FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 30, column 0: Use of unknown namespace: com-wordpress:feed-additions:1 (11 occurrences) [help]
```
<site xmlns="com-wordpress:feed-additions:1">153214340</site>	<item>
```
line 46, column 0: content:encoded should not contain html tag (9 occurrences) [help]
```
<html><body><p><a href="https://modelcontextprotocol.io/docs/getting-started ...
```
line 46, column 0: content:encoded should not contain body tag (9 occurrences) [help]
```
<html><body><p><a href="https://modelcontextprotocol.io/docs/getting-started ...
```
line 74, column 0: content:encoded should not contain data-color-mode attribute (10 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 74, column 0: content:encoded should not contain data-dark-theme attribute (10 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 74, column 0: content:encoded should not contain data-light-theme attribute (10 occurrences) [help]
```
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="ligh ...
```
line 392, column 0: content:encoded should not contain iframe tag (6 occurrences) [help]
```
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-emb ...
```
line 453, column 0: content:encoded should not contain data-recalc-dims attribute (47 occurrences) [help]
line 453, column 0: content:encoded should not contain fetchpriority attribute [help]
line 453, column 0: content:encoded should not contain decoding attribute (47 occurrences) [help]
line 453, column 0: content:encoded should not contain sizes attribute (46 occurrences) [help]
line 498, column 0: content:encoded should not contain controls attribute (4 occurrences) [help]
line 498, column 0: content:encoded should not contain poster attribute (3 occurrences) [help]
line 554, column 0: content:encoded should not contain loading attribute (45 occurrences) [help]
line 591, column 3: content:encoded should not contain relative URL references: #github-is-your-agent-hq (4 occurrences) [help]
```
]]></content:encoded>
   ^
```

line 3000, column 0: Non-html tag: svg (33 occurrences) [help]

<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23. ...

line 3232, column 0: content:encoded should not contain muted attribute [help]

<figure class="wp-block-video"><video autoplay controls loop muted src="http ...

line 4034, column 0: style attribute contains potentially dangerous content: margin-top:var(--wp--preset--spacing--40);margin-bottom:var(--wp--preset--spacing--40) (2 occurrences) [help]
```
<p class="purple-text text-gradient-purple-coral" style="margin-top:var(--wp ...
```

Source: https://github.blog/feed/

<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<channel>
<title>The GitHub Blog</title>
<atom:link href="https://github.blog/feed/" rel="self" type="application/rss+xml" />
<link>https://github.blog/</link>
<description>Updates, ideas, and inspiration from GitHub to help developers build and design software.</description>
<lastBuildDate>Thu, 30 Oct 2025 21:46:10 +0000</lastBuildDate>
<language>en-US</language>
<sy:updatePeriod>
hourly </sy:updatePeriod>
<sy:updateFrequency>
1 </sy:updateFrequency>
<generator>https://wordpress.org/?v=6.8.3</generator>
<image>
<url>https://github.blog/wp-content/uploads/2019/01/cropped-github-favicon-512.png?fit=32%2C32</url>
<title>The GitHub Blog</title>
<link>https://github.blog/</link>
<width>32</width>
<height>32</height>
</image>
<site xmlns="com-wordpress:feed-additions:1">153214340</site> <item>
<title>Measuring what matters: How offline evaluation of GitHub MCP Server works</title>
<link>https://github.blog/ai-and-ml/generative-ai/measuring-what-matters-how-offline-evaluation-of-github-mcp-server-works/</link>
<dc:creator><![CDATA[Ksenia Bobrova]]></dc:creator>
<pubDate>Thu, 30 Oct 2025 21:46:07 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[Generative AI]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[MCP]]></category>
<guid isPermaLink="false">https://github.blog/?p=92092</guid>
<description><![CDATA[<p>Take a look inside our automated pipeline for rapid, rigorous evaluation for the GitHub MCP Server.</p>
<p>The post <a href="https://github.blog/ai-and-ml/generative-ai/measuring-what-matters-how-offline-evaluation-of-github-mcp-server-works/">Measuring what matters: How offline evaluation of GitHub MCP Server works</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p><a href="https://modelcontextprotocol.io/docs/getting-started/intro">MCP (Model Context Protocol)</a> is a simple, common way for AI models (LLMs) to talk to APIs and data. Think of it like a universal plug: if both sides support MCP, they can connect and work together. An MCP server is any service or app that “speaks MCP” and offers tools the model can use, publishing a list of tools, what each tool does, and what inputs (parameters) each tool needs. </p>
