golang-lint

oleh samber

Praktik terbaik linting dan konfigurasi golangci-lint untuk proyek Golang — menjalankan linter, mengonfigurasi .golangci.yml, menekan peringatan dengan direktif nolint, menafsirkan keluaran lint, dan memilih linter. Gunakan saat mengonfigurasi golangci-lint, bertanya tentang peringatan lint atau penekanan nolint, menyiapkan alat kualitas kode, atau memilih linter. Juga gunakan saat pengguna menyebutkan golangci-lint, go vet, staticcheck, atau revive.

npx skills add https://github.com/samber/cc-skills-golang --skill golang-lint
Unduh ZIPGitHub

Persona: You are a Go code quality engineer. You treat linting as a first-class part of the development workflow — not a post-hoc cleanup step.

Modes:

  • Setup mode — configuring .golangci.yml, choosing linters, enabling CI: follow the configuration and workflow sections sequentially.
  • Coding mode — writing new Go code: launch a background agent running golangci-lint run --fix on the modified files only while the main agent continues implementing the feature; surface results when it completes.
  • Interpret/fix mode — reading lint output, suppressing warnings, fixing issues on existing code: start from "Interpreting Output" and "Suppressing Lint Warnings"; use parallel sub-agents for large-scale legacy cleanup.

Dependencies:

  • golangci-lint: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest

Go Linting

Overview

golangci-lint is the standard Go linting tool. It aggregates 100+ linters into a single binary, runs them in parallel, and provides a unified configuration format. Run it frequently during development and always in CI.

Every Go project MUST have a .golangci.yml — it is the source of truth for which linters are enabled and how they are configured. See the recommended configuration for a production-ready setup with 48 linters enabled.

Quick Reference

# Run all configured linters
golangci-lint run ./...

# Auto-fix issues where possible
golangci-lint run --fix ./...

# Format code (golangci-lint v2+)
golangci-lint fmt ./...

# Run a single linter only
golangci-lint run --enable-only govet ./...

# List all available linters
golangci-lint linters

# Verbose output with timing info
golangci-lint run --verbose ./...

Configuration

The recommended .golangci.yml provides a production-ready setup with 33 linters. For configuration details, linter categories, and per-linter descriptions, see the linter reference — which linters check for what (correctness, style, complexity, performance, security), descriptions of all 33+ linters, and when each one is useful.

Suppressing Lint Warnings

Use //nolint directives sparingly — fix the root cause first.

// Good: specific linter + justification
//nolint:errcheck // fire-and-forget logging, error is not actionable
_ = logger.Sync()

// Bad: blanket suppression without reason
//nolint
_ = logger.Sync()

Rules:

  1. //nolint directives MUST specify the linter name: //nolint:errcheck not //nolint
  2. //nolint directives MUST include a justification comment: //nolint:errcheck // reason
  3. The nolintlint linter enforces both rules above — it flags bare //nolint and missing reasons
  4. NEVER suppress security linters (gosec, bodyclose, sqlclosecheck) without a very strong reason

For comprehensive patterns and examples, see nolint directives — when to suppress, how to write justifications, patterns for per-line vs per-function suppression, and anti-patterns.

Development Workflow

  1. Linters SHOULD be run after every significant change: golangci-lint run ./...
  2. Auto-fix what you can: golangci-lint run --fix ./...
  3. Format before committing: golangci-lint fmt ./...
  4. Incremental adoption on legacy code: set issues.new-from-rev in .golangci.yml to only lint new/changed code, then gradually clean up old code

Makefile targets (recommended):

lint:
	golangci-lint run ./...

lint-fix:
	golangci-lint run --fix ./...

fmt:
	golangci-lint fmt ./...

For CI pipeline setup (GitHub Actions with golangci-lint-action), see the samber/cc-skills-golang@golang-continuous-integration skill.

Interpreting Output

Each issue follows this format:

path/to/file.go:42:10: message describing the issue (linter-name)

The linter name in parentheses tells you which linter flagged it. Use this to:

  • Look up the linter in the reference to understand what it checks
  • Suppress with //nolint:linter-name // reason if it's a false positive
  • Use golangci-lint run --verbose for additional context and timing

Common Issues

ProblemSolution
"deadline exceeded"Set or increase run.timeout in .golangci.yml; golangci-lint v2 defaults to no timeout (0)
Too many issues on legacy codeSet issues.new-from-rev: HEAD~1 to lint only new code
Linter not foundCheck golangci-lint linters — linter may need a newer version
Conflicts between lintersDisable the less useful one with a comment explaining why
v1 config errors after upgradeRun golangci-lint migrate to convert config format
Slow on large reposReduce run.concurrency or exclude paths with linters.exclusions.paths / formatters.exclusions.paths

Parallelizing Legacy Codebase Cleanup

When adopting linting on a legacy codebase, use up to 5 parallel sub-agents (via the Agent tool) to fix independent linter categories simultaneously:

  • Sub-agent 1: Run golangci-lint run --fix ./... for auto-fixable issues
  • Sub-agent 2: Fix security linter findings (bodyclose, sqlclosecheck, gosec)
  • Sub-agent 3: Fix error handling issues (errcheck, nilerr, wrapcheck)
  • Sub-agent 4: Fix style and formatting (gofumpt, goimports, revive)
  • Sub-agent 5: Fix code quality (gocritic, unused, ineffassign)

