Sudden Influx of GitHub Issues
A little background: I maintain a repo at Github for over a month now, and new issues from different people are popping up. This is great - more people wanted to collaborate!
I made it beginner-friendly so that people can have an introduction to open source. This wasn't the initial goal, but I'm happy with the direction it's taking. Sometimes though, there would be a surge of new issues with odd titles, and the description would be a default template. 🤷♀️
Here's the running list of all the ones we've caught so far. Attaching some sample issues below:
Thank you to @vaibhavkhulbe for always checking on the issues page, a great guy to collaborate with!
I gave them the benefit of the doubt at first. Maybe they're just first time contributors, right? It started to get really fishy though. There was even a pull request that featured Python code, when the repository was built with Vue.js and Node.js. What is "kay"? 😂
To be quite frank, I was just really confused at how this small project was found. So what steps did I take? Note this for your future 🤖 encounters!
First thing you can do is to visit the account's Github profile page to determine if the account is legit or not. The people (or are they even people?) opening up these issues had some things in common:
- Blank GitHub Profile
- Little to no activity
- Newly created accounts
Compare these two and tell me which is more suspicious:
Quick tip: Set up your GitHub Profile. Add a display picture and a short summary about yourself!
I didn’t want these issues to clutter up the Issues page since this is one of the first pages that people go to when they want to contribute. So we got to clean this up by:
- Removing any attached labels and adding an invalid label
- Closing the issue
Last thing to do is to report the user who created the issue. You can do this in two ways. Do note that you can only report a few accounts at a time. I reached the limit a few times.
Report from the issue itself
Report from the user's page
This will then show up GitHub’s report page, and you can add in details about your complaint there. I have yet to receive any confirmation on the reports I made from Github though. :(
These definitely lessened the spam issues coming in, but it’s not completely gone yet. Have you experienced this with your repository? What preventive measures did you take? I would love to know!