Last year, GitHub brought 24 million people from almost 200 countries together to code better and build bigger. From frameworks to data visualizations across more than 25 million repositories, you were busy in 2017—and the activity is picking up even more this year. With 2018 well underway, we’re using contributor, visitor, and star activity to identify some trends in open source projects for the year ahead.
Some of the projects that experienced the largest growth in activity were focused on cross-platform or web development. For example, Angular/angular-cli had 2.2 times more contributors in 2017 than in 2016. You contributed more, visited more often, and starred projects related to Angular/Angular, Facebook/React, and Electron/Electron. These projects simplify the development process, shortening the time from start to deployment across desktop and mobile platforms.
You’ve also been rallying around deep learning projects. Across multiple industries, artificial intelligence is solving a host of complex and interesting problems. You’ve helped drive that interest by upping your contributions to and visits to projects like Keras-team/Keras and Mozilla/DeepSpeech. TensorFlow/TensorFlow had 2.2 times more visits in 2017 than in 2016, and TensowFlow/models had 5.5 times more visits!
How did we discover these trends? We looked at three different types of activity. First, we identified the top 100 projects that had at least 2,000 contributors in 2016 and experienced the largest increase in contributors in 2017. We also identified the top 100 projects that received the largest increase in visits to the project’s repo in 2017. Finally, we identified the top 100 projects that received the most new stars in 2017. Combining these lists, we categorized projects into broad communities and looked at the communities that were the most represented at the top of the lists.
We were impressed with the range of creative projects that emerged. You scratched the itch to keep track of your favorite NBA teams from the command line while you code, and you still found time to create an Android app for journalists and activists to securely monitor their homes and offices. Well done!
If you’d like to see a lot more data covering what the GitHub community was up to from September 2016 through September 2017 including the most forked projects, the most social projects, and the most reviewed projects, check out the report we released at Universe: The State of the Octoverse.
You can also see who top contributors to open source in 2017 were in Felipe Hoffa’s analysis on Medium.
And head over to our redesigned Explore experience to find the latest project collections and trending topics on GitHub.
Whether your projects are private or public, security alerts get vital vulnerability information to the right people on your team.
Enable your dependency graph
Public repositories will automatically have your dependency graph and security alerts enabled. For private repositories, you’ll need to opt in to security alerts in your repository settings or by allowing access in the Dependency graph section of your repository’s Insights tab.
Set notification preferences
When your dependency graph is enabled, admins will receive security alerts by default. Admins can also add teams or individuals as recipients for security alerts in the dependency graph settings.
Respond to alerts
When we notify you about a potential vulnerability, we’ll highlight any dependencies that we recommend updating. If a known safe version exists, we’ll select one using machine learning and publicly available data, and include it in our suggestion.
Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don’t have them. We’ll continue to get better at identifying vulnerabilities as our security data grows. For more help managing security issues, check out our security partners in the GitHub Marketplace.
Earlier this year, we launched topics, a new feature that lets you tag repositories with descriptive words or phrases. Topics help you create connections between similar GitHub projects and explore them by type, technology, and other characteristics they have in common.
All public repositories show topic suggestions, so you can quickly tag repositories with relevant words and phrases. These suggestions are the result of some exciting data science work—in particular, a topic extraction framework based on text mining, natural language processing, and machine learning called repo-topix.
Now when you add or reject topics, you’re doing more than keeping projects organized. Every topic will contribute to surfacing connections and inspiring discovery across GitHub. Repository names, descriptions, and READMEs from millions of public projects serve as the very start of an ever-evolving knowledge graph of concepts. Eventually, the graph will map how these concepts relate to each other and to the code, people, and projects on GitHub.
Topics is part of a greater effort to use our public data to make meaningful improvements to how people discover, interact, and build on GitHub. We’ll be sharing more ways that data can improve the way you work at Universe—our flagship product and community conference.
We just released an open data set for the open source community, researchers, and curious data wonks to study.
The data includes responses from 5,500 open source participants randomly sampled from over 3,800 projects on GitHub.com and over 500 sourced from communities that work on other platforms. Altogether, the data represents some of the most comprehensive and high-quality data on the open source community to date.
The Open Source Survey covers a broad set of topics, including:
We hope you’ll use the data to inform decisions about community, tooling, and prioritization of work; understand the needs and experiences of different parts of the community; and do new and interesting research on a remarkable system of peer production that powers so much of modern life.
In the meantime, we’ve started using the findings to help us understand what makes a healthy community and how we can improve GitHub for maintainers, contributors, and end users.
Huge thanks to all of our collaborators in academia, industry, and the open source community who contributed topic ideas and questions, helped with translations, and took the survey. You can find the data, and an analysis of the key findings, at opensourcesurvey.org. Let us know how you use the data or write to us with questions or comments.
GitHub data is available for public analysis using Google BigQuery, and we’d like to help you take it for a spin.
If you’d like to find out more about what data is available and how it’s been used so far, watch this conversation between GitHub Data Analyst Alyson La and Google Developer Advocate Felipe Hoffa. You’ll learn the story behind the datasets and what types of analysis they make possible. You’ll also see how we’ve visualized data with Tableau and Looker.
There’s a lot of data out there, but it’s all available through BigQuery in two large data sets. The original, community-led GitHub Archive project launched in 2012 and captures almost 30 million events monthly, including issues, commits, and pushes. Last year, we worked with Google to release The GitHub Public Data Set, separate tables with information on all projects that have open source licenses, including commits, file contents, and file paths.
You can also use the GH torrent project to complement the existing datasets with additional metadata.