<p><a href="https://github.com/github/github-mcp-server?utm_source=blog-github-mcp-server&utm_medium=blog&utm_campaign=universe25post">The GitHub MCP Server</a> is the foundation for many <a href="https://github.com/features/copilot?utm_source=blog-copilot-feature&utm_medium=blog&utm_campaign=universe25post">GitHub Copilot</a> workflows, both inside and outside of GitHub. As an engineering team working on GitHub MCP, we’re always looking to deliver new features and functionality, while avoiding regressions and improving quality with every iteration. And how we name a tool, explain what it does, and spell out its parameters directly affects whether the model picks the right tool, in the right order, with the right arguments. </p>
<p>When it comes to our work, small edits matter: tightening a description, adding or removing a tool, or combining a few similar tools can shift results a lot. When descriptions are off, agents choose the wrong tool, skip a step, send arguments in the wrong format, or drop them entirely. The outcome is weak. We need a safe way to change MCP and know if things actually got better, not worse. That’s where offline evaluation comes in.</p>
<p>Offline evaluation catches regressions before users see them and keeps the feedback loop short, so we can ship changes that genuinely improve performance.</p>
<p>This article walks through our evaluation pipeline and explains the metrics and algorithms that help us achieve these goals.</p>
<h2 class="wp-block-heading" id="h-how-automated-offline-evaluation-works">How automated offline evaluation works</h2>
<p>Our offline evaluation pipeline checks how well our tool prompts work across different models. The tool instructions are kept simple and precise so the model can choose the right tool and fill in the correct parameters. Because LLMs vary in how they use tools, we systematically test each model–MCP pairing to measure compatibility, quality, and gaps.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--1" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-quick-intro-to-mcp-hosting" style="margin-top:0">Quick intro to MCP hosting</h3>
<p>MCP host or agent connects to one or more MCP servers, fetches their tool lists, and passes that info—along with the user’s request—to the LLM.</p>
<p>How it works (step by step):</p>
<ol class="wp-block-list">
<li>The MCP server exposes tools (with names, descriptions, and required inputs).</li>
<li>The agent pulls that tool list and gives it to the model.</li>
<li>When the user asks something, the LLM decides if it needs a tool.</li>
<li>If yes, it picks a tool and fills in the inputs.</li>
<li>The agent calls the tool on the MCP server and returns the result to the LLM, which then forms the final answer.</li>
</ol>
</aside>
<p>We have curated datasets that we use as benchmarks. Every benchmark contains the following parameters: </p>
<ol class="wp-block-list">
<li><strong>Input</strong>: This is a user request formulated in natural language. </li>
<li><strong>Expected tools</strong>: Tools we expect to be called.</li>
<li><strong>Expected arguments</strong>: Arguments we expect to be passed to each tool.</li>
</ol>
<p>Here are a few examples:</p>
<h3 class="wp-block-heading" id="h-asking-how-many-issues-were-created-in-a-given-time-period">Asking how many issues were created in a given time period</h3>
<p><strong>Input:</strong>  How many issues were created in the github/github-mcp-server repository during April 2025? <br><strong>Expected tools:</strong> list_issues with<strong> arguments</strong>:</p>
<pre class="wp-block-code language-plaintext"><code>owner: github
repo: github-mcp-server
since: 2025-04-01T00:00:00Z</code></pre>
<h3 class="wp-block-heading" id="h-merging-pull-requests">Merging pull requests</h3>
<p><strong>Input:</strong> Merge PR 123 in github/docs using squash merge with title “Update installation guide”<br><strong>Expected tools:</strong> merge_pull_request with <strong>arguments</strong>:</p>
<pre class="wp-block-code language-plaintext"><code>owner: github
repo: docs
pullNumber: 123
merge_method: squash
commit_title: Update installation guide</code></pre>
<h3 class="wp-block-heading" id="h-requesting-code-reviews">Requesting code reviews</h3>
