Normalize module extraction for unused-dependency detection
Context
While running go-semver-audit -unused on a module that only imports a subpackage (e.g., github.com/org/repo/subpkg), I kept seeing the parent module flagged as unused even though the code obviously relies on it.
Problem
FindUnusedDependencies compares imports to module paths, but extractModulePath currently returns the full import path. Subpackages never match the module root, so dependencies look unused when only a subpackage is imported.
Expected behavior
Imports of subpackages should count as using the parent module. -unused should not report a module if any of its subpackages are imported.
Scope / non-goals
- Keep the existing detection flow intact; only normalize the module path extraction.
- Don’t change how imports are collected or how other analyzers behave.
Acceptance criteria
Hints
internal/analyzer/analyzer.go — extractModulePath.
Normalize module extraction for unused-dependency detection
Context
While running
go-semver-audit -unusedon a module that only imports a subpackage (e.g.,github.com/org/repo/subpkg), I kept seeing the parent module flagged as unused even though the code obviously relies on it.Problem
FindUnusedDependenciescompares imports to module paths, butextractModulePathcurrently returns the full import path. Subpackages never match the module root, so dependencies look unused when only a subpackage is imported.Expected behavior
Imports of subpackages should count as using the parent module.
-unusedshould not report a module if any of its subpackages are imported.Scope / non-goals
Acceptance criteria
FindUnusedDependenciestreatsgithub.com/acme/pkg/subas usinggithub.com/acme/pkg.golang.org/x/...paths.Hints
internal/analyzer/analyzer.go—extractModulePath.