Today we reached a major milestone: 100 million repositories now live on GitHub. Powering this number is an incredible community. Together, you’re 31 million developers from nearly every country and territory in the world, collaborating across 1.1 billion contributions.
Repositories are where you store code, but they represent much more: ideas, experiments, curiosity, and moments of inspiration. To celebrate, let’s take a look at a few trends and achievements, a core sample of what’s possible when we work together by the millions.
To put this milestone into perspective, we totaled only about 33,000 repositories in 2008. Today, we’re seeing an average of 1.6 repositories created every second. In fact, nearly one third of all repositories were created in the last year alone—all thanks to the developers who choose to host, build, and share their work on GitHub.
Over the last 10 years, it’s been a pleasure to watch impactful projects build and grow on GitHub. Rails moved to Git and GitHub while the platform was still in private beta, and Node.js launched on GitHub in 2009. Since then, we’ve also had the opportunity to host Swift, .NET, and Python. Supported by thousands of contributors, these projects are raising the bar for how developer tools evolve and engage with their communities.
Just this year, we’ve seen countless projects take off, started by individuals and larger teams alike. Projects like Definitely Typed, Godot, Kubernetes, PyTorch, and more climbed our lists of top and fastest growing projects.
Projects on this year’s lists have a theme: they make it easier to build software, whether through code editing, automation, containerization, or documentation.
This year, the open source repositories you’ve created span thousands of topics, but these are the ones you contributed to the most:
GitHub started with a small group of developers looking to solve a specific problem—now it’s home to a global open source community. And we’re seeing the proportion of open source contributors outside the U.S. grow every year.
As a continent, more repositories are coming from Asia than anywhere else in the world. More specifically, repository creation has picked up across Central Asia, the Middle East, and Africa. While there’s an increase in repositories from developed countries, we’re seeing the same trend in emerging countries as new tech communities grow and new technologies becoming more accessible.
Developers in Egypt, in particular, created twice as many public and private repositories this year. And in Nigeria, a growing developer community created 1.7x more open source repositories in 2018 than in 2017. To see why we think Nigeria has a tech community to watch, read our latest post on the region.
After 10 years and 100 million repositories, we’re only just getting started. Thanks to our users, we’re building something bigger than any single repository or project—a community that’s pushing software forward in tangible ways. So thank you for building with us now and in the years to come. We can’t wait to see what you build together in the next 100 million.
Interested in seeing more insights into the GitHub community? Check out this year’s State of the Octoverse report.
This article is the first in a series based on The State of Octoverse—trends and insights into GitHub activity, the open source community, and more from the GitHub Data Science Team.
In February, we reflected on a trip to Nigeria and everything we learned about its growing tech community. Economic changes, expanding educational opportunities, and wider internet access are mobilizing a talented and entrepreneurial community. And together, they’re pushing software forward in Africa’s largest economy.
On our trip, we saw this changing landscape close up at packed meetups and student groups. In our 2018 Octoverse Report, the numbers were clear. Across several measures, the developer community in Nigeria is growing fast. In 2018 alone, we’ve seen:
To learn more about our data and methodologies, check out this year’s State of the Octoverse.
*We define contributors broadly as any user taking a substantive action on GitHub (pushed code, opened an issue, or merged a pull request, for example) that added new content to the platform in a public or private repository.
Behind our numbers is a young, growing community excited about software development and its potential to address some of the challenges Nigeria faces today. With excitement and opportunity comes an expanding startup ecosystem and the venture capital, accelerators, training programs, and hubs to support it.
Nigerian startups are growing accordingly across industries. The fintech industry is booming in particular, as a result of a changing financial landscape. According to Stephen O’Grady, Principal Analyst at Red Monk:
In 2016 and 2017, 42 percent of Nigerians had access to traditional financial services, which has lead to growth in projects that have tried to bring these to the Nigerian population. Without existing infrastructure, they have the opportunity to take the next step forward.
Nigeria still relies heavily on cash, but fintech companies like AmplifyPay, Paga, and PayStack (which you can find on GitHub) are streamlining the way people bank and gaining tens of thousands of individual and business users. With millions of dollars raised, these companies underscore an investment trend that has spread across African tech ecosystems, reaching a high of $195 million in 2017 alone. These startups have also spurred local developers to build an ecosystem of applications and integrations.
Through GitHub Education and our global group of Campus Experts, we’ve had the opportunity to support Nigerian students building tech communities that train and mentor new developers within their schools. So far, we’ve watched local Campus Experts create summer coding camps for women, host and speak at national software summits with 1,000+ attendees, organize open source meetups, and more.
