Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
all-contributors
Advanced tools
This is a specification for recognizing contributors to an open source project in a way that rewards each and every contribution, not just code.
The basic idea is this:
Use the project README (or other prominent public documentation page in the project) to recognize the contributions of members of the project community.
People are giving of themselves and their free time to contribute to open source projects in so many ways. It can be a real time sink sometimes and so they should be praised for all their contributions (code or not).
Use this project as an example implementation of the all-contributors specification (see the Contributors section below).
If you find maintaining the list of contributors tedious, try using the CLI tool to lighten your load.
If you use Atom, try out allcontributors, an atom package for the all-contributors-spec implementation.
Open source projects should include the following mandatory items in order to support the All Contributors specification:
Projects should consider the following optional items as part of their commitment to the All Contributors specification:
Emoji | Represents | Links to | Comment |
---|---|---|---|
💬 | Answering Questions (in Issues, Stack Overflow, Gitter, Slack, etc.) | ||
🐛 | Bug reports | https://github.com/${ownerName}/${repoName}/issues?q=author%3A${username} | |
📝 | Blogposts | the blogpost | |
💻 | Code | https://github.com/${ownerName}/${repoName}/commits?author=${username} | |
📖 | Documentation | https://github.com/${ownerName}/${repoName}/commits?author=${username} , Wiki, or other source of documentation | |
🎨 | Design | the logo/iconography/visual design/etc. | |
💡 | Examples | the examples | |
📋 | Event Organizers | event page | |
💵 | Financial Support | relevant page | people or orgs who provide financial support |
🔍 | Funding/Grant Finders | people who help find financial support | |
🤔 | Ideas & Planning | ||
🚇 | Infrastructure (Hosting, Build-Tools, etc) | link to source file (like travis.yml ) in repo, if applicable | |
📦 | Packaging/porting to support a new platform | ||
🔌 | Plugin/utility libraries | the repo home | |
👀 | Reviewed Pull Requests | ||
🔧 | Tools | the repo home | |
🌍 | Translation | the translated content | |
⚠️ | Tests | https://github.com/${ownerName}/${repoName}/commits?author=${username} | |
✅ | Tutorials | the tutorial | |
📢 | Talks | the slides/recording/repo/etc. | |
📹 | Videos | the video |
Thanks goes to these wonderful people (emoji key):
Kent C. Dodds 💁 📖 👀 📢 | Divjot Singh 📖 👀 | Ben Briggs 📖 👀 | James Monger 📖 | Jeroen Engels 📖 👀 🔧 | Chris Simpkins 📖 👀 | F. Hemberger 📖 |
---|---|---|---|---|---|---|
Daniel Kraft 📖 | Mayank Badola 📖 🔧 | Marco Biedermann 🎨 | Itai Steinherz 📖 | Patrick Connolly 📖 | Nikola Đuza 📖 |
This project follows the all-contributors specification. Contributions of any kind are welcome!
MIT
FAQs
✨ Recognize all contributors, not just the ones who push code ✨
The npm package all-contributors receives a total of 42 weekly downloads. As such, all-contributors popularity was classified as not popular.
We found that all-contributors demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.