Adding upstream version 1.16.10.upstream/1.16.10upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

9 files changed, 1610 insertions, 0 deletions

diff --git a/src/cmd/go/internal/modcmd/download.go b/src/cmd/go/internal/modcmd/download.go
new file mode 100644
index 0000000..a602bb9
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/download.go
@@ -0,0 +1,214 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package modcmd
+
+import (
+	"context"
+	"encoding/json"
+	"os"
+	"runtime"
+
+	"cmd/go/internal/base"
+	"cmd/go/internal/cfg"
+	"cmd/go/internal/modfetch"
+	"cmd/go/internal/modload"
+
+	"golang.org/x/mod/module"
+)
+
+var cmdDownload = &base.Command{
+	UsageLine: "go mod download [-x] [-json] [modules]",
+	Short:     "download modules to local cache",
+	Long: `
+Download downloads the named modules, which can be module patterns selecting
+dependencies of the main module or module queries of the form path@version.
+With no arguments, download applies to all dependencies of the main module
+(equivalent to 'go mod download all').
+
+The go command will automatically download modules as needed during ordinary
+execution. The "go mod download" command is useful mainly for pre-filling
+the local cache or to compute the answers for a Go module proxy.
+
+By default, download writes nothing to standard output. It may print progress
+messages and errors to standard error.
+
+The -json flag causes download to print a sequence of JSON objects
+to standard output, describing each downloaded module (or failure),
+corresponding to this Go struct:
+
+    type Module struct {
+        Path     string // module path
+        Version  string // module version
+        Error    string // error loading module
+        Info     string // absolute path to cached .info file
+        GoMod    string // absolute path to cached .mod file
+        Zip      string // absolute path to cached .zip file
+        Dir      string // absolute path to cached source root directory
+        Sum      string // checksum for path, version (as in go.sum)
+        GoModSum string // checksum for go.mod (as in go.sum)
+    }
+
+The -x flag causes download to print the commands download executes.
+
+See https://golang.org/ref/mod#go-mod-download for more about 'go mod download'.
+
+See https://golang.org/ref/mod#version-queries for more about version queries.
+	`,
+}
+
+var downloadJSON = cmdDownload.Flag.Bool("json", false, "")
+
+func init() {
+	cmdDownload.Run = runDownload // break init cycle
+
+	// TODO(jayconrod): https://golang.org/issue/35849 Apply -x to other 'go mod' commands.
+	cmdDownload.Flag.BoolVar(&cfg.BuildX, "x", false, "")
+	base.AddModCommonFlags(&cmdDownload.Flag)
+}
+
+type moduleJSON struct {
+	Path     string `json:",omitempty"`
+	Version  string `json:",omitempty"`
+	Error    string `json:",omitempty"`
+	Info     string `json:",omitempty"`
+	GoMod    string `json:",omitempty"`
+	Zip      string `json:",omitempty"`
+	Dir      string `json:",omitempty"`
+	Sum      string `json:",omitempty"`
+	GoModSum string `json:",omitempty"`
+}
+
+func runDownload(ctx context.Context, cmd *base.Command, args []string) {
+	// Check whether modules are enabled and whether we're in a module.
+	modload.ForceUseModules = true
+	if !modload.HasModRoot() && len(args) == 0 {
+		base.Fatalf("go mod download: no modules specified (see 'go help mod download')")
+	}
+	haveExplicitArgs := len(args) > 0
+	if !haveExplicitArgs {
+		args = []string{"all"}
+	}
+	if modload.HasModRoot() {
+		modload.LoadModFile(ctx) // to fill Target
+		targetAtUpgrade := modload.Target.Path + "@upgrade"
+		targetAtPatch := modload.Target.Path + "@patch"
+		for _, arg := range args {
+			switch arg {
+			case modload.Target.Path, targetAtUpgrade, targetAtPatch:
+				os.Stderr.WriteString("go mod download: skipping argument " + arg + " that resolves to the main module\n")
+			}
+		}
+	}
+
+	downloadModule := func(m *moduleJSON) {
+		var err error
+		m.Info, err = modfetch.InfoFile(m.Path, m.Version)
+		if err != nil {
+			m.Error = err.Error()
+			return
+		}
+		m.GoMod, err = modfetch.GoModFile(m.Path, m.Version)
+		if err != nil {
+			m.Error = err.Error()
+			return
+		}
+		m.GoModSum, err = modfetch.GoModSum(m.Path, m.Version)
+		if err != nil {
+			m.Error = err.Error()
+			return
+		}
+		mod := module.Version{Path: m.Path, Version: m.Version}
+		m.Zip, err = modfetch.DownloadZip(ctx, mod)
+		if err != nil {
+			m.Error = err.Error()
+			return
+		}
+		m.Sum = modfetch.Sum(mod)
+		m.Dir, err = modfetch.Download(ctx, mod)
+		if err != nil {
+			m.Error = err.Error()
+			return
+		}
+	}
+
+	var mods []*moduleJSON
+	listU := false
+	listVersions := false
+	listRetractions := false
+	type token struct{}
+	sem := make(chan token, runtime.GOMAXPROCS(0))
+	infos := modload.ListModules(ctx, args, listU, listVersions, listRetractions)
+	if !haveExplicitArgs {
+		// 'go mod download' is sometimes run without arguments to pre-populate
+		// the module cache. It may fetch modules that aren't needed to build
+		// packages in the main mdoule. This is usually not intended, so don't save
+		// sums for downloaded modules (golang.org/issue/45332).
+		// TODO(golang.org/issue/45551): For now, save sums needed to load the
+		// build list (same as 1.15 behavior). In the future, report an error if
+		// go.mod or go.sum need to be updated after loading the build list.
+		modload.WriteGoMod()
+		modload.DisallowWriteGoMod()
+	}
+
+	for _, info := range infos {
+		if info.Replace != nil {
+			info = info.Replace
+		}
+		if info.Version == "" && info.Error == nil {
+			// main module or module replaced with file path.
+			// Nothing to download.
+			continue
+		}
+		m := &moduleJSON{
+			Path:    info.Path,
+			Version: info.Version,
+		}
+		mods = append(mods, m)
+		if info.Error != nil {
+			m.Error = info.Error.Err
+			continue
+		}
+		sem <- token{}
+		go func() {
+			downloadModule(m)
+			<-sem
+		}()
+	}
+
+	// Fill semaphore channel to wait for goroutines to finish.
+	for n := cap(sem); n > 0; n-- {
+		sem <- token{}
+	}
+
+	if *downloadJSON {
+		for _, m := range mods {
+			b, err := json.MarshalIndent(m, "", "\t")
+			if err != nil {
+				base.Fatalf("go mod download: %v", err)
+			}
+			os.Stdout.Write(append(b, '\n'))
+			if m.Error != "" {
+				base.SetExitStatus(1)
+			}
+		}
+	} else {
+		for _, m := range mods {
+			if m.Error != "" {
+				base.Errorf("go mod download: %v", m.Error)
+			}
+		}
+		base.ExitIfErrors()
+	}
+
+	// If there were explicit arguments, update go.mod and especially go.sum.