<p><strong>Input: </strong>Request reviews from alice456 and bob123 for PR 67 in team/project-alpha<br><strong>Expected tools:</strong> update_pull_request with <strong>arguments: </strong></p>
<pre class="wp-block-code"><code>owner: team
repo: project-alpha
pullNumber: 67
reviewers: ["alice456", "bob123"]</code></pre>
<h3 class="wp-block-heading" id="h-summarizing-discussion-comments">Summarizing discussion comments</h3>
<p><strong>Input:</strong> Summarize the comments in discussion 33801, in the facebook/react repository <br><strong>Expected tools</strong>: get_discussion_comments with <strong>arguments</strong>:</p>
<pre class="wp-block-code language-plaintext"><code>owner: facebook
repo: react
discussionNumber: 33801</code></pre>
<p>The evaluation pipeline has three stages: <strong>fulfillment</strong>, <strong>evaluation</strong>, and <strong>summarization</strong>.</p>
<ul class="wp-block-list">
<li><strong>Fulfillment:</strong> We run each benchmark across multiple models, providing the list of available MCP tools with every request. For each run, we record which tools the model invoked and the arguments it supplied.<br></li>
<li><strong>Evaluation:</strong> We process the raw outputs and compute metrics and scores.<br></li>
<li><strong>Summarization:</strong> We aggregate dataset-level statistics and produce the final evaluation report.</li>
</ul>
<h2 class="wp-block-heading" id="evaluation-metrics-and-algorithms">Evaluation metrics and algorithms</h2>
<p>Our evaluation targets two aspects: whether the model <strong>selects the correct tools</strong> and whether it <strong>supplies correct arguments</strong>.</p>
<h3 class="wp-block-heading" id="tool-selection">Tool selection</h3>
<p>When benchmarks involve a single tool call, <strong>tool selection</strong> reduces to a <strong>multi-class classification</strong> problem. Each benchmark is labeled with the tool it expects, and each tool is a “class.”</p>
<p>Models tasked with this classification are evaluated using <strong>accuracy</strong>, <strong>precision</strong>, <strong>recall</strong>, and <strong>F1-score</strong>.</p>
<ol class="wp-block-list">
<li><strong>Accuracy</strong> is the simplest measure that shows the percentage of correct classifications. In our case it means the percentage of inputs that resulted in an expected tool call. This is calculated on the whole dataset.</li>
<li><strong>Precision</strong> shows the proportion of the cases for which the tool was called correctly out of all cases where the tool was called. Low precision means the model picks the tool even for the cases where the tool is not expected to be called.</li>
<li><strong>Recall</strong> shows the proportion of correctly called tools out of all cases where the given tool call was expected. Low recall may indicate that the model doesn’t understand that the tool needs to be called and fails to call the tool or calls another tool instead.</li>
<li><strong>F1-score</strong> is a harmonic mean showing how well the model is doing in terms of both precision and recall. </li>
</ol>
<p>If the model confuses two tools, it can result in low precision or recall for these tools.</p>
<p>We have two similar tools that used to be confused often, which are <code>list_issues</code> and <code>search_issues</code>. Let’s say we have 10 benchmarks for <code>list_issues</code>  and 10 benchmarks for <code>search_issues</code>. Imagine <code>list_issues</code> is called correctly in all of 10 cases and on top in 30% of cases where search_issues should be called.</p>
<p>This means we’re going to have lower recall for <code>search_issues</code> and lower precision for <code>list_issues</code>:</p>
<p><strong>Precision</strong> (<code>list_issues</code>) = 10 (cases where tool is called correctly) / (10 + 3 (cases where tool is called instead of <code>search_issues</code>)) = 0.77</p>
<p><strong>Recall</strong> (<code>search_issues</code>) =  7 (tool was called correctly) / 10 (cases where tool is expected to be called) = 0.7</p>
<p>In order to have visibility into what tools are confused with each other, we build a confusion matrix. Confusion matrix for the <code>search_issues</code> and <code>list_issues</code> tools from the example above would look the following:</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Expected tool / Called tool</strong></th><th><strong>search_issues</strong></th><th><strong>list_issues</strong></th></tr></thead><tbody><tr><td><strong>search_issues</strong></td><td>7</td><td>3</td></tr><tr><td><strong>list_issues</strong></td><td>0</td><td>10</td></tr></tbody></table></figure>
