depguard cannot blacklist toplevel imports (clearify what includeGoRoot does)

Question

depguard cannot blacklist toplevel imports (clearify what includeGoRoot does)

howardjohn opened this issue 5 years ago · comments

I want the following config:

{
  "type": "blacklist",
  "packages": [
    "testing"
  ]
}

To block users from importing testing packages into our main code, which bloats the flags we have in our binaries. However depguard seems to ignore these blacklists. If I put any builtins like testing or strings, depguard will not reject them, but other packages like github.com/davecgh/go-spew/spew are accepted

John Howard · Answer 1 · Wed Jul 24 2019 06:46:05 GMT+0800 (China Standard Time)

Nevermind I misunderstood includeGoRoot

Will Dixon · Answer 2 · Wed Jul 24 2019 06:48:13 GMT+0800 (China Standard Time)

Thanks for responding back with the solution. Just for interest of making it better, is there a better term/config I could use as an alias to help clarify what it does?

John Howard · Answer 3 · Wed Jul 24 2019 06:51:58 GMT+0800 (China Standard Time)

I somehow thought that this meant it would be running against the actual standard lib code (not sure why that would ever make sense 🙂) rather than including the std lib as part of the imports. includeGoStdLib maybe slightly more understandable (to me, at least), but probably not worth it.

I wonder if its possible to just fail if they provide something in the stdlib and have includeGoRoot set to false?

Will Dixon · Answer 4 · Wed Jul 24 2019 06:54:02 GMT+0800 (China Standard Time)

I don't like the failing bit, but a warning message may be nice. I'll change this to a feature request then. And adding an alias for includeGoStdLib to do what includeGoRoot should not be too hard to do.