+	// 'go mod download mod@version' is a useful way to add a sum without using
+	// 'go get mod@version', which may have other side effects. We print this in
+	// some error message hints.
+	//
+	// Don't save sums for 'go mod download' without arguments; see comment above.
+	if haveExplicitArgs {
+		modload.WriteGoMod()
+	}
+}
diff --git a/src/cmd/go/internal/modcmd/edit.go b/src/cmd/go/internal/modcmd/edit.go
new file mode 100644
index 0000000..1df104e
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/edit.go
@@ -0,0 +1,505 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// go mod edit
+
+package modcmd
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	"cmd/go/internal/base"
+	"cmd/go/internal/lockedfile"
+	"cmd/go/internal/modfetch"
+	"cmd/go/internal/modload"
+
+	"golang.org/x/mod/modfile"
+	"golang.org/x/mod/module"
+)
+
+var cmdEdit = &base.Command{
+	UsageLine: "go mod edit [editing flags] [go.mod]",
+	Short:     "edit go.mod from tools or scripts",
+	Long: `
+Edit provides a command-line interface for editing go.mod,
+for use primarily by tools or scripts. It reads only go.mod;
+it does not look up information about the modules involved.
+By default, edit reads and writes the go.mod file of the main module,
+but a different target file can be specified after the editing flags.
+
+The editing flags specify a sequence of editing operations.
+
+The -fmt flag reformats the go.mod file without making other changes.
+This reformatting is also implied by any other modifications that use or
+rewrite the go.mod file. The only time this flag is needed is if no other
+flags are specified, as in 'go mod edit -fmt'.
+
+The -module flag changes the module's path (the go.mod file's module line).
+
+The -require=path@version and -droprequire=path flags
+add and drop a requirement on the given module path and version.
+Note that -require overrides any existing requirements on path.
+These flags are mainly for tools that understand the module graph.
+Users should prefer 'go get path@version' or 'go get path@none',
+which make other go.mod adjustments as needed to satisfy
+constraints imposed by other modules.
+
+The -exclude=path@version and -dropexclude=path@version flags
+add and drop an exclusion for the given module path and version.
+Note that -exclude=path@version is a no-op if that exclusion already exists.
+
+The -replace=old[@v]=new[@v] flag adds a replacement of the given
+module path and version pair. If the @v in old@v is omitted, a
+replacement without a version on the left side is added, which applies
+to all versions of the old module path. If the @v in new@v is omitted,
+the new path should be a local module root directory, not a module
+path. Note that -replace overrides any redundant replacements for old[@v],
+so omitting @v will drop existing replacements for specific versions.
+
+The -dropreplace=old[@v] flag drops a replacement of the given
+module path and version pair. If the @v is omitted, a replacement without
+a version on the left side is dropped.
+
+The -retract=version and -dropretract=version flags add and drop a
+retraction on the given version. The version may be a single version
+like "v1.2.3" or a closed interval like "[v1.1.0,v1.1.9]". Note that
+-retract=version is a no-op if that retraction already exists.
+
+The -require, -droprequire, -exclude, -dropexclude, -replace,
+-dropreplace, -retract, and -dropretract editing flags may be repeated,
+and the changes are applied in the order given.
+
+The -go=version flag sets the expected Go language version.
+
+The -print flag prints the final go.mod in its text format instead of
+writing it back to go.mod.
+
+The -json flag prints the final go.mod file in JSON format instead of
+writing it back to go.mod. The JSON output corresponds to these Go types:
+
+	type Module struct {
+		Path string
+		Version string
+	}
+
+	type GoMod struct {
+		Module  Module
+		Go      string
+		Require []Require
+		Exclude []Module
+		Replace []Replace
+		Retract []Retract
+	}
+
+	type Require struct {
+		Path string
+		Version string
+		Indirect bool
+	}
+
+	type Replace struct {
+		Old Module
+		New Module
+	}
+
+	type Retract struct {
+		Low       string
+		High      string
+		Rationale string
+	}
+
+Retract entries representing a single version (not an interval) will have
+the "Low" and "High" fields set to the same value.
+
+Note that this only describes the go.mod file itself, not other modules
+referred to indirectly. For the full set of modules available to a build,
+use 'go list -m -json all'.
+
+See https://golang.org/ref/mod#go-mod-edit for more about 'go mod edit'.
+	`,
+}
+
+var (
+	editFmt    = cmdEdit.Flag.Bool("fmt", false, "")
+	editGo     = cmdEdit.Flag.String("go", "", "")
+	editJSON   = cmdEdit.Flag.Bool("json", false, "")
+	editPrint  = cmdEdit.Flag.Bool("print", false, "")
+	editModule = cmdEdit.Flag.String("module", "", "")
+	edits      []func(*modfile.File) // edits specified in flags
+)
+
+type flagFunc func(string)
+
+func (f flagFunc) String() string     { return "" }
+func (f flagFunc) Set(s string) error { f(s); return nil }
+
+func init() {
+	cmdEdit.Run = runEdit // break init cycle
+
+	cmdEdit.Flag.Var(flagFunc(flagRequire), "require", "")
+	cmdEdit.Flag.Var(flagFunc(flagDropRequire), "droprequire", "")
+	cmdEdit.Flag.Var(flagFunc(flagExclude), "exclude", "")
+	cmdEdit.Flag.Var(flagFunc(flagDropReplace), "dropreplace", "")
+	cmdEdit.Flag.Var(flagFunc(flagReplace), "replace", "")
+	cmdEdit.Flag.Var(flagFunc(flagDropExclude), "dropexclude", "")
+	cmdEdit.Flag.Var(flagFunc(flagRetract), "retract", "")
+	cmdEdit.Flag.Var(flagFunc(flagDropRetract), "dropretract", "")
+
+	base.AddModCommonFlags(&cmdEdit.Flag)
+	base.AddBuildFlagsNX(&cmdEdit.Flag)
+}
+
+func runEdit(ctx context.Context, cmd *base.Command, args []string) {
+	anyFlags :=
+		*editModule != "" ||
+			*editGo != "" ||
+			*editJSON ||
+			*editPrint ||
+			*editFmt ||
+			len(edits) > 0
+
+	if !anyFlags {
+		base.Fatalf("go mod edit: no flags specified (see 'go help mod edit').")
