Top Related Projects
Fast linters runner for Go
Staticcheck - The advanced Go linter
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Go security checker
Quick Overview
errcheck is a Go program that checks for unchecked errors in Go code. It reports instances where error return values are not checked, helping developers identify potential bugs and improve code reliability.
Pros
- Improves code quality by identifying unchecked errors
- Easy to integrate into existing Go projects and CI/CD pipelines
- Customizable with ignore lists and exclusion patterns
- Supports analyzing both single packages and entire Go workspaces
Cons
- May produce false positives in certain scenarios
- Requires manual review of reported issues to determine their relevance
- Can be overly strict for some coding styles or patterns
- Limited to error checking and doesn't cover other types of static analysis
Getting Started
To install errcheck, run:
go install github.com/kisielk/errcheck@latest
To use errcheck on a Go package:
errcheck ./...
To exclude certain functions or packages:
errcheck -exclude errcheck_excludes.txt ./...
Where errcheck_excludes.txt
contains patterns of functions to exclude, e.g.:
(*net.TCPConn).SetDeadline
(*net.TCPConn).SetReadDeadline
(*net.TCPConn).SetWriteDeadline
For more advanced usage and configuration options, refer to the project's README on GitHub.
Competitor Comparisons
Fast linters runner for Go
Pros of golangci-lint
- Comprehensive: Integrates multiple linters, including errcheck, offering a more extensive code analysis
- Customizable: Allows users to enable/disable specific linters and configure rules
- Performance: Runs linters in parallel, resulting in faster execution times
Cons of golangci-lint
- Complexity: More challenging to set up and configure due to its extensive feature set
- Resource usage: May consume more system resources compared to errcheck's focused approach
- Learning curve: Requires time to understand and utilize all available features effectively
Code comparison
errcheck usage:
errcheck ./...
golangci-lint usage:
golangci-lint run
Both tools can be used to check for unchecked errors, but golangci-lint offers a more comprehensive analysis by default. errcheck focuses specifically on unchecked errors, while golangci-lint includes this functionality along with many other linters.
golangci-lint configuration (example):
linters:
enable:
- errcheck
- govet
- staticcheck
errcheck doesn't require a configuration file for basic usage, making it simpler to set up for projects that only need error checking.
Staticcheck - The advanced Go linter
Pros of go-tools
- Offers a broader suite of analysis tools beyond just error checking
- Provides more advanced and customizable static analysis capabilities
- Actively maintained with regular updates and improvements
Cons of go-tools
- May have a steeper learning curve due to its more comprehensive feature set
- Potentially slower execution time for large codebases due to more extensive analysis
Code Comparison
errcheck:
if err := doSomething(); err != nil {
return err
}
go-tools (staticcheck):
if err := doSomething(); err != nil {
return fmt.Errorf("failed to do something: %w", err)
}
Summary
errcheck is a focused tool specifically designed for error checking in Go code. It's simple to use and efficient for its single purpose. go-tools, on the other hand, is a more comprehensive suite of static analysis tools that includes error checking along with many other code quality checks.
go-tools offers more advanced features and customization options, making it suitable for larger projects or teams with specific code quality requirements. However, this broader scope may come at the cost of increased complexity and potentially longer execution times.
errcheck remains a solid choice for developers looking for a straightforward, lightweight error checking tool, while go-tools is better suited for those seeking a more comprehensive static analysis solution for their Go projects.
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Pros of Revive
- More comprehensive linting tool with 70+ rules, covering a wider range of code quality issues
- Highly configurable with the ability to enable/disable specific rules and set custom severities
- Faster execution due to concurrent processing of files
Cons of Revive
- Steeper learning curve due to its extensive configuration options
- May produce more false positives or unnecessary warnings compared to Errcheck's focused approach
Code Comparison
Errcheck focuses specifically on unchecked errors:
_, err := someFunction()
// Errcheck will flag this line for not checking the error
Revive can catch a broader range of issues, including unchecked errors:
_, err := someFunction()
// Revive will flag this line for not checking the error
var x int = "string"
// Revive will also flag this line for type mismatch
Summary
Errcheck is a specialized tool for detecting unchecked errors in Go code, while Revive is a more comprehensive linter with a broader set of rules. Errcheck is simpler to use and focuses on a specific issue, whereas Revive offers more extensive code analysis but requires more configuration. Choose Errcheck for a quick and focused error check, or Revive for a more thorough code quality analysis.
Go security checker
Pros of gosec
- Broader security focus, covering multiple vulnerability types
- Integrates with CI/CD pipelines for automated security checks
- Provides detailed explanations and remediation suggestions for identified issues
Cons of gosec
- May produce more false positives due to its comprehensive approach
- Requires more configuration and setup compared to errcheck
- Can be slower to run, especially on large codebases
Code comparison
errcheck focuses specifically on unchecked errors:
file, _ := os.Open("example.txt") // errcheck would flag this
gosec covers a wider range of security issues:
password := "hardcoded_password" // gosec would flag this
http.ListenAndServe(":8080", nil) // gosec would flag this (use of HTTP)
errcheck is a lightweight tool that excels at identifying unchecked errors in Go code. It's fast and easy to use but has a narrow focus. gosec, on the other hand, is a more comprehensive security scanner that checks for various security issues, including but not limited to error handling. While gosec provides a broader security analysis, it may require more setup and can be slower to run. The choice between the two depends on whether you need focused error checking or a more extensive security analysis for your Go projects.
