It would be nice to have a way to allow/deny indirect/transitive imports.

For example, let's say a have a package a imported by package b. Then I have package c that imports package b. And I have a rule that denies c to import a. Currently, the linter passes. I think there should be an option to fail in that case.

I am not sure on the best way to do that for this linter without significantly slowing this down. It looks at source files and reads the import statements from the AST. Though https://github.com/ryancurrah/gomodguard states it only works on direct dependencies as well. But given the go.sum file, it may be a better feature over there?

Open to suggestions though.

Of course that is only at the module level.

One (maybe stupid) option is to run go list -json ./... and parse the output, including Deps field. It also may be done only if at least one rule opted-in for the transitive check.

Another option is to use https://pkg.go.dev/golang.org/x/tools/go/packages