+	}
+
+	if *editJSON && *editPrint {
+		base.Fatalf("go mod edit: cannot use both -json and -print")
+	}
+
+	if len(args) > 1 {
+		base.Fatalf("go mod edit: too many arguments")
+	}
+	var gomod string
+	if len(args) == 1 {
+		gomod = args[0]
+	} else {
+		gomod = modload.ModFilePath()
+	}
+
+	if *editModule != "" {
+		if err := module.CheckImportPath(*editModule); err != nil {
+			base.Fatalf("go mod: invalid -module: %v", err)
+		}
+	}
+
+	if *editGo != "" {
+		if !modfile.GoVersionRE.MatchString(*editGo) {
+			base.Fatalf(`go mod: invalid -go option; expecting something like "-go 1.12"`)
+		}
+	}
+
+	data, err := lockedfile.Read(gomod)
+	if err != nil {
+		base.Fatalf("go: %v", err)
+	}
+
+	modFile, err := modfile.Parse(gomod, data, nil)
+	if err != nil {
+		base.Fatalf("go: errors parsing %s:\n%s", base.ShortPath(gomod), err)
+	}
+
+	if *editModule != "" {
+		modFile.AddModuleStmt(*editModule)
+	}
+
+	if *editGo != "" {
+		if err := modFile.AddGoStmt(*editGo); err != nil {
+			base.Fatalf("go: internal error: %v", err)
+		}
+	}
+
+	if len(edits) > 0 {
+		for _, edit := range edits {
+			edit(modFile)
+		}
+	}
+	modFile.SortBlocks()
+	modFile.Cleanup() // clean file after edits
+
+	if *editJSON {
+		editPrintJSON(modFile)
+		return
+	}
+
+	out, err := modFile.Format()
+	if err != nil {
+		base.Fatalf("go: %v", err)
+	}
+
+	if *editPrint {
+		os.Stdout.Write(out)
+		return
+	}
+
+	// Make a best-effort attempt to acquire the side lock, only to exclude
+	// previous versions of the 'go' command from making simultaneous edits.
+	if unlock, err := modfetch.SideLock(); err == nil {
+		defer unlock()
+	}
+
+	err = lockedfile.Transform(gomod, func(lockedData []byte) ([]byte, error) {
+		if !bytes.Equal(lockedData, data) {
+			return nil, errors.New("go.mod changed during editing; not overwriting")
+		}
+		return out, nil
+	})
+	if err != nil {
+		base.Fatalf("go: %v", err)
+	}
+}
+
+// parsePathVersion parses -flag=arg expecting arg to be path@version.
+func parsePathVersion(flag, arg string) (path, version string) {
+	i := strings.Index(arg, "@")
+	if i < 0 {
+		base.Fatalf("go mod: -%s=%s: need path@version", flag, arg)
+	}
+	path, version = strings.TrimSpace(arg[:i]), strings.TrimSpace(arg[i+1:])
+	if err := module.CheckImportPath(path); err != nil {
+		base.Fatalf("go mod: -%s=%s: invalid path: %v", flag, arg, err)
+	}
+
+	if !allowedVersionArg(version) {
+		base.Fatalf("go mod: -%s=%s: invalid version %q", flag, arg, version)
+	}
+
+	return path, version
+}
+
+// parsePath parses -flag=arg expecting arg to be path (not path@version).
+func parsePath(flag, arg string) (path string) {
+	if strings.Contains(arg, "@") {
+		base.Fatalf("go mod: -%s=%s: need just path, not path@version", flag, arg)
+	}
+	path = arg
+	if err := module.CheckImportPath(path); err != nil {
+		base.Fatalf("go mod: -%s=%s: invalid path: %v", flag, arg, err)
+	}
+	return path
+}
+
+// parsePathVersionOptional parses path[@version], using adj to
+// describe any errors.
+func parsePathVersionOptional(adj, arg string, allowDirPath bool) (path, version string, err error) {
+	if i := strings.Index(arg, "@"); i < 0 {
+		path = arg
+	} else {
+		path, version = strings.TrimSpace(arg[:i]), strings.TrimSpace(arg[i+1:])
+	}
+	if err := module.CheckImportPath(path); err != nil {
+		if !allowDirPath || !modfile.IsDirectoryPath(path) {
+			return path, version, fmt.Errorf("invalid %s path: %v", adj, err)
+		}
+	}
+	if path != arg && !allowedVersionArg(version) {
+		return path, version, fmt.Errorf("invalid %s version: %q", adj, version)
+	}
+	return path, version, nil
+}
+
+// parseVersionInterval parses a single version like "v1.2.3" or a closed
+// interval like "[v1.2.3,v1.4.5]". Note that a single version has the same
+// representation as an interval with equal upper and lower bounds: both
+// Low and High are set.
+func parseVersionInterval(arg string) (modfile.VersionInterval, error) {
+	if !strings.HasPrefix(arg, "[") {
+		if !allowedVersionArg(arg) {
+			return modfile.VersionInterval{}, fmt.Errorf("invalid version: %q", arg)
+		}
+		return modfile.VersionInterval{Low: arg, High: arg}, nil
+	}
+	if !strings.HasSuffix(arg, "]") {
+		return modfile.VersionInterval{}, fmt.Errorf("invalid version interval: %q", arg)
+	}
+	s := arg[1 : len(arg)-1]
+	i := strings.Index(s, ",")
+	if i < 0 {
+		return modfile.VersionInterval{}, fmt.Errorf("invalid version interval: %q", arg)
+	}
+	low := strings.TrimSpace(s[:i])
+	high := strings.TrimSpace(s[i+1:])
+	if !allowedVersionArg(low) || !allowedVersionArg(high) {
+		return modfile.VersionInterval{}, fmt.Errorf("invalid version interval: %q", arg)
+	}
+	return modfile.VersionInterval{Low: low, High: high}, nil
+}
+
+// allowedVersionArg returns whether a token may be used as a version in go.mod.
+// We don't call modfile.CheckPathVersion, because that insists on versions
+// being in semver form, but here we want to allow versions like "master" or
+// "1234abcdef", which the go command will resolve the next time it runs (or
+// during -fix).  Even so, we need to make sure the version is a valid token.
+func allowedVersionArg(arg string) bool {
+	return !modfile.MustQuote(arg)
+}
+
+// flagRequire implements the -require flag.
+func flagRequire(arg string) {
+	path, version := parsePathVersion("require", arg)
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.AddRequire(path, version); err != nil {
+			base.Fatalf("go mod: -require=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagDropRequire implements the -droprequire flag.
+func flagDropRequire(arg string) {
+	path := parsePath("droprequire", arg)
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.DropRequire(path); err != nil {
+			base.Fatalf("go mod: -droprequire=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagExclude implements the -exclude flag.
+func flagExclude(arg string) {
+	path, version := parsePathVersion("exclude", arg)
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.AddExclude(path, version); err != nil {
+			base.Fatalf("go mod: -exclude=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagDropExclude implements the -dropexclude flag.
