Is GitHub the official npm for go modules? I mean, how do I trust a github module ‘blindly’ even if the source is open ? Not everyone is going to read the code.
cmd\main\routes.go:9:2: missing go.sum entry for module providing package github.com/go-chi/chi; to add:
go mod download github.com/go-chi/chi
Well, one of the great things about Go projects is: they tend to have far fewer dependencies than many other ecosystems I’ve worked in. I work with people who don’t let non-reviewed code into their projects (it’s always a risk to security, though a generally accepted one). Check out go mod vendor if you want to know more.