After I lint my code with frequent Go linters like shadow, then I count on third celebration code in vendor/ to not be scanned. As I don’t management this code.
$ go vet -vettool="$(which shadow)" ./...
# gitlab.com/gomidi/midi/v2/drivers/rtmididrv/imported/rtmidi
In file included from rtmidi_stub.cpp:4:
./cpp/RtMidi.cpp:1555:15: warning: variable size arrays in C++ are a Clang extension [-Wvla-cxx-extension]
./cpp/RtMidi.cpp:1555:15: word: learn of non-const variable 'bufsize' is just not allowed in a continuing expression
./cpp/RtMidi.cpp:1554:13: word: declared right here
Utilizing Go 1.24 with go set up golang.org/x/instruments/go/evaluation/passes/shadow/cmd/shadow@newest
Dozens of workarounds have been proposed on Stack Overflow, however they rely on GNU/BSD extensions to findutils. This breaks many Home windows environments, many *nix environments, and different working methods apart from. But others options rely on gometalinter (bloatware). All of those contain piping to little one processes and all of the complexity that comes with (good luck portably implementing set -o pipefail on present methods).
Searching for a pure Go answer, ideally go vet merely does this by default.
Frankly, shadow and different x instruments ought to inherently know find out how to correctly recurse over giant Go undertaking directories, mechanically ignoring any vendor directories. It’s a ache to wire up the which portion in a conveyable method with out one thing like mage-extras. I personally use mage[-extras], however many devs will need to use make or but different construct instruments.
Replace: Even inventory vet with out shadow experiences the identical downside of producing warnings for native C/C++ code in vendor directories.