+func flagDropExclude(arg string) {
+	path, version := parsePathVersion("dropexclude", arg)
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.DropExclude(path, version); err != nil {
+			base.Fatalf("go mod: -dropexclude=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagReplace implements the -replace flag.
+func flagReplace(arg string) {
+	var i int
+	if i = strings.Index(arg, "="); i < 0 {
+		base.Fatalf("go mod: -replace=%s: need old[@v]=new[@w] (missing =)", arg)
+	}
+	old, new := strings.TrimSpace(arg[:i]), strings.TrimSpace(arg[i+1:])
+	if strings.HasPrefix(new, ">") {
+		base.Fatalf("go mod: -replace=%s: separator between old and new is =, not =>", arg)
+	}
+	oldPath, oldVersion, err := parsePathVersionOptional("old", old, false)
+	if err != nil {
+		base.Fatalf("go mod: -replace=%s: %v", arg, err)
+	}
+	newPath, newVersion, err := parsePathVersionOptional("new", new, true)
+	if err != nil {
+		base.Fatalf("go mod: -replace=%s: %v", arg, err)
+	}
+	if newPath == new && !modfile.IsDirectoryPath(new) {
+		base.Fatalf("go mod: -replace=%s: unversioned new path must be local directory", arg)
+	}
+
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.AddReplace(oldPath, oldVersion, newPath, newVersion); err != nil {
+			base.Fatalf("go mod: -replace=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagDropReplace implements the -dropreplace flag.
+func flagDropReplace(arg string) {
+	path, version, err := parsePathVersionOptional("old", arg, true)
+	if err != nil {
+		base.Fatalf("go mod: -dropreplace=%s: %v", arg, err)
+	}
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.DropReplace(path, version); err != nil {
+			base.Fatalf("go mod: -dropreplace=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagRetract implements the -retract flag.
+func flagRetract(arg string) {
+	vi, err := parseVersionInterval(arg)
+	if err != nil {
+		base.Fatalf("go mod: -retract=%s: %v", arg, err)
+	}
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.AddRetract(vi, ""); err != nil {
+			base.Fatalf("go mod: -retract=%s: %v", arg, err)
+		}
+	})
+}
+
+// flagDropRetract implements the -dropretract flag.
+func flagDropRetract(arg string) {
+	vi, err := parseVersionInterval(arg)
+	if err != nil {
+		base.Fatalf("go mod: -dropretract=%s: %v", arg, err)
+	}
+	edits = append(edits, func(f *modfile.File) {
+		if err := f.DropRetract(vi); err != nil {
+			base.Fatalf("go mod: -dropretract=%s: %v", arg, err)
+		}
+	})
+}
+
+// fileJSON is the -json output data structure.
+type fileJSON struct {
+	Module  module.Version
+	Go      string `json:",omitempty"`
+	Require []requireJSON
+	Exclude []module.Version
+	Replace []replaceJSON
+	Retract []retractJSON
+}
+
+type requireJSON struct {
+	Path     string
+	Version  string `json:",omitempty"`
+	Indirect bool   `json:",omitempty"`
+}
+
+type replaceJSON struct {
+	Old module.Version
+	New module.Version
+}
+
+type retractJSON struct {
+	Low       string `json:",omitempty"`
+	High      string `json:",omitempty"`
+	Rationale string `json:",omitempty"`
+}
+
+// editPrintJSON prints the -json output.
+func editPrintJSON(modFile *modfile.File) {
+	var f fileJSON
+	if modFile.Module != nil {
+		f.Module = modFile.Module.Mod
+	}
+	if modFile.Go != nil {
+		f.Go = modFile.Go.Version
+	}
+	for _, r := range modFile.Require {
+		f.Require = append(f.Require, requireJSON{Path: r.Mod.Path, Version: r.Mod.Version, Indirect: r.Indirect})
+	}
+	for _, x := range modFile.Exclude {
+		f.Exclude = append(f.Exclude, x.Mod)
+	}
+	for _, r := range modFile.Replace {
+		f.Replace = append(f.Replace, replaceJSON{r.Old, r.New})
+	}
+	for _, r := range modFile.Retract {
+		f.Retract = append(f.Retract, retractJSON{r.Low, r.High, r.Rationale})
+	}
+	data, err := json.MarshalIndent(&f, "", "\t")
+	if err != nil {
+		base.Fatalf("go: internal error: %v", err)
+	}
+	data = append(data, '\n')
+	os.Stdout.Write(data)
+}
diff --git a/src/cmd/go/internal/modcmd/graph.go b/src/cmd/go/internal/modcmd/graph.go
new file mode 100644
index 0000000..a88e9ef
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/graph.go
@@ -0,0 +1,84 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// go mod graph
+
+package modcmd
+
+import (
+	"bufio"
+	"context"
+	"os"
+	"sort"
+
+	"cmd/go/internal/base"
+	"cmd/go/internal/modload"
+
+	"golang.org/x/mod/module"
+)
+
+var cmdGraph = &base.Command{
+	UsageLine: "go mod graph",
+	Short:     "print module requirement graph",
+	Long: `
+Graph prints the module requirement graph (with replacements applied)
+in text form. Each line in the output has two space-separated fields: a module
+and one of its requirements. Each module is identified as a string of the form
+path@version, except for the main module, which has no @version suffix.
+
+See https://golang.org/ref/mod#go-mod-graph for more about 'go mod graph'.
+	`,
+	Run: runGraph,
+}
+
+func init() {
+	base.AddModCommonFlags(&cmdGraph.Flag)
+}
+
+func runGraph(ctx context.Context, cmd *base.Command, args []string) {
+	if len(args) > 0 {
+		base.Fatalf("go mod graph: graph takes no arguments")
+	}
+	modload.ForceUseModules = true
+	modload.RootMode = modload.NeedRoot
+	modload.LoadAllModules(ctx)
+
+	reqs := modload.MinReqs()
+	format := func(m module.Version) string {
+		if m.Version == "" {
+			return m.Path
+		}
+		return m.Path + "@" + m.Version
+	}
+
+	var out []string
+	var deps int // index in out where deps start
+	seen := map[module.Version]bool{modload.Target: true}
+	queue := []module.Version{modload.Target}
+	for len(queue) > 0 {
+		var m module.Version
+		m, queue = queue[0], queue[1:]
+		list, _ := reqs.Required(m)
+		for _, r := range list {
+			if !seen[r] {
+				queue = append(queue, r)
+				seen[r] = true
+			}
+			out = append(out, format(m)+" "+format(r)+"\n")
+		}
+		if m == modload.Target {
+			deps = len(out)
+		}
+	}
+
+	sort.Slice(out[deps:], func(i, j int) bool {
+		return out[deps+i][0] < out[deps+j][0]
+	})
+
+	w := bufio.NewWriter(os.Stdout)
+	for _, line := range out {
+		w.WriteString(line)
+	}
+	w.Flush()
+}
diff --git a/src/cmd/go/internal/modcmd/init.go b/src/cmd/go/internal/modcmd/init.go
new file mode 100644
index 0000000..73cc282
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/init.go
@@ -0,0 +1,51 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// go mod init
+
+package modcmd
+
+import (
+	"cmd/go/internal/base"
+	"cmd/go/internal/modload"
+	"context"
+)
+
+var cmdInit = &base.Command{
+	UsageLine: "go mod init [module]",
+	Short:     "initialize new module in current directory",
+	Long: `
+Init initializes and writes a new go.mod file in the current directory, in
+effect creating a new module rooted at the current directory. The go.mod file
+must not already exist.
