golang-lint
por samber
Mejores prácticas de linting y configuración de golangci-lint para proyectos Golang: ejecutar linters, configurar .golangci.yml, suprimir advertencias con directivas nolint, interpretar la salida de lint y seleccionar linters. Úselo al configurar golangci-lint, preguntar sobre advertencias de lint o supresiones nolint, configurar herramientas de calidad de código o elegir linters. También úselo cuando el usuario mencione golangci-lint, go vet, staticcheck o revive.
npx skills add https://github.com/samber/cc-skills-golang --skill golang-lintPersona: You are a Go code quality engineer. You treat linting as a first-class part of the development workflow — not a post-hoc cleanup step.
Modes:
- Setup mode — configuring
.golangci.yml, choosing linters, enabling CI: follow the configuration and workflow sections sequentially. - Coding mode — writing new Go code: launch a background agent running
golangci-lint run --fixon the modified files only while the main agent continues implementing the feature; surface results when it completes. - Interpret/fix mode — reading lint output, suppressing warnings, fixing issues on existing code: start from "Interpreting Output" and "Suppressing Lint Warnings"; use parallel sub-agents for large-scale legacy cleanup.
Dependencies:
- golangci-lint:
go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
Go Linting
Overview
golangci-lint is the standard Go linting tool. It aggregates 100+ linters into a single binary, runs them in parallel, and provides a unified configuration format. Run it frequently during development and always in CI.
Every Go project MUST have a .golangci.yml — it is the source of truth for which linters are enabled and how they are configured. See the recommended configuration for a production-ready setup with 48 linters enabled.
Quick Reference
# Run all configured linters
golangci-lint run ./...
# Auto-fix issues where possible
golangci-lint run --fix ./...
# Format code (golangci-lint v2+)
golangci-lint fmt ./...
# Run a single linter only
golangci-lint run --enable-only govet ./...
# List all available linters
golangci-lint linters
# Verbose output with timing info
golangci-lint run --verbose ./...
Configuration
The recommended .golangci.yml provides a production-ready setup with 33 linters. For configuration details, linter categories, and per-linter descriptions, see the linter reference — which linters check for what (correctness, style, complexity, performance, security), descriptions of all 33+ linters, and when each one is useful.
Suppressing Lint Warnings
Use //nolint directives sparingly — fix the root cause first.
// Good: specific linter + justification
//nolint:errcheck // fire-and-forget logging, error is not actionable
_ = logger.Sync()
// Bad: blanket suppression without reason
//nolint
_ = logger.Sync()
Rules:
- //nolint directives MUST specify the linter name:
//nolint:errchecknot//nolint - //nolint directives MUST include a justification comment:
//nolint:errcheck // reason - The
nolintlintlinter enforces both rules above — it flags bare//nolintand missing reasons - NEVER suppress security linters (gosec, bodyclose, sqlclosecheck) without a very strong reason
For comprehensive patterns and examples, see nolint directives — when to suppress, how to write justifications, patterns for per-line vs per-function suppression, and anti-patterns.
Development Workflow
- Linters SHOULD be run after every significant change:
golangci-lint run ./... - Auto-fix what you can:
golangci-lint run --fix ./... - Format before committing:
golangci-lint fmt ./... - Incremental adoption on legacy code: set
issues.new-from-revin.golangci.ymlto only lint new/changed code, then gradually clean up old code
Makefile targets (recommended):
lint:
golangci-lint run ./...
lint-fix:
golangci-lint run --fix ./...
fmt:
golangci-lint fmt ./...
For CI pipeline setup (GitHub Actions with golangci-lint-action), see the samber/cc-skills-golang@golang-continuous-integration skill.
Interpreting Output
Each issue follows this format:
path/to/file.go:42:10: message describing the issue (linter-name)
The linter name in parentheses tells you which linter flagged it. Use this to:
- Look up the linter in the reference to understand what it checks
- Suppress with
//nolint:linter-name // reasonif it's a false positive - Use
golangci-lint run --verbosefor additional context and timing
Common Issues
| Problem | Solution |
|---|---|
| "deadline exceeded" | Set or increase run.timeout in .golangci.yml; golangci-lint v2 defaults to no timeout (0) |
| Too many issues on legacy code | Set issues.new-from-rev: HEAD~1 to lint only new code |
| Linter not found | Check golangci-lint linters — linter may need a newer version |
| Conflicts between linters | Disable the less useful one with a comment explaining why |
| v1 config errors after upgrade | Run golangci-lint migrate to convert config format |
| Slow on large repos | Reduce run.concurrency or exclude paths with linters.exclusions.paths / formatters.exclusions.paths |
Parallelizing Legacy Codebase Cleanup
When adopting linting on a legacy codebase, use up to 5 parallel sub-agents (via the Agent tool) to fix independent linter categories simultaneously:
- Sub-agent 1: Run
golangci-lint run --fix ./...for auto-fixable issues - Sub-agent 2: Fix security linter findings (bodyclose, sqlclosecheck, gosec)
- Sub-agent 3: Fix error handling issues (errcheck, nilerr, wrapcheck)
- Sub-agent 4: Fix style and formatting (gofumpt, goimports, revive)
- Sub-agent 5: Fix code quality (gocritic, unused, ineffassign)
Cross-References
- → See
samber/cc-skills-golang@golang-continuous-integrationskill for CI pipeline with golangci-lint-action - → See
samber/cc-skills-golang@golang-code-styleskill for style rules that linters enforce - → See
samber/cc-skills-golang@golang-securityskill for SAST tools beyond linting (gosec, govulncheck) - → See
samber/cc-skills-golang@golang-continuous-integrationskill for automated AI-driven code review in CI using these guidelines
Más skills de samber
golang-code-style
samber
Golang code style conventions — line length and breaking, variable declarations, control flow clarity, when comments help vs hurt. Use when writing or reviewing Go code, asking about style or clarity, or establishing project coding standards. Not for naming conventions (→ See `samber/cc-skills-golang@golang-naming` skill), linter configuration (→ See `samber/cc-skills-golang@golang-lint` skill), or doc comments (→ See `samber/cc-skills-golang@golang-documentation` skill).
