How a Malicious Package Exploited Module Proxy Caching for Persistence — Researchers have uncovered a sophisticated supply chain attack exploiting both typosquatting and then Go’s module proxying caching to remain undetected for years. It’s worth understanding the mechanism behind this in case you run into it yourself.

Kirill Boychenko (Socket)

Proposal: math/rand/v2 Worked, Let's Do sync/v2! — Creating ‘v2’ versions of standard packages is Go’s compromise for modernization vs stability. With the evolution of math/rand a success, Ian thinks synchronization primitives are due an upgrade too. Much of the value here comes from a month’s worth of discussion, including people’s discontent over the ‘v2’ approach (outlined further here).

Ian Lance Taylor

Upcoming Workshop on Building Backend Web Apps in Go — Join us for a two day workshop (either online or in person) and develop your Go know-how. We'll focus on using Go to build backend web apps, along with learning Go data structures, interfaces, how to write unit tests, and more.

Frontend Masters sponsor

Go Programs Freezing When Launched by Steam — Ebitengine’s lead developer reported an unusual bug to the Steam team – Go programs (e.g. games) launched by the popular Steam game launcher were failing due to Steam interfering with Go’s runtime in some way. This has since become a bug being discussed on the Go repo with some workarounds but no full resolution yet.

Hajime Hoshi

httptap: View HTTP/HTTPS Requests Made by Any Linux Program — It uses Linux-only network namespaces for now, but this is a Go-powered process-scoped HTTP tracer you can run without root privileges. It even decrypts TLS traffic by generating a CA on the fly. Handy for debugging or seeing if dependencies or apps are ‘phoning home,’ perhaps..

Monastic Academy for the Preservation of Life on Earth

How to Release to Homebrew with GoReleaser, GitHub Actions and Semantic Release — The steps involved in automating the release of a Go project (maybe your new command line tool or TUI?) that’s available via Homebrew (as most commonly used on macOS).

Billy Hadlow

Product Management Is Broken. Engineers Can Fix It — How redefining how PMs and engineers work together helped PostHog optimize everything they do for speed and autonomy.

PostHog sponsor

Zog: 'Next Gen' Schema Validation for Go — Zod is a popular TypeScript-based runtime schema validation library and Zog is a take on the same idea in Go so you can define validations and run them against values and structs. GitHub repo.

Tristan Mayo

etree 1.5: A Library to Parse and Generate XML Easily — A simple, straightforward approach to working with XML in Go, inspired by Python’s ElementTree. XML documents are represented as trees for easily traversal and you can create, import, modify and save XML. Queries can be done with a XPath-like approach.

Brett Vickers

Feluda: A Tool to Analyze the Licences of Dependencies — It’s a Rust-powered project but which can be used to process the dependencies of Go, Rust or Node.js projects and return a report (or show a TUI interface) on potentially restrictive licenses that apply.

Kumar Anirudha

🔊 volume-go: A Cross-Platform Way to Control Sound Volume — Leaning on a different technique for each OS, it supports macOS, Linux, and Windows. If you want it wrapped up into a nice Go TUI, Volgo is for you.

itchyny

A Minesweeper Game Written in Go — A cute example of putting together a game in such a way that it not only runs on the desktop in the usual way, but can be taken to the Web too. The effects are cute, too – this is a great use of the Ebitengine game engine. The GitHub repo is certainly worth a look if you're trying to reach similar ends.

imprity