search

OpenPeeDeeP / depguard

Go linter that checks if package imports are in a list of acceptable packages.
GNU General Public License v3.0
138 stars 15 forks source link

Different major versions of a module should be treated as different modules #99

Closed FlorianLoch closed 3 weeks ago

FlorianLoch commented 1 month ago

Hi there, I just ran into the issue of having a configuration denying the usage of math/rand - with the result of unintentionally also denying usage of math/rand/v2.

          - pkg: math/rand
            desc: consider math/rand/v2

That can be solved by refining the config to:

          - pkg: math/rand$ # We need an exact match, otherwise this rule will also disallow "math/rand/v2"
            desc: consider math/rand/v2

But it raises the general question, whether math/rand/v2 should really be denied by the upper rule? My assumption is that depguard basically performs a prefix match - and therefore considers math/rand/v2 a package inside the math/rand module?

I haven't looked into the code yet and am not entirely sure on what the Go specification demands in order to prevent version/package name ambiguity...

dixonwille commented 1 month ago

Depguard does just do a prefix match. And your solution is the intended solution around the issue. This does have its limitations, but I believe it was worth the performance improvements we get from it.