More info in PR for golangci/golangci-lint#4098

I like the idea of being explicit over implicit. I agree with Idez in this scenario, magic configs cropping up is not good. The reason why go.mod is allowed when no allow list is supplied is because this package assumed without an allow everything was allowed. Once you specified allowed, it went into a strict mode situation where everything is denied.

I just recently pushed a change to V2 that lets you determine the mode Strict vs Lax. I have not tagged it yet as I am trying to cleanup a few Issues before I do.

I can compromise by adding a $gomodname variable, but I don't see what that gives you outside of just putting it in the list (maybe the ability to reuse configs by module).

I am going to add the $gomodname variable in as I have a few other issues that require additional variables. That will be in the v2.2.0 release

I'll second that having depguard on for a package with 0 dependency yet getting

env_test.go:9:2: import 'fortio.org/struct2env' is not allowed from list 'Main' (depguard)
	"fortio.org/struct2env"
	^

when that's the module path is weird

the default config should at least work for "0 dep" packages where 0 deps still means the test package can test the module