+
+Init accepts one optional argument, the module path for the new module. If the
+module path argument is omitted, init will attempt to infer the module path
+using import comments in .go files, vendoring tool configuration files (like
+Gopkg.lock), and the current directory (if in GOPATH).
+
+If a configuration file for a vendoring tool is present, init will attempt to
+import module requirements from it.
+
+See https://golang.org/ref/mod#go-mod-init for more about 'go mod init'.
+`,
+	Run: runInit,
+}
+
+func init() {
+	base.AddModCommonFlags(&cmdInit.Flag)
+}
+
+func runInit(ctx context.Context, cmd *base.Command, args []string) {
+	if len(args) > 1 {
+		base.Fatalf("go mod init: too many arguments")
+	}
+	var modPath string
+	if len(args) == 1 {
+		modPath = args[0]
+	}
+
+	modload.ForceUseModules = true
+	modload.CreateModFile(ctx, modPath) // does all the hard work
+}
diff --git a/src/cmd/go/internal/modcmd/mod.go b/src/cmd/go/internal/modcmd/mod.go
new file mode 100644
index 0000000..d72d0ca
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/mod.go
@@ -0,0 +1,33 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package modcmd implements the ``go mod'' command.
+package modcmd
+
+import (
+	"cmd/go/internal/base"
+)
+
+var CmdMod = &base.Command{
+	UsageLine: "go mod",
+	Short:     "module maintenance",
+	Long: `Go mod provides access to operations on modules.
+
+Note that support for modules is built into all the go commands,
+not just 'go mod'. For example, day-to-day adding, removing, upgrading,
+and downgrading of dependencies should be done using 'go get'.
+See 'go help modules' for an overview of module functionality.
+	`,
+
+	Commands: []*base.Command{
+		cmdDownload,
+		cmdEdit,
+		cmdGraph,
+		cmdInit,
+		cmdTidy,
+		cmdVendor,
+		cmdVerify,
+		cmdWhy,
+	},
+}
diff --git a/src/cmd/go/internal/modcmd/tidy.go b/src/cmd/go/internal/modcmd/tidy.go
new file mode 100644
index 0000000..67f90b1
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/tidy.go
@@ -0,0 +1,77 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// go mod tidy
+
+package modcmd
+
+import (
+	"cmd/go/internal/base"
+	"cmd/go/internal/cfg"
+	"cmd/go/internal/imports"
+	"cmd/go/internal/modload"
+	"context"
+)
+
+var cmdTidy = &base.Command{
+	UsageLine: "go mod tidy [-e] [-v]",
+	Short:     "add missing and remove unused modules",
+	Long: `
+Tidy makes sure go.mod matches the source code in the module.
+It adds any missing modules necessary to build the current module's
+packages and dependencies, and it removes unused modules that
+don't provide any relevant packages. It also adds any missing entries
+to go.sum and removes any unnecessary ones.
+
+The -v flag causes tidy to print information about removed modules
+to standard error.
+
+The -e flag causes tidy to attempt to proceed despite errors
+encountered while loading packages.
+
+See https://golang.org/ref/mod#go-mod-tidy for more about 'go mod tidy'.
+	`,
+	Run: runTidy,
+}
+
+var tidyE bool // if true, report errors but proceed anyway.
+
+func init() {
+	cmdTidy.Flag.BoolVar(&cfg.BuildV, "v", false, "")
+	cmdTidy.Flag.BoolVar(&tidyE, "e", false, "")
+	base.AddModCommonFlags(&cmdTidy.Flag)
+}
+
+func runTidy(ctx context.Context, cmd *base.Command, args []string) {
+	if len(args) > 0 {
+		base.Fatalf("go mod tidy: no arguments allowed")
+	}
+
+	// Tidy aims to make 'go test' reproducible for any package in 'all', so we
+	// need to include test dependencies. For modules that specify go 1.15 or
+	// earlier this is a no-op (because 'all' saturates transitive test
+	// dependencies).
+	//
+	// However, with lazy loading (go 1.16+) 'all' includes only the packages that
+	// are transitively imported by the main module, not the test dependencies of
+	// those packages. In order to make 'go test' reproducible for the packages
+	// that are in 'all' but outside of the main module, we must explicitly
+	// request that their test dependencies be included.
+	modload.ForceUseModules = true
+	modload.RootMode = modload.NeedRoot
+
+	modload.CheckTidyVersion(ctx, tidyE)
+
+	modload.LoadPackages(ctx, modload.PackageOpts{
+		Tags:                     imports.AnyTags(),
+		ResolveMissingImports:    true,
+		LoadTests:                true,
+		AllowErrors:              tidyE,
+		SilenceMissingStdImports: true,
+	}, "all")
+
+	modload.TidyBuildList()
+	modload.TrimGoSum()
+	modload.WriteGoMod()
+}
diff --git a/src/cmd/go/internal/modcmd/vendor.go b/src/cmd/go/internal/modcmd/vendor.go
new file mode 100644
index 0000000..4ef8481
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/vendor.go
@@ -0,0 +1,379 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package modcmd
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"go/build"
+	"io"
+	"io/fs"
+	"os"
+	"path"
+	"path/filepath"
+	"sort"
+	"strings"
+
+	"cmd/go/internal/base"
+	"cmd/go/internal/cfg"
+	"cmd/go/internal/fsys"
+	"cmd/go/internal/imports"
+	"cmd/go/internal/load"
+	"cmd/go/internal/modload"
+	"cmd/go/internal/str"
+
+	"golang.org/x/mod/module"
+	"golang.org/x/mod/semver"
+)
+
+var cmdVendor = &base.Command{
+	UsageLine: "go mod vendor [-e] [-v]",
+	Short:     "make vendored copy of dependencies",
+	Long: `
+Vendor resets the main module's vendor directory to include all packages
+needed to build and test all the main module's packages.
+It does not include test code for vendored packages.
+
+The -v flag causes vendor to print the names of vendored
+modules and packages to standard error.
+
+The -e flag causes vendor to attempt to proceed despite errors
+encountered while loading packages.
+
+See https://golang.org/ref/mod#go-mod-vendor for more about 'go mod vendor'.
