diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
index 091b5d2a..1568b86f 100644
--- a/.github/workflows/linters.yml
+++ b/.github/workflows/linters.yml
@@ -33,12 +33,10 @@ jobs:
         with:
           args: >
             --timeout 10m
-            --disable errcheck,staticcheck
+            --disable errcheck
             --enable sqlclosecheck,misspell,whitespace,gocritic
-      - uses: dominikh/staticcheck-action@v1.3.1
-        with:
-          version: "latest"
-          install-go: false
+      - name: Run gofmt linter
+        run: gofmt -d -e .
 
   commitlint:
     name: Commit Linter
diff --git a/internal/config/parser.go b/internal/config/parser.go
index 4d893a35..a3b30190 100644
--- a/internal/config/parser.go
+++ b/internal/config/parser.go
@@ -189,11 +189,15 @@ func (p *Parser) parseLines(lines []string) (err error) {
 		case "PROXY_PRIVATE_KEY":
 			slog.Warn("The PROXY_PRIVATE_KEY environment variable is deprecated, use MEDIA_PROXY_PRIVATE_KEY instead")
 			randomKey := make([]byte, 16)
-			rand.Read(randomKey)
+			if _, err := rand.Read(randomKey); err != nil {
+				return fmt.Errorf("config: unable to generate random key: %w", err)
+			}
 			p.opts.mediaProxyPrivateKey = parseBytes(value, randomKey)
 		case "MEDIA_PROXY_PRIVATE_KEY":
 			randomKey := make([]byte, 16)
-			rand.Read(randomKey)
+			if _, err := rand.Read(randomKey); err != nil {
+				return fmt.Errorf("config: unable to generate random key: %w", err)
+			}
 			p.opts.mediaProxyPrivateKey = parseBytes(value, randomKey)
 		case "MEDIA_PROXY_CUSTOM_URL":
 			p.opts.mediaProxyCustomURL = parseString(value, defaultMediaProxyURL)
diff --git a/internal/model/webauthn.go b/internal/model/webauthn.go
index 9d9bddf7..fb758927 100644
--- a/internal/model/webauthn.go
+++ b/internal/model/webauthn.go
@@ -36,7 +36,7 @@ func (s WebAuthnSession) String() string {
 	if s.SessionData == nil {
 		return "{}"
 	}
-	return fmt.Sprintf("{Challenge: %s, UserID: %x}", s.SessionData.Challenge, s.SessionData.UserID)
+	return fmt.Sprintf("{Challenge: %s, UserID: %x}", s.Challenge, s.UserID)
 }
 
 type WebAuthnCredential struct {
diff --git a/internal/reader/atom/atom_03.go b/internal/reader/atom/atom_03.go
index fb458e91..298a90ec 100644
--- a/internal/reader/atom/atom_03.go
+++ b/internal/reader/atom/atom_03.go
@@ -116,12 +116,12 @@ type Atom03Content struct {
 func (a *Atom03Content) Content() string {
 	content := ""
 
-	switch {
-	case a.Mode == "xml":
+	switch a.Mode {
+	case "xml":
 		content = a.InnerXML
-	case a.Mode == "escaped":
+	case "escaped":
 		content = a.CharData
-	case a.Mode == "base64":
+	case "base64":
 		b, err := base64.StdEncoding.DecodeString(a.CharData)
 		if err == nil {
 			content = string(b)
diff --git a/internal/reader/opml/handler.go b/internal/reader/opml/handler.go
index 2e7bceb9..5a81d069 100644
--- a/internal/reader/opml/handler.go
+++ b/internal/reader/opml/handler.go
@@ -77,7 +77,9 @@ func (h *Handler) Import(userID int64, data io.Reader) error {
 				Category:    category,
 			}
 
-			h.store.CreateFeed(feed)
+			if err := h.store.CreateFeed(feed); err != nil {
+				return fmt.Errorf(`opml: unable to create this feed: %q`, subscription.FeedURL)
+			}
 		}
 	}
 
diff --git a/internal/reader/rss/adapter.go b/internal/reader/rss/adapter.go
index cbde88b3..deadeee9 100644
--- a/internal/reader/rss/adapter.go
+++ b/internal/reader/rss/adapter.go
@@ -39,7 +39,7 @@ func (r *RSSAdapter) BuildFeed(baseURL string) *model.Feed {
 	}
 