We’re excited to see what Nigeria’s growing developer community builds on GitHub into 2019 and beyond. Want to learn more? GitHub Data Scientist Anna Filippova and Red Monk Principal Analyst Stephen O’Grady chatted about why Nigeria is trending in a recent GitHub Universe session.
Stay tuned for more posts that dive into data on the GitHub Blog—or check out The State of the Octoverse to see what a community of 31 million developers can accomplish in a year.
Two weeks ago we released suggested changes, a feature that allows you to suggest changes to code in a pull request. Once changes are suggested, the author or assignees can accept (and commit) suggestions with the click of a button.
Since its release, more than 10 percent of all reviewers suggested at least one change, totaling over 100,000 suggestions—and nearly four percent of all review comments created included a suggestion. Based on these early numbers, we see you’re quick to adopt suggested changes and make them a natural part of your code review workflow.
Between the number of suggestions created and the feedback we received from over 2,500 people who have used the feature, you’ve helped us understand what we can improve moving forward.
By far the most frequent requests were:
We want to make suggested changes the best feature it can possibly be. Your feedback is valuable and will inform our next steps. Until then, we encourage you to try out suggested changes and tell us what you think.
The Git project has disclosed CVE-2018-17456, a vulnerability in Git that can cause arbitrary code to be executed when a user clones a malicious repository. Git v2.19.1 has been released with a fix, along with backports in v2.14.5, v2.15.3, v2.16.5, v2.17.2, and v2.18.1. We encourage all users to update their clients to protect themselves.
Until you’ve updated, you can protect yourself by avoiding submodules from untrusted repositories. This includes commands such as
git clone --recurse-submodules and
git submodule update.
GitHub Desktop versions 1.4.1 and older included an embedded version of Git that was affected by this vulnerability. We encourage all GitHub Desktop users to update to the newest version (1.4.2 and 1.4.3-beta0) available today in the Desktop app.
Atom included the same embedded Git and was also affected. Releases 1.31.2 and 1.32.0-beta3 include the patch.
Ensure you’re on the latest Atom release by completing any of the following:
In order to be protected from the vulnerability, you must update your command-line version of Git, and any other application that may include an embedded version of Git, as they are independent of each other.
Neither GitHub.com nor GitHub Enterprise are directly affected by the vulnerability. However, as with previously discovered vulnerabilities, GitHub.com will detect malicious repositories, and will reject pushes or API requests attempting to create them. Versions of GitHub Enterprise with this detection will ship on October 9.
This vulnerability is very similar to CVE-2017-1000117, as both are option-injection attacks related to submodules. In the earlier attack, a malicious repository would ship a
.gitmodules file pointing one of its submodules to a remote repository with an SSH host starting with a dash (
ssh program—spawned by Git—would then interpret that as an option. This attack works in a similar way, except that the option-injection is against the child
git clone itself.
The problem was reported on September 23 by @joernchen, both to Git’s private security list, as well as to GitHub’s Bug Bounty program. Developers at GitHub worked with the Git community to develop a fix.
The basic fix was clear from the report. However, due to to the similarity to CVE-2017-1000117, we also audited all of the
.gitmodules values and implemented stricter checks as appropriate. These checks should prevent a similar vulnerability in another code path. We also implemented detection of potentially malicious submodules as part of Git’s object quality checks (which was made much easier by the infrastructure added during the last submodule-related vulnerability).
The coordinated disclosure date of October 5 was selected by Git developers to allow packagers to prepare for the release. This also provided hosting sites (with custom implementations) ample time to detect and block the attack before it became public. Members of the Git community checked the JGit and libgit2 implementations. Those are not affected by the vulnerability because they clone submodules via function calls rather than separate commands.
We were also able to use the time to scan all repositories on GitHub for evidence of the attack being used in the wild. We’re happy to report that no instances were found (and now, with our detection, none can be added).
Please update your copy of Git soon, and happy cloning!
We announced the public beta of the open source, Electron-built version of GitHub Desktop a year ago, giving the GitHub community a unified GitHub experience for macOS and Windows. With every release, including the version 1.0 in September 2017, we’ve seen more people using GitHub Desktop to improve their workflows. Less than six months after 1.0 was released, more Desktop users were using the Electron-based version than both the classic versions for Mac and Windows combined.
Since its initial release, we’ve added more features to GitHub Desktop, including support for additional external editors, syntax highlighting support for additional languages, support for adding co-authors to commits, and the ability to view and checkout pull requests from collaborators or forks. Many of these new features were contributions from the open source community.
Starting today, if you’re still using the classic app, you’ll see in-app notifications suggesting an upgrade to the new GitHub Desktop with information on what’s changed. If you are still using GitHub for Mac or GitHub for Windows, or if you’ve never used our desktop apps, try out the new GitHub Desktop.