Cross-References

  • → See samber/cc-skills-golang@golang-continuous-integration skill for CI pipeline with golangci-lint-action
  • → See samber/cc-skills-golang@golang-code-style skill for style rules that linters enforce
  • → See samber/cc-skills-golang@golang-security skill for SAST tools beyond linting (gosec, govulncheck)
  • → See samber/cc-skills-golang@golang-continuous-integration skill for automated AI-driven code review in CI using these guidelines

Lebih banyak skill dari samber

golang-code-style
samber
Golang code style conventions — line length and breaking, variable declarations, control flow clarity, when comments help vs hurt. Use when writing or reviewing Go code, asking about style or clarity, or establishing project coding standards. Not for naming conventions (→ See `samber/cc-skills-golang@golang-naming` skill), linter configuration (→ See `samber/cc-skills-golang@golang-lint` skill), or doc comments (→ See `samber/cc-skills-golang@golang-documentation` skill).
developmentcode-review
golang-testing
samber
Production-ready Golang tests — table-driven tests, testify suites and mocks, parallel tests, fuzzing, fixtures, goroutine leak detection with goleak, snapshot testing, code coverage, integration tests, idiomatic test naming. Use when writing or reviewing Go tests, choosing a testing approach, setting up Go test CI, or debugging flaky/slow tests. For testify-specific APIs see `samber/cc-skills-golang@golang-stretchr-testify`; for measurement methodology see...
developmenttestingcode-review
golang-design-patterns
samber
Pola desain Golang yang idiomatis — opsi fungsional, konstruktor, aliran dan kaskade kesalahan, manajemen sumber daya dan siklus hidup, penghentian secara bertahap, ketahanan, arsitektur, injeksi dependensi, penanganan data, streaming, dan lainnya. Terapkan saat secara eksplisit memilih antara pola arsitektural, mengimplementasikan opsi fungsional, mendesain API konstruktor, menyiapkan penghentian secara bertahap, menerapkan pola ketahanan, atau menanyakan pola Go idiomatis mana yang cocok untuk masalah tertentu.
developmentdesigncode-review
golang-error-handling
samber
Idiomatic Golang error handling — creation, wrapping with %w, errors.Is/As, errors.Join, custom error types, sentinel errors, panic/recover, the single handling rule, structured logging with slog, HTTP request logging middleware, and samber/oops for production errors. Built to make logs usable at scale with log aggregation 3rd-party tools. Apply when creating, wrapping, inspecting, or logging errors in Go code. For samber/oops specifics → See `samber/cc-skills-golang@golang-samber-oops`...
developmentcode-review
golang-performance
samber
Pola dan metodologi optimasi performa Golang - jika X bottleneck, maka terapkan Y. Mencakup pengurangan alokasi, efisiensi CPU, tata letak memori, penyesuaian GC, pooling, caching, dan optimasi jalur panas. Gunakan saat profiling atau benchmark telah mengidentifikasi bottleneck dan Anda membutuhkan pola optimasi yang tepat untuk memperbaikinya. Juga gunakan saat melakukan tinjauan kode performa untuk menyarankan perbaikan atau benchmark yang dapat membantu mengidentifikasi peningkatan performa cepat. Bukan untuk metodologi pengukuran (→...
developmentcode-review
golang-security
samber
Praktik terbaik keamanan dan pencegahan kerentanan untuk Golang. Mencakup injeksi (SQL, command, XSS), kriptografi, keamanan sistem file, keamanan jaringan, cookie, manajemen rahasia, keamanan memori, dan pencatatan log. Terapkan saat menulis, meninjau, atau mengaudit kode Go untuk keamanan, atau saat mengerjakan kode berisiko yang melibatkan kripto, I/O, manajemen rahasia, penanganan input pengguna, atau autentikasi. Termasuk konfigurasi alat keamanan.
securitycode-reviewdevelopment
golang-database
samber
Panduan komprehensif untuk akses database Go — kueri terparameter, pemindaian struct, kolom NULLable, transaksi, tingkat isolasi, SELECT FOR UPDATE, kumpulan koneksi, pemrosesan batch, propagasi konteks, dan alat migrasi. Gunakan saat menulis, meninjau, atau men-debug kode Golang yang berinteraksi dengan PostgreSQL, MariaDB, MySQL, atau SQLite; untuk pengujian database; atau untuk pertanyaan tentang database/sql, sqlx, atau pgx. TIDAK menghasilkan skema database atau SQL migrasi.
developmentdatabase
golang-troubleshooting
samber
Troubleshoot Golang programs systematically - find and fix the root cause. Use when encountering bugs, crashes, deadlocks, or unexpected behavior in Go code. Covers debugging methodology, common Go pitfalls, test-driven debugging, pprof setup and capture, Delve debugger, race detection, GODEBUG tracing, and production debugging. Start here for any 'something is wrong' situation. Not for interpreting profiles or benchmarking (→ See `samber/cc-skills-golang@golang-benchmark` skill) or applying...
developmenttesting