gomodguard icon indicating copy to clipboard operation
gomodguard copied to clipboard

Published 20 hours ago verified publisher icon ryancurrah

Indirect dependencies

Open zcolleen opened this issue 3 years ago • 1 comments

Hi mate! I'm a software engineer from Ozon Russia (big russian marketplace). We realy love your linter inside golangci-lint as we are able to check dependencies of projects. Unfortunately we cant check indirect dependencies with your linter as we would like to. Could you add a flag in golangci config settings of your linter to check or nor to check indirect dependencies? Or we can come with merge request to your project.

zcolleen avatar Sep 08 '21 09:09 zcolleen

If instead of checking the go.mod directly file you ran go list -m all you would get the full list of dependencies including indirect.

sgtsquiggs avatar Oct 27 '21 21:10 sgtsquiggs

The way this linter works is by determining which modules are blocked in your go.mod file and finding any blocked modules in your import statements. This is because lint results must point to lines in go code not lines in a go.mod file.

Indirect dependencies would usually not be imported into your go code and would never show up as blocked by the linter. So this feature would never work and because of that, I am going to close this request since it won't work.

ryancurrah avatar Jan 23 '23 00:01 ryancurrah

Although it's reasonable not to implement, but accidental indirect dependencies version bump could introduce unexpected changes. Currently we have to use script running go list -m xxx to check this

radaiming avatar Sep 19 '23 05:09 radaiming