{
  "_meta": {
    "description": "Snyk 漏洞抑制配置:记录已知且可接受的漏洞,每条抑制项需说明原因和到期时间",
    "rule": "新增抑制项必须填写 reason 与 expires;到期后需重新评估",
    "severityLevels": ["critical", "high", "medium", "low"]
  },
  "ignore": [
    {
      "id": "SNYK-JS-LODASH-567746",
      "package": "lodash",
      "severity": "low",
      "reason": "原型污染漏洞,仅在开发依赖间接引用,生产环境未暴露受影响 API",
      "expires": "2026-09-30",
      "created": "2026-06-17",
      "owner": "security-team"
    },
    {
      "id": "SNYK-JS-SEMVER-3247795",
      "package": "semver",
      "severity": "low",
      "reason": "ReDoS 漏洞,仅构建工具链间接依赖,运行时不触发正则输入",
      "expires": "2026-09-30",
      "created": "2026-06-17",
      "owner": "security-team"
    }
  ],
  "policy": {
    "maxIgnoredCritical": 0,
    "maxIgnoredHigh": 0,
    "requireOwnerApproval": true,
    "reviewCadenceDays": 30
  }
}