 	// Try to find the feed URL from the Atom links.
-	for _, atomLink := range r.rss.Channel.AtomLinks.Links {
+	for _, atomLink := range r.rss.Channel.Links {
 		atomLinkHref := strings.TrimSpace(atomLink.Href)
 		if atomLinkHref != "" && atomLink.Rel == "self" {
 			if absoluteFeedURL, err := urllib.AbsoluteURL(feed.FeedURL, atomLinkHref); err == nil {
@@ -189,7 +189,7 @@ func findEntryURL(rssItem *RSSItem) string {
 		}
 	}
 
-	for _, atomLink := range rssItem.AtomLinks.Links {
+	for _, atomLink := range rssItem.Links {
 		if atomLink.Href != "" && (strings.EqualFold(atomLink.Rel, "alternate") || atomLink.Rel == "") {
 			return strings.TrimSpace(atomLink.Href)
 		}
@@ -253,8 +253,8 @@ func findEntryAuthor(rssItem *RSSItem) string {
 		author = rssItem.ItunesAuthor
 	case rssItem.DublinCoreCreator != "":
 		author = rssItem.DublinCoreCreator
-	case rssItem.AtomAuthor.PersonName() != "":
-		author = rssItem.AtomAuthor.PersonName()
+	case rssItem.PersonName() != "":
+		author = rssItem.PersonName()
 	case strings.Contains(rssItem.Author.Inner, "<![CDATA["):
 		author = rssItem.Author.Data
 	default:
diff --git a/internal/reader/sanitizer/sanitizer.go b/internal/reader/sanitizer/sanitizer.go
index 23a59438..f4b7026c 100644
--- a/internal/reader/sanitizer/sanitizer.go
+++ b/internal/reader/sanitizer/sanitizer.go
@@ -283,9 +283,10 @@ func isPixelTracker(tagName string, attributes []html.Attribute) bool {
 
 	for _, attribute := range attributes {
 		if attribute.Val == "1" {
-			if attribute.Key == "height" {
+			switch attribute.Key {
+			case "height":
 				hasHeight = true
-			} else if attribute.Key == "width" {
+			case "width":
 				hasWidth = true
 			}
 		}
diff --git a/internal/reader/sanitizer/srcset.go b/internal/reader/sanitizer/srcset.go
index 1ba2c8e8..a15d081a 100644
--- a/internal/reader/sanitizer/srcset.go
+++ b/internal/reader/sanitizer/srcset.go
@@ -49,10 +49,10 @@ func parseImageCandidate(input string) (*ImageCandidate, error) {
 	parts := strings.Split(strings.TrimSpace(input), " ")
 	nbParts := len(parts)
 
-	switch {
-	case nbParts == 1:
+	switch nbParts {
+	case 1:
 		return &ImageCandidate{ImageURL: parts[0]}, nil
-	case nbParts == 2:
+	case 2:
 		if !isValidWidthOrDensityDescriptor(parts[1]) {
 			return nil, fmt.Errorf(`srcset: invalid descriptor`)
 		}
diff --git a/internal/storage/feed_query_builder.go b/internal/storage/feed_query_builder.go
index e421535f..208a2bbd 100644
--- a/internal/storage/feed_query_builder.go
+++ b/internal/storage/feed_query_builder.go
@@ -318,9 +318,10 @@ func (f *FeedQueryBuilder) fetchFeedCounter() (unreadCounters map[int64]int, rea
 			return nil, nil, fmt.Errorf(`store: unable to fetch feed counter row: %w`, err)
 		}
 
-		if status == model.EntryStatusRead {
+		switch status {
+		case model.EntryStatusRead:
 			readCounters[feedID] = count
-		} else if status == model.EntryStatusUnread {
+		case model.EntryStatusUnread:
 			unreadCounters[feedID] = count
 		}
 	}
diff --git a/internal/ui/webauthn.go b/internal/ui/webauthn.go
index 7e91d24b..23bf8de6 100644
--- a/internal/ui/webauthn.go
+++ b/internal/ui/webauthn.go
@@ -235,7 +235,7 @@ func (h *handler) finishLogin(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		sessionData.SessionData.UserID = parsedResponse.Response.UserHandle
+		sessionData.UserID = parsedResponse.Response.UserHandle
 		webAuthUser := WebAuthnUser{user, parsedResponse.Response.UserHandle, storedCredentials}
 
 		// Since go-webauthn v0.11.0, the backup eligibility flag is strictly validated, but Miniflux does not store this flag.