<p>The confusion matrix allows us to see the reason behind low precision and recall for certain tools and tweak their descriptions to minimize confusion.</p>
<h3 class="wp-block-heading" id="argument-correctness">Argument correctness</h3>
<p>Selecting the right tool isn’t enough. The model must also supply correct arguments. We’ve defined a set of argument-correctness metrics that pinpoint specific issues, making regressions easy to diagnose and fix.</p>
<p>We track four argument-quality metrics:</p>
<ul class="wp-block-list">
<li><strong>Argument hallucination:</strong> How often the model supplies argument names that aren’t defined for the tool.</li>
<li><strong>All expected arguments provided:</strong> Whether every expected argument is present.</li>
<li><strong>All required arguments provided:</strong> Whether all required arguments are included.</li>
<li><strong>Exact value match:</strong> Whether provided argument values match the expected values exactly.</li>
</ul>
<p>These metrics are computed for tools that were correctly selected. The final report summarizes each tool’s performance across all four metrics.</p>
<h2 class="wp-block-heading" id="looking-forward-and-filling-the-gaps">Looking forward and filling the gaps</h2>
<p>The current evaluation framework gives us a solid read on tool performance against curated datasets, but there’s still room to improve.</p>
<h3 class="wp-block-heading" id="more-is-better">More is better</h3>
<p>Benchmark volume is the weak point of offline evaluation. With so many classes (tools), we need more robust per-tool coverage. Evaluations based on just a couple of examples aren’t dependable alone. Adding more benchmarks is always useful to increase the reliability of classification evaluation and other metrics.</p>
<h3 class="wp-block-heading" id="evaluation-of-multi-tool-flows">Evaluation of multi-tool flows</h3>
<p>Our current pipeline handles only single tool calls. In practice, tools are often invoked sequentially, with later calls consuming the outputs of earlier ones. To evaluate these flows, we must go beyond fetching the MCP tool list and actually execute tool calls (or mock their responses) during evaluation.</p>
<p>We’ll also update summarization. Today we treat tool selection as <strong>multi-class classification</strong>, which assumes one tool per input. For flows where a single input can trigger multiple tools, <a href="https://en.wikipedia.org/wiki/Multi-label_classification"><strong>multi-label classification</strong></a> is the better fit.</p>
<h2 class="wp-block-heading" id="take-this-with-you">Take this with you</h2>
<p>Offline evaluation gives us a fast, safe way to iterate on MCP, so models pick the right GitHub tools with the right arguments. By combining curated benchmarks with clear metrics—classification scores for tool selection and targeted checks for argument quality—we turn vague “it seems better” into measurable progress and actionable fixes.</p>
<p>We’re not stopping here. We’re expanding benchmark coverage, refining tool descriptions to reduce confusion, and extending the pipeline to handle real multi-tool flows with execution or faithful mocks. These investments mean fewer regressions, clearer insights, and more reliable agents that help developers move faster.</p>
<p>Most importantly, this work raises the bar for product quality without slowing delivery. As we grow the suite and deepen the evaluation, you can expect steadier improvements to GitHub MCP Server—and a better, more predictable experience for anyone building with it.</p>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/generative-ai/measuring-what-matters-how-offline-evaluation-of-github-mcp-server-works/">Measuring what matters: How offline evaluation of GitHub MCP Server works</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">92092</post-id> </item>
<item>
<title>Introducing Agent HQ: Any agent, any way you work</title>
<link>https://github.blog/news-insights/company-news/welcome-home-agents/</link>
<dc:creator><![CDATA[Kyle Daigle]]></dc:creator>
<pubDate>Tue, 28 Oct 2025 16:08:15 +0000</pubDate>
<category><![CDATA[Company news]]></category>
<category><![CDATA[News & insights]]></category>
<category><![CDATA[GitHub Universe]]></category>
<guid isPermaLink="false">https://github.blog/?p=91822</guid>
<description><![CDATA[<p>At Universe 2025, GitHub's next evolution introduces a single, unified workflow for developers to be able to orchestrate any agent, any time, anywhere.</p>
