toxic-repos/README.md

# toxic-repos

---
> Now you can send information to be added to the list via telegram bot! [DarkSider BOT](https://t.me/darksider_bot)
> 
> [Also join our telegram chat. There, information about "toxic repositories" appears even faster!](https://t.me/g1l2a)
---

### We are against discrediting open source software

## What is this?

Recently, cases of adding code of varying degrees of danger to popular Open Source projects have become more frequent.
This can pose a threat to people, and also undermines the credibility of the Open Source community and Open Source as such.

[:link: Web site](https://toxic-repos.ru/?utm_source=github&utm_medium=repository&utm_campaign=md) | [:speech_balloon: Telegram channel](https://t.me/toxic_repos) | [:speech_balloon: Telegram BOT](https://t.me/darksider_bot) | [:email: E-mail](info@toxic-repos.ru) | [:bird: Twitter](https://twitter.com/ZStravnik)

## Statistics

Records in the database: 409

[CHANGELOG](CHANGELOG.md)

## Additionally

[CSV](data/csv/toxic-repos.csv) | [JSON](data/json/toxic-repos.json) | [SQLite](data/sqlite/toxic-repos.sqlite3)

## Recommendations

- Assembly isolation in containers, including for intermediate assemblies on developers' machines.
- Forks all libraries (if possible) and containers to yourself.
- Mirroring package repositories.
- Inclusion in CI of at least search by keywords, UTF characters with the image of the Ukrainian flag and comparison of the list of files with the whitelist.
- Research on code analysis tools.
- Sending a report according to [instructions](HOW-TO-REPORT.md)

## Have an idea for improvement?

- You can write to our [Telegram chat](https://t.me/g1l2a)
- You can write to us at info@toxic-repos.ru
- Submit your pull reguest;
- Create [issue](https://github.com/stravnik/toxic-repos/issues/new);
- Start [discussion](https://github.com/stravnik/toxic-repos/discussions/new).