英文:
What happens to a Golang project when a dependecy package's owner removes the repository from github?
问题
我是你的中文翻译助手,以下是翻译好的内容:
我对Golang还不熟悉,我来自NodeJS,对依赖管理的工作方式有些担忧。
在NodeJS中,你可以放心使用NPM依赖,因为它们托管在NPM.com上,而且NPM不允许所有者删除它们。然而,在Github上,所有者可以删除整个存储库,导致依赖于该存储库的所有项目都无法使用。
我想知道这是如何工作的。在Golang的一侧是否有一个镜像来保证包的安全性?或者是否有一种类似于Node的方法,而不必将包托管在项目内部?
英文:
I'm new to Golang, I come from NodeJS and I'm a little concerned about how the dependency management works.
In Node you can rest assured that an NPM dependency will never cease to be available since it's hosted on NPM.com, and they don't allow owners to remove them. However, in Github an owner could pretty much remove the entire repo and leave every project in the world that depends on it, unusable.
I'd like to know how does this work. Is there a mirror on Golang's side that keeps the packages safe? Or is there a way to achieve something similar to Node's approach wiwhout having to host the packages inside your project?
答案1
得分: 9
当一个依赖包的所有者从 GitHub 上移除仓库时,对于一个 Golang 项目会发生什么呢?
没有什么特别的情况。
- 如果你没有使用模块代理,并且包被移动到了不同的托管站点:替换导入路径。
- 如果你没有使用模块代理,并且包被移动到了不同的托管站点,并且包/模块使用了保持不变的虚拟导入路径:不需要采取任何行动。
- 如果你使用了模块代理:不需要采取任何行动。
很可能你已经在使用默认的代理。这个问题远比 npm 世界中的任何问题都要少见。
英文:
> What happens to a Golang project when a dependecy package's owner removes the repository from github?
Nothing dramatic.
- If you are not using a Module Proxy and package moved to a different hosting site: Replace the import paths
- If you are not using a Module Proxy, package is moved to a different hosting site and package/module used vanity import path that are kept constant: No action required.
- If you use a Module Proxy: No action required.
Most likely you use the default proxy already. The problem is far less problematic than anything in the npm world.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论