mirror of
https://github.com/toxic-repos/toxic-repos
synced 2024-10-18 09:40:21 +03:00
Список вредоносных и политизированных репозиториев
https://toxic-repos.ru
|
|
||
|---|---|---|
| .github/workflows | ||
| data | ||
| scripts | ||
| .gitignore | ||
| CHANGELOG.md | ||
| HOW-TO-ADD.md | ||
| HOW-TO-REPORT.md | ||
| LICENSE | ||
| README.md | ||
| toxic-repos.rst | ||
toxic-repos
We are against discrediting open source software
What is this?
Recently, cases of adding code of varying degrees of danger to popular Open Source projects have become more frequent. This can pose a threat to people, and also undermines the credibility of the Open Source community and Open Source as such.
🔗 Web site | 💬 Telegram chat | 📧 E-mail | :twitter: Twitter
Statistics
Records in the database: 356
At the moment, the most up-to-date list is on our website. The list in this repository is updated with a slight delay.
Additionally
Recommendations
- Assembly isolation in containers, including for intermediate assemblies on developers' machines.
- Forks all libraries (if possible) and containers to yourself.
- Mirroring package repositories.
- Inclusion in CI of at least search by keywords, UTF characters with the image of the Ukrainian flag and comparison of the list of files with the whitelist.
- Research on code analysis tools.
- Sending a report according to instructions
Have an idea for improvement?
- You can write to our Telegram chat
- You can write to us at info@toxic-repos.ru
- Submit your pull reguest;
- Create issue;
- Start discussion.