+	`,
+	Run: runVendor,
+}
+
+var vendorE bool // if true, report errors but proceed anyway
+
+func init() {
+	cmdVendor.Flag.BoolVar(&cfg.BuildV, "v", false, "")
+	cmdVendor.Flag.BoolVar(&vendorE, "e", false, "")
+	base.AddModCommonFlags(&cmdVendor.Flag)
+}
+
+func runVendor(ctx context.Context, cmd *base.Command, args []string) {
+	if len(args) != 0 {
+		base.Fatalf("go mod vendor: vendor takes no arguments")
+	}
+	modload.ForceUseModules = true
+	modload.RootMode = modload.NeedRoot
+
+	loadOpts := modload.PackageOpts{
+		Tags:                     imports.AnyTags(),
+		ResolveMissingImports:    true,
+		UseVendorAll:             true,
+		AllowErrors:              vendorE,
+		SilenceMissingStdImports: true,
+	}
+	_, pkgs := modload.LoadPackages(ctx, loadOpts, "all")
+
+	vdir := filepath.Join(modload.ModRoot(), "vendor")
+	if err := os.RemoveAll(vdir); err != nil {
+		base.Fatalf("go mod vendor: %v", err)
+	}
+
+	modpkgs := make(map[module.Version][]string)
+	for _, pkg := range pkgs {
+		m := modload.PackageModule(pkg)
+		if m.Path == "" || m == modload.Target {
+			continue
+		}
+		modpkgs[m] = append(modpkgs[m], pkg)
+	}
+
+	includeAllReplacements := false
+	isExplicit := map[module.Version]bool{}
+	if gv := modload.ModFile().Go; gv != nil && semver.Compare("v"+gv.Version, "v1.14") >= 0 {
+		// If the Go version is at least 1.14, annotate all explicit 'require' and
+		// 'replace' targets found in the go.mod file so that we can perform a
+		// stronger consistency check when -mod=vendor is set.
+		for _, r := range modload.ModFile().Require {
+			isExplicit[r.Mod] = true
+		}
+		includeAllReplacements = true
+	}
+
+	var vendorMods []module.Version
+	for m := range isExplicit {
+		vendorMods = append(vendorMods, m)
+	}
+	for m := range modpkgs {
+		if !isExplicit[m] {
+			vendorMods = append(vendorMods, m)
+		}
+	}
+	module.Sort(vendorMods)
+
+	var buf bytes.Buffer
+	for _, m := range vendorMods {
+		line := moduleLine(m, modload.Replacement(m))
+		buf.WriteString(line)
+		if cfg.BuildV {
+			os.Stderr.WriteString(line)
+		}
+		if isExplicit[m] {
+			buf.WriteString("## explicit\n")
+			if cfg.BuildV {
+				os.Stderr.WriteString("## explicit\n")
+			}
+		}
+		pkgs := modpkgs[m]
+		sort.Strings(pkgs)
+		for _, pkg := range pkgs {
+			fmt.Fprintf(&buf, "%s\n", pkg)
+			if cfg.BuildV {
+				fmt.Fprintf(os.Stderr, "%s\n", pkg)
+			}
+			vendorPkg(vdir, pkg)
+		}
+	}
+
+	if includeAllReplacements {
+		// Record unused and wildcard replacements at the end of the modules.txt file:
+		// without access to the complete build list, the consumer of the vendor
+		// directory can't otherwise determine that those replacements had no effect.
+		for _, r := range modload.ModFile().Replace {
+			if len(modpkgs[r.Old]) > 0 {
+				// We we already recorded this replacement in the entry for the replaced
+				// module with the packages it provides.
+				continue
+			}
+
+			line := moduleLine(r.Old, r.New)
+			buf.WriteString(line)
+			if cfg.BuildV {
+				os.Stderr.WriteString(line)
+			}
+		}
+	}
+
+	if buf.Len() == 0 {
+		fmt.Fprintf(os.Stderr, "go: no dependencies to vendor\n")
+		return
+	}
+
+	if err := os.MkdirAll(vdir, 0777); err != nil {
+		base.Fatalf("go mod vendor: %v", err)
+	}
+
+	if err := os.WriteFile(filepath.Join(vdir, "modules.txt"), buf.Bytes(), 0666); err != nil {
+		base.Fatalf("go mod vendor: %v", err)
+	}
+}
+
+func moduleLine(m, r module.Version) string {
+	b := new(strings.Builder)
+	b.WriteString("# ")
+	b.WriteString(m.Path)
+	if m.Version != "" {
+		b.WriteString(" ")
+		b.WriteString(m.Version)
+	}
+	if r.Path != "" {
+		b.WriteString(" => ")
+		b.WriteString(r.Path)
+		if r.Version != "" {
+			b.WriteString(" ")
+			b.WriteString(r.Version)
+		}
+	}
+	b.WriteString("\n")
+	return b.String()
+}
+
+func vendorPkg(vdir, pkg string) {
+	// TODO(#42504): Instead of calling modload.ImportMap then build.ImportDir,
+	// just call load.PackagesAndErrors. To do that, we need to add a good way
+	// to ignore build constraints.
+	realPath := modload.ImportMap(pkg)
+	if realPath != pkg && modload.ImportMap(realPath) != "" {
+		fmt.Fprintf(os.Stderr, "warning: %s imported as both %s and %s; making two copies.\n", realPath, realPath, pkg)
+	}
+
+	copiedFiles := make(map[string]bool)
+	dst := filepath.Join(vdir, pkg)
+	src := modload.PackageDir(realPath)
+	if src == "" {
+		fmt.Fprintf(os.Stderr, "internal error: no pkg for %s -> %s\n", pkg, realPath)
+	}
+	copyDir(dst, src, matchPotentialSourceFile, copiedFiles)
+	if m := modload.PackageModule(realPath); m.Path != "" {
+		copyMetadata(m.Path, realPath, dst, src, copiedFiles)
+	}
+
+	ctx := build.Default
+	ctx.UseAllFiles = true
+	bp, err := ctx.ImportDir(src, build.IgnoreVendor)
+	// Because UseAllFiles is set on the build.Context, it's possible ta get
+	// a MultiplePackageError on an otherwise valid package: the package could
+	// have different names for GOOS=windows and GOOS=mac for example. On the
+	// other hand if there's a NoGoError, the package might have source files
+	// specifying "// +build ignore" those packages should be skipped because
+	// embeds from ignored files can't be used.
+	// TODO(#42504): Find a better way to avoid errors from ImportDir. We'll
+	// need to figure this out when we switch to PackagesAndErrors as per the
+	// TODO above.
+	var multiplePackageError *build.MultiplePackageError
+	var noGoError *build.NoGoError
+	if err != nil {
+		if errors.As(err, &noGoError) {
+			return // No source files in this package are built. Skip embeds in ignored files.
