Список вредоносных и политизированных репозиториев https://toxic-repos.ru
Go to file
2022-04-15 10:13:08 +03:00
.github/workflows update codeql-analysis.yml 2022-03-24 15:14:31 +03:00
data clean up & fixes 2022-04-15 10:13:08 +03:00
scripts clean up & fixes 2022-04-15 10:13:08 +03:00
.gitignore Scripts update 2022-03-25 22:56:12 +02:00
CHANGELOG.md update .md files, data files & #52 2022-04-14 11:43:20 +03:00
HOW-TO-ADD.md translation of .md files into English 2022-04-08 14:57:52 +03:00
HOW-TO-REPORT.md translation of .md files into English 2022-04-08 14:57:52 +03:00
LICENSE Initial commit 2022-03-17 20:49:26 +03:00
README.md update .md files, data files & #52 2022-04-14 11:43:20 +03:00

toxic-repos

We are against discrediting open source software

What is this?

Recently, cases of adding code of varying degrees of danger to popular Open Source projects have become more frequent. This can pose a threat to people, and also undermines the credibility of the Open Source community and Open Source as such.

🔗 Web site | 💬 Telegram chat | 📧 E-mail | 🐦 Twitter

Statistics

Records in the database: 358

At the moment, the most up-to-date list is on our website. The list in this repository is updated with a slight delay.

CHANGELOG

Additionally

CSV | JSON | SQLite

Recommendations

  • Assembly isolation in containers, including for intermediate assemblies on developers' machines.
  • Forks all libraries (if possible) and containers to yourself.
  • Mirroring package repositories.
  • Inclusion in CI of at least search by keywords, UTF characters with the image of the Ukrainian flag and comparison of the list of files with the whitelist.
  • Research on code analysis tools.
  • Sending a report according to instructions

Have an idea for improvement?