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual CopilotREADME
errcheck
errcheck is a program for checking for unchecked errors in Go code.
Install
go install github.com/kisielk/errcheck@latest
errcheck requires Go 1.18 or newer.
Use
For basic usage, just give the package path of interest as the first argument:
errcheck github.com/kisielk/errcheck/testdata
To check all packages beneath the current directory:
errcheck ./...
Or check all packages in your $GOPATH
and $GOROOT
:
errcheck all
errcheck also recognizes the following command-line options:
The -tags
flag takes a space-separated list of build tags, just like go build
. If you are using any custom build tags in your code base, you may need
to specify the relevant tags here.
The -asserts
flag enables checking for ignored type assertion results. It
takes no arguments.
The -blank
flag enables checking for assignments of errors to the
blank identifier. It takes no arguments.
The -abspath
flag prints the absolute paths to files with unchecked errors.
The -mod
flag sets the module download mode to use: readonly
or vendor
.
go/analysis
The package provides Analyzer
instance that can be used with
go/analysis API.
Currently supported flags are blank
, assert
, exclude
, and excludeonly
.
Just as the API itself, the analyzer is experimental and may change in the
future.
Excluding functions
Use the -exclude
flag to specify a path to a file containing a list of functions to
be excluded.
errcheck -exclude errcheck_excludes.txt path/to/package
The file should contain one function signature per line. The format for function signatures is
package.FunctionName
while for methods it's (package.Receiver).MethodName
for value receivers
and (*package.Receiver).MethodName
for pointer receivers. If the function name is followed by string of form (TYPE)
, then
the the function call is excluded only if the type of the first argument is TYPE
. It also accepts a special suffix
(os.Stdout)
and (os.Stderr)
, which excludes the function only when the first argument is a literal os.Stdout
or os.Stderr
.
An example of an exclude file is:
io.Copy(*bytes.Buffer)
io.Copy(os.Stdout)
os.ReadFile
// Sometimes we don't care if a HTTP request fails.
(*net/http.Client).Do
By default, the exclude list is combined with an internal list for functions in
the Go standard library that have an error return type but are documented to never
return an error. To disable the built-in exclude list, pass the -excludeonly
flag.
Run errcheck in -verbose
mode to see the resulting list of added excludes.
When using vendored dependencies, specify the full import path. For example:
- Your project's import path is
example.com/yourpkg
- You've vendored
example.net/fmt2
asvendor/example.net/fmt2
- You want to exclude
fmt2.Println
from error checking
In this case, add this line to your exclude file:
example.com/yourpkg/vendor/example.net/fmt2.Println
Empty lines and lines starting with //
are ignored.
The deprecated method
The -ignore
flag takes a comma-separated list of pairs of the form package:regex.
For each package, the regex describes which functions to ignore within that package.
The package may be omitted to have the regex apply to all packages.
For example, you may wish to ignore common operations like Read and Write:
errcheck -ignore '[rR]ead|[wW]rite' path/to/package
or you may wish to ignore common functions like the print
variants in fmt
:
errcheck -ignore 'fmt:[FS]?[Pp]rint*' path/to/package
The -ignorepkg
flag takes a comma-separated list of package import paths
to ignore:
errcheck -ignorepkg 'fmt,encoding/binary' path/to/package
Note that this is equivalent to:
errcheck -ignore 'fmt:.*,encoding/binary:.*' path/to/package
If a regex is provided for a package pkg
via -ignore
, and pkg
also appears
in the list of packages passed to -ignorepkg
, the latter takes precedence;
that is, all functions within pkg
will be ignored.
Note that by default the fmt
package is ignored entirely, unless a regex is
specified for it. To disable this, specify a regex that matches nothing:
errcheck -ignore 'fmt:a^' path/to/package
The -ignoretests
flag disables checking of _test.go
files. It takes
no arguments.
The -ignoregenerated
flag disables checking of generated source code. It takes no arguments.
Exit Codes
errcheck returns 1 if any problems were found in the checked files. It returns 2 if there were any other failures.
Editor Integration
Emacs
go-errcheck.el
integrates errcheck with Emacs by providing a go-errcheck
command
and customizable variables to automatically pass flags to errcheck.
Vim
vim-go can run errcheck via both its :GoErrCheck
and :GoMetaLinter
commands.
Top Related Projects
Fast linters runner for Go
Staticcheck - The advanced Go linter
🔥 ~6x faster, stricter, configurable, extensible, and beautiful drop-in replacement for golint
Go security checker
Convert designs to code with AI
Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.
Try Visual Copilot