allowHosts.has(x.host) } catch { return false } } function pyCompat(req: string, env: string): boolean { const m = /^(\^|~)?(\d+)\.(\d+)/.exec(req); if (!m) return false; const R = { M: parseInt(m[2],10), m: parseInt(m[3],10) }; const E = env.split('.').map(x => parseInt(x,10)); if (m[1] === '^') return E[0] === R.M && E[1] >= R.m; if (m[1] === '~') return E[0] === R.M && E[1] === R.m; return E[0] === R.M && E[1] === R.m } function evaluate(w: Wheel, envPy: string): { ok: boolean; errors: string[] } { const errors: string[] = []; if (!pyCompat(w.py, envPy)) errors.push('requires-python'); if (!hex64(w.hash)) errors.push('hash'); if (!validUrl(w.url)) errors.push('url'); return { ok: errors.length === 0, errors } } 审计与运行治理审计 `requires-python` 与哈希/来源;不兼容或来源异常阻断并回退。支持签名校验与受控镜像;变更需审批。
投稿
微信公众账号
微信扫一扫加关注
评论 返回
顶部
发表评论 取消回复