Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
all-contributors
Advanced tools
Readme
Call for translators! We're looking for translators to help translate this spec for everyone!
한국어 | 中文 | Bahasa Indonesia | Deutsch | Polski | |
English | Português do Brasil | Español | Français | Русский | 日本語 |
This is a specification for recognizing contributors to an open-source project in a way that rewards every contribution, not just code.
The basic idea is this:
Use the project README (or another prominent public documentation page in the project) to recognize the contributions of members of the project community.
People are giving themselves and their free time to contribute to open source projects in so many ways, so we believe everyone should be praised for their contributions (code or not).
Below is an example of how using the all-contributors spec table can recognize all contributors
You can use the @all-contributors bot 🤖 to automate acknowledging contributors to your open source projects
The specification is detailed on allcontributors.org
The Emoji Key ✨ (and Contribution Types) can be found on allcontributors.org
If you've ever wanted to contribute to open source, and a great cause, now is your chance!
See the contributing docs for more information
Thanks go to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind are welcome!
FAQs
✨ Recognize all contributors, not just the ones who push code ✨
The npm package all-contributors receives a total of 3 weekly downloads. As such, all-contributors popularity was classified as not popular.
We found that all-contributors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.