Skip to content

Sudden Influx of GitHub Issues

Fake GitHub issues are a pain to deal with when working with an open source project. Figure out what to do when bots create a whole bunch of these.
Written: June 24, 2020

A little background: I maintain a repo at Github for over a month now, and new issues from different people are popping up. This is great - more people wanted to collaborate!

I made it beginner-friendly so that people can have an introduction to open source. This wasn't the initial goal, but I'm happy with the direction it's taking. Sometimes though, there would be a surge of new issues with odd titles, and the description would be a default template. 🤷‍♀️

Here's the running list of all the ones we've caught so far. Attaching some sample issues below:

Sample issue 1
Sample issue 2

Thank you to @vaibhavkhulbe for always checking on the issues page, a great guy to collaborate with!

I gave them the benefit of the doubt at first. Maybe they're just first time contributors, right? It started to get really fishy though. There was even a pull request that featured Python code, when the repository was built with Vue.js and Node.js. What is "kay"? 😂

Sample PR

To be quite frank, I was just really confused at how this small project was found. So what steps did I take? Note this for your future 🤖 encounters!

1. Check the accounts

First thing you can do is to visit the account's Github profile page to determine if the account is legit or not. The people (or are they even people?) opening up these issues had some things in common:

  • Blank GitHub Profile
  • Little to no activity
  • Newly created accounts

Compare these two and tell me which is more suspicious:

Bot account
My account

Quick tip: Set up your GitHub Profile. Add a display picture and a short summary about yourself!

2. Categorize the created issues

I didn’t want these issues to clutter up the Issues page since this is one of the first pages that people go to when they want to contribute. So we got to clean this up by:

  • Removing any attached labels and adding an invalid label
  • Closing the issue
Comment and close issue

3. Report the accounts

Last thing to do is to report the user who created the issue. You can do this in two ways. Do note that you can only report a few accounts at a time. I reached the limit a few times.

  • Report from the issue itself

    Report from issue's page
  • Report from the user's page

    Report from user's page

This will then show up GitHub’s report page, and you can add in details about your complaint there. I have yet to receive any confirmation on the reports I made from Github though. :(

These definitely lessened the spam issues coming in, but it’s not completely gone yet. Have you experienced this with your repository? What preventive measures did you take? I would love to know!

Hey, I'm Jaye. Thanks for stopping by!

Drop me a message about anything under the sun (out of this world ideas are always welcome, too!) over at jaye@jayehernandez.com.

You can also reach me via Twitter!