Back to GitHub Support Contact GitHub

Get to know your collaborators with hovercards

Whether you’re working on open source projects or collaborating with new developers on your team, it’s not always clear who you’re working with and how they’re connected to the project you’re working on.

With hovercards, you can hover your mouse over a contributor’s avatar—or most places you see their username—to get more information about who you’re collaborating with. On every hovercard, you’ll see a larger avatar image and profile information, so be sure to check if your profile is up to date with what you want others to see on your hovercard.

You’ll also see information about the individual that’s specific to your interaction with them, like which teams they belong to in your organization, if they are a code owner, if they’re contributing to their very first pull request, and more.


REST API and GraphQL API support are currently in preview—and stay tuned for hovercards in a GitHub Enterprise release soon.

Learn more about the hovercard REST API

Learn more about the hovercard GraphQL API

Mission report: Git Merge 2018


Last week, hundreds of Git fans met in Barcelona for Git Merge 2018—the conference dedicated to your favorite version control tool—and even more people joined the sessions from around the world on our live stream. The event brought together business leaders, source control teams, and developers for two days of Git-focused activities, promoting goodwill and dialogue between companies that have a vested interest in the progression of Git and that employ Git contributors.

We donate all proceeds from Git Merge tickets to the Software Freedom Conservancy to support their work in improving and defending free and open source software.


Git Merge kicked off with a full day of workshops led by experts from GitHub and Praqma about topics like Git aliases, scripting, and simulating Git workflows.

On the second day, Brett Smith of Software Freedom Conservancy delivered a thoughtful keynote about how free and accessible software is the key to building the future. Then speakers from Mozilla, Microsoft, and other leading technology companies took the stage to discuss refactoring, automation, and the future of Git over the course of the day.

Thank you

Thanks to everyone who participated in this year’s Git Merge! And we couldn’t have done it without our sponsors who came together to support the Software Freedom Conservancy and open source software at this important event.


How security alerts are keeping your code safer


As more developers draw from existing code libraries to build new tools, tracking changes in dependencies like security vulnerabilities has become more difficult. Since the launch of security alerts last year, we’ve taken an active role in alerting project maintainers of known-vulnerable libraries in RubyGems for Ruby and npm for Javascript. In almost all cases, there’s a new, patched version of the library we can recommend in the alert. Here’s a summary of how security alerts have been used to protect your code so far.

What does “known-vulnerable” mean?

In the security community, there are standardized and shared lists of vulnerabilities. The most comprehensive of these is Common Vulnerabilities and Exposures (CVEs). The security community works together to document vulnerabilities consistently and shares them in this list. GitHub’s security alerts notify you when Ruby and Javascript library vulnerabilities from the list are detected in your repositories.

Security alerts at work

Initially, we took our list of vulnerable libraries and compared it to the dependency graphs of all public repositories. We found over four million vulnerabilities in over 500,000 repositories and displayed an alert to repository admins in their dependency graphs and repository home pages (for Ruby and Javascript).

By December 1 and shortly after we launched, over 450,000 identified vulnerabilities were resolved by repository owners either removing the dependency or changing to a secure version. Since then, our rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. Additionally, 15 percent of alerts are dismissed within seven days—that means nearly half of all alerts are responded to within a week. Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days.

In other words, for almost all repositories with recent contributions, we see maintainers patching vulnerabilities in fewer than seven days. With the recent launch of our regular vulnerability digest emails, we’re working to make this even easier for maintainers and security teams.

What’s next

Security alerts are opening the door to new ways we can improve code checking and generation by combining publicly available data with GitHub’s unique data set. And this is just the beginning—we’ve got more ways to help you keep code safer on the way!

Learn more about security alerts

The most popular courses on GitHub

Thousands of teachers use GitHub to host their courses, distribute assignments, and get insight into student progress. Many teachers open source their materials, so other teachers can use them. Between Massive Open Online Courses (MOOCs) and custom lessons from individual teachers, there’s plenty of materials for new teachers to adapt and reuse in their classrooms.

