
Ask HN: Do you read a Golang's package source before you import it? - valevk
I just asked myself how secure a Golang package is. Isn&#x27;t it possible, that i.e. a database driver package gets compromised, and all my credentials are pushed through net&#x2F;http to some external server?
======
dsparkman
I do read through the source code of any external package I use in Go.

I do the same thing in all languages.

That is why I tend to use as little external dependencies as possible.

