I have been working on projects in golang and importing open source go modules from github like places have been a usual phenomena of day today life for a golang developer. I think that there should be a list of criteria to be considered before importing such module into a project.
any such a list maybe helpful for any golang developer, while evaluating multiple open source modules.
could someone point me to any such list if exists or lets add to the following:
- existing security issues( declared or scanning result)
- age of last development activities
- Rating( not sure about it)
- how latest golang version is supported
- no hard coded golang version dependancies
…
Please add the criteria in the list