依赖重定向

【Dependency redirection】

应用可能需要发布已修补的模块版本，或防止模块允许所有模块访问所有其他模块。可以通过拦截尝试加载希望被替换的模块的操作来使用重定向。

【An application may need to ship patched versions of modules or to prevent modules from allowing all modules access to all other modules. Redirection can be used by intercepting attempts to load the modules wishing to be replaced.】

{
  "resources": {
    "./app/checked.js": {
      "dependencies": {
        "fs": true,
        "os": "./app/node_modules/alt-os",
        "http": { "import": true }
      }
    }
  }
} 拷贝

依赖以请求的指定符字符串为键，其值可以是 true、null、指向要解析模块的字符串，或者是条件对象。

【The dependencies are keyed by the requested specifier string and have values of either true, null, a string pointing to a module to be resolved, or a conditions object.】

说明符字符串不会执行任何搜索，并且必须与提供给 require() 或 import 的内容完全匹配，除了一个规范化步骤。因此，如果策略使用多个不同的字符串指向同一个模块（例如省略扩展名），可能需要多个说明符。

【The specifier string does not perform any searching and must match exactly what is provided to the require() or import except for a canonicalization step. Therefore, multiple specifiers may be needed in the policy if it uses multiple different strings to point to the same module (such as excluding the extension).】

指定符字符串会被规范化，但在用于匹配之前不会被解析，以便与导入映射保持一定的兼容性，例如如果一个资源 file:///C:/app/server.js 被位于 file:///C:/app/policy.json 的策略进行了以下重定向时：

【Specifier strings are canonicalized but not resolved prior to be used for matching in order to have some compatibility with import maps, for example if a resource file:///C:/app/server.js was given the following redirection from a policy located at file:///C:/app/policy.json:】

{
  "resources": {
    "file:///C:/app/utils.js": {
      "dependencies": {
        "./utils.js": "./utils-v2.js"
      }
    }
  }
} 拷贝

任何用于加载 file:///C:/app/utils.js 的指定符都会被拦截，并被重定向到 file:///C:/app/utils-v2.js，无论使用的是绝对路径还是相对路径指定符。然而，如果使用的指定符不是绝对或相对 URL 字符串，则不会被拦截。因此，如果使用类似 import('#utils') 的导入，它将不会被拦截。

【Any specifier used to load file:///C:/app/utils.js would then be intercepted and redirected to file:///C:/app/utils-v2.js instead regardless of using an absolute or relative specifier. However, if a specifier that is not an absolute or relative URL string is used, it would not be intercepted. So, if an import such as import('#utils') was used, it would not be intercepted.】

如果重定向的值为 true，策略文件顶部的“dependencies”字段将被使用。如果策略文件顶部的该字段为 true，则使用默认的节点搜索算法来查找模块。

【If the value of the redirection is true, a "dependencies" field at the top of the policy file will be used. If that field at the top of the policy file is true the default node searching algorithms are used to find the module.】

如果重定向的值是字符串，它将相对于清单进行解析，然后立即使用，而不进行搜索。

【If the value of the redirection is a string, it is resolved relative to the manifest and then immediately used without searching.】

根据该策略，任何尝试解析但未列在依赖中的指定符字符串都会导致错误。

【Any specifier string for which resolution is attempted and that is not listed in the dependencies results in an error according to the policy.】

重定向并不能阻止通过诸如直接访问 require.cache 或通过 module.constructor 等方式访问 API，这些方式可以访问正在加载的模块。策略重定向仅影响 require() 和 import 的说明符。其他手段，例如通过变量防止对 API 的非预期访问，对于封锁该模块加载路径是必要的。

【Redirection does not prevent access to APIs through means such as direct access to require.cache or through module.constructor which allow access to loading modules. Policy redirection only affects specifiers to require() and import. Other means, such as to prevent undesired access to APIs through variables, are necessary to lock down that path of loading modules.】

依赖映射的布尔值 true 可以用来允许模块加载任何指定的标识符而无需跳转。这在本地开发中可能很有用，并且在生产环境中也可能有某些有效用例，但在审核模块以确保其行为有效之后应谨慎使用。

【A boolean value of true for the dependencies map can be specified to allow a module to load any specifier without redirection. This can be useful for local development and may have some valid usage in production, but should be used only with care after auditing a module to ensure its behavior is valid.】

类似于 package.json 中的 exports，依赖也可以被指定为包含条件的对象，这些条件决定了依赖的加载方式。在前面的示例中，当加载时包含 "import" 条件时，"http" 是允许的。

【Similar to "exports" in package.json, dependencies can also be specified to be objects containing conditions which branch how dependencies are loaded. In the preceding example, "http" is allowed when the "import" condition is part of loading it.】

将解析值设为 null 会导致解析失败。这可以用于确保某些类型的动态访问被明确阻止。

【A value of null for the resolved value causes the resolution to fail. This can be used to ensure some kinds of dynamic access are explicitly prevented.】

解析模块位置时的未知值会导致失败，但不保证向前兼容。

【Unknown values for the resolved module location cause failures but are not guaranteed to be forward compatible.】