Go dependencies from Github - can we be sure that they will be available forever?

Question

I have been a Javascript / NodeJs developer for a few years and am now learning Go. I am very new to it.

It seems that in Go most of the external dependencies are included directly from Github.

I am wondering how much we can rely on that.

When we publish a package on npm it is stored as a copy, as an archive, in the registry. If the source repository is deleted, the package is still available.

In Go it seems to be common to declare dependencies directly to the module repository (E.g. on Github).

What happens if the repository is deleted? What happens to all the dependent projects in this case?

Answer 1

Today's article on the Google Security Blog explains what happens when a repository is deleted:

Go guarantees the availability of packages. The Go Module Mirror serves packages requested by the go command, rather than going to the origin servers (such as GitHub). The first time any Go developer requests a given module, it’s fetched from upstream sources and cached within the module mirror. When a module has been made available under a standard open source license, all future requests for that module simply return the cached copy, even if the module is deleted upstream.