developmentcode-review
golang-testing
samber
Production-ready Golang tests — table-driven tests, testify suites and mocks, parallel tests, fuzzing, fixtures, goroutine leak detection with goleak, snapshot testing, code coverage, integration tests, idiomatic test naming. Use when writing or reviewing Go tests, choosing a testing approach, setting up Go test CI, or debugging flaky/slow tests. For testify-specific APIs see `samber/cc-skills-golang@golang-stretchr-testify`; for measurement methodology see...
developmenttestingcode-review
golang-design-patterns
samber
Patrones de diseño idiomáticos en Golang: opciones funcionales, constructores, flujo y cascada de errores, gestión y ciclo de vida de recursos, apagado elegante, resiliencia, arquitectura, inyección de dependencias, manejo de datos, streaming y más. Aplicar al elegir explícitamente entre patrones arquitectónicos, implementar opciones funcionales, diseñar APIs de constructores, configurar un apagado elegante, aplicar patrones de resiliencia o preguntar qué patrón idiomático de Go se ajusta a un problema específico.
developmentdesigncode-review
golang-error-handling
samber
Idiomatic Golang error handling — creation, wrapping with %w, errors.Is/As, errors.Join, custom error types, sentinel errors, panic/recover, the single handling rule, structured logging with slog, HTTP request logging middleware, and samber/oops for production errors. Built to make logs usable at scale with log aggregation 3rd-party tools. Apply when creating, wrapping, inspecting, or logging errors in Go code. For samber/oops specifics → See `samber/cc-skills-golang@golang-samber-oops`...
developmentcode-review
golang-performance
samber
Patrones y metodología de optimización de rendimiento en Golang: si hay un cuello de botella X, entonces aplica Y. Cubre reducción de asignaciones, eficiencia de CPU, diseño de memoria, ajuste de GC, pooling, caching y optimización de rutas críticas. Úsalo cuando el perfilado o los benchmarks hayan identificado un cuello de botella y necesites el patrón de optimización adecuado para solucionarlo. También úsalo al realizar una revisión de código de rendimiento para sugerir mejoras o benchmarks que ayuden a identificar ganancias rápidas de rendimiento. No es para metodología de medición (→...
developmentcode-review
golang-security
samber
Prácticas recomendadas de seguridad y prevención de vulnerabilidades para Golang. Abarca inyección (SQL, comandos, XSS), criptografía, seguridad del sistema de archivos, seguridad de red, cookies, gestión de secretos, seguridad de memoria y registro. Aplicar al escribir, revisar o auditar código Go por seguridad, o al trabajar en cualquier código riesgoso que involucre criptografía, E/S, gestión de secretos, manejo de entrada de usuario o autenticación. Incluye configuración de herramientas de seguridad.
securitycode-reviewdevelopment
golang-database
samber
Guía completa para el acceso a bases de datos en Go: consultas parametrizadas, escaneo de estructuras, columnas anulables, transacciones, niveles de aislamiento, SELECT FOR UPDATE, pool de conexiones, procesamiento por lotes, propagación de contexto y herramientas de migración. Úsela al escribir, revisar o depurar código Golang que interactúe con PostgreSQL, MariaDB, MySQL o SQLite; para pruebas de bases de datos; o para preguntas sobre database/sql, sqlx o pgx. NO genera esquemas de bases de datos ni SQL de migración.
developmentdatabase
golang-troubleshooting
samber
Troubleshoot Golang programs systematically - find and fix the root cause. Use when encountering bugs, crashes, deadlocks, or unexpected behavior in Go code. Covers debugging methodology, common Go pitfalls, test-driven debugging, pprof setup and capture, Delve debugger, race detection, GODEBUG tracing, and production debugging. Start here for any 'something is wrong' situation. Not for interpreting profiles or benchmarking (→ See `samber/cc-skills-golang@golang-benchmark` skill) or applying...
developmenttesting