+		} else if !errors.As(err, &multiplePackageError) { // multiplePackgeErrors are okay, but others are not.
+			base.Fatalf("internal error: failed to find embedded files of %s: %v\n", pkg, err)
+		}
+	}
+	embedPatterns := str.StringList(bp.EmbedPatterns, bp.TestEmbedPatterns, bp.XTestEmbedPatterns)
+	embeds, err := load.ResolveEmbed(bp.Dir, embedPatterns)
+	if err != nil {
+		base.Fatalf("go mod vendor: %v", err)
+	}
+	for _, embed := range embeds {
+		embedDst := filepath.Join(dst, embed)
+		if copiedFiles[embedDst] {
+			continue
+		}
+
+		// Copy the file as is done by copyDir below.
+		r, err := os.Open(filepath.Join(src, embed))
+		if err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		if err := os.MkdirAll(filepath.Dir(embedDst), 0777); err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		w, err := os.Create(embedDst)
+		if err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		if _, err := io.Copy(w, r); err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		r.Close()
+		if err := w.Close(); err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+	}
+}
+
+type metakey struct {
+	modPath string
+	dst     string
+}
+
+var copiedMetadata = make(map[metakey]bool)
+
+// copyMetadata copies metadata files from parents of src to parents of dst,
+// stopping after processing the src parent for modPath.
+func copyMetadata(modPath, pkg, dst, src string, copiedFiles map[string]bool) {
+	for parent := 0; ; parent++ {
+		if copiedMetadata[metakey{modPath, dst}] {
+			break
+		}
+		copiedMetadata[metakey{modPath, dst}] = true
+		if parent > 0 {
+			copyDir(dst, src, matchMetadata, copiedFiles)
+		}
+		if modPath == pkg {
+			break
+		}
+		pkg = path.Dir(pkg)
+		dst = filepath.Dir(dst)
+		src = filepath.Dir(src)
+	}
+}
+
+// metaPrefixes is the list of metadata file prefixes.
+// Vendoring copies metadata files from parents of copied directories.
+// Note that this list could be arbitrarily extended, and it is longer
+// in other tools (such as godep or dep). By using this limited set of
+// prefixes and also insisting on capitalized file names, we are trying
+// to nudge people toward more agreement on the naming
+// and also trying to avoid false positives.
+var metaPrefixes = []string{
+	"AUTHORS",
+	"CONTRIBUTORS",
+	"COPYLEFT",
+	"COPYING",
+	"COPYRIGHT",
+	"LEGAL",
+	"LICENSE",
+	"NOTICE",
+	"PATENTS",
+}
+
+// matchMetadata reports whether info is a metadata file.
+func matchMetadata(dir string, info fs.DirEntry) bool {
+	name := info.Name()
+	for _, p := range metaPrefixes {
+		if strings.HasPrefix(name, p) {
+			return true
+		}
+	}
+	return false
+}
+
+// matchPotentialSourceFile reports whether info may be relevant to a build operation.
+func matchPotentialSourceFile(dir string, info fs.DirEntry) bool {
+	if strings.HasSuffix(info.Name(), "_test.go") {
+		return false
+	}
+	if strings.HasSuffix(info.Name(), ".go") {
+		f, err := fsys.Open(filepath.Join(dir, info.Name()))
+		if err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		defer f.Close()
+
+		content, err := imports.ReadImports(f, false, nil)
+		if err == nil && !imports.ShouldBuild(content, imports.AnyTags()) {
+			// The file is explicitly tagged "ignore", so it can't affect the build.
+			// Leave it out.
+			return false
+		}
+		return true
+	}
+
+	// We don't know anything about this file, so optimistically assume that it is
+	// needed.
+	return true
+}
+
+// copyDir copies all regular files satisfying match(info) from src to dst.
+func copyDir(dst, src string, match func(dir string, info fs.DirEntry) bool, copiedFiles map[string]bool) {
+	files, err := os.ReadDir(src)
+	if err != nil {
+		base.Fatalf("go mod vendor: %v", err)
+	}
+	if err := os.MkdirAll(dst, 0777); err != nil {
+		base.Fatalf("go mod vendor: %v", err)
+	}
+	for _, file := range files {
+		if file.IsDir() || !file.Type().IsRegular() || !match(src, file) {
+			continue
+		}
+		copiedFiles[file.Name()] = true
+		r, err := os.Open(filepath.Join(src, file.Name()))
+		if err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		dstPath := filepath.Join(dst, file.Name())
+		copiedFiles[dstPath] = true
+		w, err := os.Create(dstPath)
+		if err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		if _, err := io.Copy(w, r); err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+		r.Close()
+		if err := w.Close(); err != nil {
+			base.Fatalf("go mod vendor: %v", err)
+		}
+	}
+}
diff --git a/src/cmd/go/internal/modcmd/verify.go b/src/cmd/go/internal/modcmd/verify.go
new file mode 100644
index 0000000..8321429
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/verify.go
@@ -0,0 +1,128 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package modcmd
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io/fs"
+	"os"
+	"runtime"
+
+	"cmd/go/internal/base"
+	"cmd/go/internal/modfetch"
+	"cmd/go/internal/modload"
+
+	"golang.org/x/mod/module"
+	"golang.org/x/mod/sumdb/dirhash"
+)
+
+var cmdVerify = &base.Command{
+	UsageLine: "go mod verify",
+	Short:     "verify dependencies have expected content",
+	Long: `
+Verify checks that the dependencies of the current module,
+which are stored in a local downloaded source cache, have not been
+modified since being downloaded. If all the modules are unmodified,
+verify prints "all modules verified." Otherwise it reports which
+modules have been changed and causes 'go mod' to exit with a
+non-zero status.
+
+See https://golang.org/ref/mod#go-mod-verify for more about 'go mod verify'.
+	`,
+	Run: runVerify,
+}
+
+func init() {
+	base.AddModCommonFlags(&cmdVerify.Flag)
+}
+
+func runVerify(ctx context.Context, cmd *base.Command, args []string) {
+	if len(args) != 0 {
+		// NOTE(rsc): Could take a module pattern.
+		base.Fatalf("go mod verify: verify takes no arguments")
+	}
+	modload.ForceUseModules = true
+	modload.RootMode = modload.NeedRoot
+
+	// Only verify up to GOMAXPROCS zips at once.
+	type token struct{}
+	sem := make(chan token, runtime.GOMAXPROCS(0))
+
+	// Use a slice of result channels, so that the output is deterministic.
