mirror of
https://github.com/stravnik/toxic-repos.git
synced 2024-06-16 12:12:20 +00:00
| .github/workflows | ||
| data | ||
| scripts | ||
| .gitattributes | ||
| .gitignore | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| HOW-TO-ADD.md | ||
| HOW-TO-REPORT.md | ||
| LICENSE | ||
| README.md | ||
toxic-repos
Now you can send information to be added to the list via telegram bot! DarkSider BOT
Also join our telegram chat. There, information about "toxic repositories" appears even faster!
We are against discrediting open source software
What is this?
Recently, cases of adding code of varying degrees of danger to popular Open Source projects have become more frequent. This can pose a threat to people, and also undermines the credibility of the Open Source community and Open Source as such.
🔗 Web site | 💬 Telegram channel | 💬 Telegram chat | 💬 Telegram BOT
Statistics
Records in the database: 611
Additionally
Recommendations
- Assembly isolation in containers, including for intermediate assemblies on developers' machines.
- Forks all libraries (if possible) and containers to yourself.
- Mirroring package repositories.
- Inclusion in CI of at least search by keywords, UTF characters with the image of the Ukrainian flag and comparison of the list of files with the whitelist.
- Research on code analysis tools.
- Sending a report according to instructions
Have an idea for improvement?
- You can write to our Telegram chat
- You can write to us at info@toxic-repos.ru
- Submit your pull reguest;
- Create issue;
- Start discussion.