Your Go Structs Are Leaking: 6 Encapsulation Fixes From a Security CLI

How returning pointers to internal slices, exposing mutable globals, and using pointer receivers on read-only methods let callers corrupt state in a Go CLI — and the exact fixes. Go doesn't have private or protected . It has exported (uppercase) and unexported (lowercase). This makes encapsulation feel optional. I audited my Go CLI project for encapsulation violations and found 10. Each one let a caller reach into a struct's internal state and mutate it — accidentally or intentionally. The mutat