+	mods := modload.LoadAllModules(ctx)[1:]
+	errsChans := make([]<-chan []error, len(mods))
+
+	for i, mod := range mods {
+		sem <- token{}
+		errsc := make(chan []error, 1)
+		errsChans[i] = errsc
+		mod := mod // use a copy to avoid data races
+		go func() {
+			errsc <- verifyMod(mod)
+			<-sem
+		}()
+	}
+
+	ok := true
+	for _, errsc := range errsChans {
+		errs := <-errsc
+		for _, err := range errs {
+			base.Errorf("%s", err)
+			ok = false
+		}
+	}
+	if ok {
+		fmt.Printf("all modules verified\n")
+	}
+}
+
+func verifyMod(mod module.Version) []error {
+	var errs []error
+	zip, zipErr := modfetch.CachePath(mod, "zip")
+	if zipErr == nil {
+		_, zipErr = os.Stat(zip)
+	}
+	dir, dirErr := modfetch.DownloadDir(mod)
+	data, err := os.ReadFile(zip + "hash")
+	if err != nil {
+		if zipErr != nil && errors.Is(zipErr, fs.ErrNotExist) &&
+			dirErr != nil && errors.Is(dirErr, fs.ErrNotExist) {
+			// Nothing downloaded yet. Nothing to verify.
+			return nil
+		}
+		errs = append(errs, fmt.Errorf("%s %s: missing ziphash: %v", mod.Path, mod.Version, err))
+		return errs
+	}
+	h := string(bytes.TrimSpace(data))
+
+	if zipErr != nil && errors.Is(zipErr, fs.ErrNotExist) {
+		// ok
+	} else {
+		hZ, err := dirhash.HashZip(zip, dirhash.DefaultHash)
+		if err != nil {
+			errs = append(errs, fmt.Errorf("%s %s: %v", mod.Path, mod.Version, err))
+			return errs
+		} else if hZ != h {
+			errs = append(errs, fmt.Errorf("%s %s: zip has been modified (%v)", mod.Path, mod.Version, zip))
+		}
+	}
+	if dirErr != nil && errors.Is(dirErr, fs.ErrNotExist) {
+		// ok
+	} else {
+		hD, err := dirhash.HashDir(dir, mod.Path+"@"+mod.Version, dirhash.DefaultHash)
+		if err != nil {
+
+			errs = append(errs, fmt.Errorf("%s %s: %v", mod.Path, mod.Version, err))
+			return errs
+		}
+		if hD != h {
+			errs = append(errs, fmt.Errorf("%s %s: dir has been modified (%v)", mod.Path, mod.Version, dir))
+		}
+	}
+	return errs
+}
diff --git a/src/cmd/go/internal/modcmd/why.go b/src/cmd/go/internal/modcmd/why.go
new file mode 100644
index 0000000..a5f3e8a
--- /dev/null
+++ b/src/cmd/go/internal/modcmd/why.go
@@ -0,0 +1,139 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package modcmd
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"cmd/go/internal/base"
+	"cmd/go/internal/imports"
+	"cmd/go/internal/modload"
+
+	"golang.org/x/mod/module"
+)
+
+var cmdWhy = &base.Command{
+	UsageLine: "go mod why [-m] [-vendor] packages...",
+	Short:     "explain why packages or modules are needed",
+	Long: `
+Why shows a shortest path in the import graph from the main module to
+each of the listed packages. If the -m flag is given, why treats the
+arguments as a list of modules and finds a path to any package in each
+of the modules.
+
+By default, why queries the graph of packages matched by "go list all",
+which includes tests for reachable packages. The -vendor flag causes why
+to exclude tests of dependencies.
+
+The output is a sequence of stanzas, one for each package or module
+name on the command line, separated by blank lines. Each stanza begins
+with a comment line "# package" or "# module" giving the target
+package or module. Subsequent lines give a path through the import
+graph, one package per line. If the package or module is not
+referenced from the main module, the stanza will display a single
+parenthesized note indicating that fact.
+
+For example:
+
+	$ go mod why golang.org/x/text/language golang.org/x/text/encoding
+	# golang.org/x/text/language
+	rsc.io/quote
+	rsc.io/sampler
+	golang.org/x/text/language
+
+	# golang.org/x/text/encoding
+	(main module does not need package golang.org/x/text/encoding)
+	$
+
+See https://golang.org/ref/mod#go-mod-why for more about 'go mod why'.
+	`,
+}
+
+var (
+	whyM      = cmdWhy.Flag.Bool("m", false, "")
+	whyVendor = cmdWhy.Flag.Bool("vendor", false, "")
+)
+
+func init() {
+	cmdWhy.Run = runWhy // break init cycle
+	base.AddModCommonFlags(&cmdWhy.Flag)
+}
+
+func runWhy(ctx context.Context, cmd *base.Command, args []string) {
+	modload.ForceUseModules = true
+	modload.RootMode = modload.NeedRoot
+
+	loadOpts := modload.PackageOpts{
+		Tags:          imports.AnyTags(),
+		LoadTests:     !*whyVendor,
+		SilenceErrors: true,
+		UseVendorAll:  *whyVendor,
+	}
+
+	if *whyM {
+		listU := false
+		listVersions := false
+		listRetractions := false
+		for _, arg := range args {
+			if strings.Contains(arg, "@") {
+				base.Fatalf("go mod why: module query not allowed")
+			}
+		}
+		mods := modload.ListModules(ctx, args, listU, listVersions, listRetractions)
+		byModule := make(map[module.Version][]string)
+		_, pkgs := modload.LoadPackages(ctx, loadOpts, "all")
+		for _, path := range pkgs {
+			m := modload.PackageModule(path)
+			if m.Path != "" {
+				byModule[m] = append(byModule[m], path)
+			}
+		}
+		sep := ""
+		for _, m := range mods {
+			best := ""
+			bestDepth := 1000000000
+			for _, path := range byModule[module.Version{Path: m.Path, Version: m.Version}] {
+				d := modload.WhyDepth(path)
+				if d > 0 && d < bestDepth {
+					best = path
+					bestDepth = d
+				}
+			}
+			why := modload.Why(best)
+			if why == "" {
+				vendoring := ""
+				if *whyVendor {
+					vendoring = " to vendor"
+				}
+				why = "(main module does not need" + vendoring + " module " + m.Path + ")\n"
+			}
+			fmt.Printf("%s# %s\n%s", sep, m.Path, why)
+			sep = "\n"
+		}
+	} else {
+		// Resolve to packages.
+		matches, _ := modload.LoadPackages(ctx, loadOpts, args...)
+
+		modload.LoadPackages(ctx, loadOpts, "all") // rebuild graph, from main module (not from named packages)
+
+		sep := ""
+		for _, m := range matches {
+			for _, path := range m.Pkgs {
+				why := modload.Why(path)
+				if why == "" {
+					vendoring := ""
+					if *whyVendor {
+						vendoring = " to vendor"
+					}
+					why = "(main module does not need" + vendoring + " package " + path + ")\n"
+				}
+				fmt.Printf("%s# %s\n%s", sep, path, why)
+				sep = "\n"
+			}
+		}
+	}
+}