I read about the vendor.json file here:

I checked the vendor.json file a bit and confirmed that these paths are broken (404):
github.com/cpuguy83/go-md2man/md2man
github.com/davecgh/go-spew/spew
github.com/eknkc/amber/parser
github.com/hashicorp/hcl/hcl/ast
github.com/hashicorp/hcl/hcl/parser
github.com/hashicorp/hcl/hcl/scanner
github.com/hashicorp/hcl/hcl/strconv
github.com/hashicorp/hcl/hcl/token
github.com/hashicorp/hcl/json/parser
github.com/hashicorp/hcl/json/scanner
github.com/hashicorp/hcl/json/token
github.com/nicksnyder/go-i18n/i18n/bundle
github.com/nicksnyder/go-i18n/i18n/language
github.com/nicksnyder/go-i18n/i18n/translation
github.com/stretchr/testify/vendor/github.com/pmezard/go-difflib/difflib
github.com/spf13/afero/mem
github.com/spf13/cobra/doc
github.com/stretchr/testify/assert
github.com/stretchr/testify/require

Are all these paths in vendor.json obsolete?

Is there an easier way to check these than a manual check?

The git paths are not broken. GitHub simply doesn’t let you browser to subfolder in a repository. You have to go to something like https://github.com/spf13/cobra/tree/master/doc to get to spf13/cobra/doc.

Keep packages in sync with govendor sync. That will download the vendored packages into hugo/vendor/*.

Thanks for the info.