Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
154.pages.dev/exports
This what you wanted? To be a janitor? Live like this? All this? Do what you do? It can’t be. It’s a burden, that’s what I’m trying to tell you. That’s how it feels.
Michael Clayton (2007)
The exports module prints exported identifiers in Go source code.
Starting with StaticCheck 2020.2, whole-program mode was removed. it now operates like this:
The normal mode of 'unused' now considers all exported package-level identifiers as used
So we need to unexport all symbols using some tactic. This will then give us agency. StaticCheck will then report symbols as unused, which we can respond to by either exporting them or removing them.
If you use a command line this:
gofmt -w -r 'NewBuffer -> _NewBuffer' .
It will also catch imported functions like bytes.NewBuffer
. You could try to
fix like this:
gofmt -w -r 'a._NewBuffer -> a.NewBuffer' .
but it will also catch method calls:
hello.Len()
we could try hardcoding the exceptions:
gofmt -w -r 'bytes._NewBuffer -> bytes.NewBuffer' .
but the imported method calls will still be broken:
bytes.Buffer._Len()
we can use this:
rf 'mv FinishedHash _FinishedHash'
but it only works for a single identifier. Can we print out all identifiers?
May 10, 2020:
https://github.com/dominikh/go-tools/commit/5cfc85b
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.