After seeing the growth of educational repositories on GitHub, we put together a list of some of the most popular courses. Courses were selected based on forks (repository copies) and stars (bookmarks that indicate interest). You’ll also find documentation for each of the repositories to guide you through the course materials.

If we missed a course, or if you’d like yours included in a more extensive list, let us know in the GitHub Education Community.

Top courses based on stars

1. Ada Developers Academy’s Jump Start Curriculum (223 stars)

ADA’s Jump Start Curriculum helps prospective students become familiar with the tools, concepts, and vocabulary they’ll need to be successful in the larger program. Each lesson begins with stating learning goals, so students can be sure they’re retaining what they need to prior to entering the program.

2. React From Zero (207 stars)

React From Zero is a straightforward introduction to React that is broken into 17 parts. Each part of the tutorial is in the code for that lesson, using comments to explain concepts in React and examples right in the editor. Each lesson also links to a preview of how the code renders in a browser, so you can follow along and immediately see the outcome of code while you’re learning.

3. Hear Me Code’s Python Lessons (199 stars)

Hear Me Code, based in Washington, D.C., is an organization that offers free, beginner-friendly classes to women. This repository has a “Start Here” guide for those who’ve never installed or run Python before. The lessons are broken into 16 sections, each covering a different concept. Hear Me Code’s slides are also hosted on GitHub, so it’s easy for you to follow this curriculum on your own.

4. Ada Developers Academy’s Textbook Curriculum (154 stars)

Ada Developers Academy is a tuition-free program for women and gender-diverse people to learn software development. Their first repository on this list is their textbook curriculum, which anyone can use. It touches on everything from Git and agile workflows to Ruby, Rails, databases, JavaScript, and Backbone.js.

5. Prep Course for North American University’s Chapter of Association for Computing Machinery International Collegiate Programming Competition (82 stars)

This repository is an 11-week prep course for programming competitions, but it can be used to practice algorithm challenges for interviews or improve algorithmic thinking. Prior programming knowledge and familiarity with data structures will help students who want to get started with this advanced course.

Top courses based on forks

1. Stanford TensorFlow Tutorials (2,452 forks)

These tutorials go along with Stanford’s TensorFlow for Deep Learning Research course. The syllabus, slides, and lecture notes are all available on the website, and each week’s assignments and examples are available in this repository.

2. Deep Learning Specialization on Coursera (1,133 forks)

This student-created repository includes all work from Coursera’s Deep Learning Specialization programming assignments. While this repository itself is not a curriculum, it’s a helpful guide for self-teaching and reading more about the concepts and solutions from this deep learning series of courses.

3. Creative Applications of Deep Learning with Tensorflow (591 forks)

This repository is comprised of assignments and lecture transcripts for Kadenze Academy’s Creative Applications of Deep Learning with TensorFlow curriculum. There are a total of five courses, and the repository also contains extensive documentation on setup and getting started with the tools students will need.

4. Practical RL: A course in reinforcement learning in the wild (401 forks)

This course is taught on-campus in Russian at the Higher School of Economics, but its online version is available to both English and Russian speakers. The entire course is nine weeks long, and the repository also contains bonus materials for students to explore after completing the curriculum.

5. Data Science Coursera (152 forks)

Michael Galarnyk, a Data Science M.A. student, decided to document his journey through Johns Hopkins’ Coursera Data Science curriculum as a supplement to his program at UC San Diego. Along with a directory for each course and its assignments, there’s also a link to a blog post reviewing each course week-by-week, so prospective students can get an idea of what to expect each week.

Find more course materials in the Education Community

For teachers who want to explore more courses, we posted a more extensive list in the GitHub Education Community. You’ll find tips, tricks, and scripts from teachers around the world who are passionate about computer science education.

Go to the Education Community site

Removing support for anonymous gist creation

As mentioned in our deprecation notice post, we’ve deprecated anonymous gist creation as of today, March 20.

All existing anonymous gists will always remain accessible, and it’s easy to create a GitHub account to make the most of a new gist. Check out the documentation to learn more.



Discover new ways to build better

Try Marketplace apps free for 14 days

Learn more