<p>The post <a href="https://github.blog/news-insights/company-news/welcome-home-agents/">Introducing Agent HQ: Any agent, any way you work</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[
<p>The current AI landscape presents a challenge we’re all too familiar with: incredible power fragmented across different tools and interfaces. At GitHub, we’ve always worked to solve these kinds of systemic challenges—by making Git accessible, code review systematic with pull requests, and automating deployment with Actions. </p>
<p>With 180 million developers, <a href="https://github.blog/news-insights/octoverse/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1/"><strong>GitHub is growing at its fastest rate ever</strong></a>—a new developer joining every second. What’s more, 80% of new developers are using Copilot in their first week. AI isn’t just a tool anymore; it’s an integral part of the development experience. Our responsibility is to ensure this new era of collaboration is powerful, secure, and seamlessly integrated into the workflow you already trust.</p>
<p>At GitHub Universe, we’re announcing <strong>Agent HQ</strong>, GitHub’s vision for the next evolution of our platform. Agents shouldn’t be bolted on. They should work the way you already work. <strong>That’s why we’re making agents native to the GitHub flow.</strong></p>
<p>Agent HQ transforms GitHub into an open ecosystem that unites every agent on a single platform. <strong>Over the coming months, coding agents from Anthropic, OpenAI, Google, Cognition, xAI, and more will become available directly within <a href="https://github.com/features/copilot/plans?utm_source=blog-day1-recap-copilot-cta&utm_medium=blog&utm_campaign=universe25">GitHub as part of your paid GitHub Copilot subscription</a></strong>.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe title="Introducing Agent HQ mission control | GitHub" width="500" height="281" src="https://www.youtube.com/embed/KniyIrpTDE8?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<p>To bring this vision to life, we’re shipping a suite of new capabilities built on the primitives you trust. This starts with a <strong>mission control</strong>,<strong> </strong>a single command center to assign, steer, and track the work of multiple agents from anywhere. It extends to <strong>VS Code</strong> with new ways to plan and customize agent behavior. And it is backed by enterprise-grade functionality: a new generation of <strong>agentic code review</strong>,<strong> </strong>a dedicated <strong>control plane </strong>to govern AI access and agent behavior, and a <strong>metrics dashboard</strong> to understand the impact of AI on your work. </p>
<p><strong>We are also deeply committed to investing in our platform and strengthening the primitives you rely on every day</strong>. This new world of development is powered by that foundational work, and we look forward to sharing more updates. </p>
<p>Let’s dive in.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--2" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-in-this-post" style="margin-top:0">In this post</h3>
<ul class="wp-block-list">
<li><a href="#github-is-your-agent-hq">GitHub is your Agent HQ: An open ecosystem for all agents</a></li>
<li><a href="#mission-control">Mission control: Your command center, wherever you build</a></li>
<li><a href="#new-in-vs-code">New in VS Code: Plan, customize, and connect</a></li>
<li><a href="#increased-confidence-and-control-for-your-team">Increased confidence and control for your team</a></li>
</ul>
</aside>
<h2 class="wp-block-heading" id="github-is-your-agent-hq">GitHub is your Agent HQ: An open ecosystem for all agents  </h2>
<p>The future is about giving you the power to orchestrate a fleet of specialized agents to perform complex tasks in parallel, not juggling a patchwork of disconnected tools or relying on a single agent. As the pioneer of asynchronous collaboration, we believe it’s our responsibility to make sure these next-generation async tools<em> just work</em>. </p>
<p>With<strong> Agent HQ </strong>what’s <em>not</em> changing is just as important as what<em> is.</em> You’re still working with the primitives you know—Git, pull requests, issues—and using your preferred compute, whether that’s GitHub Actions or self-hosted runners. You’re accessing agents through your existing paid Copilot subscription. </p>
<p>On top of that foundation, we’re opening the doors to a new world of capability.<strong> </strong>Over the coming months, <strong>coding agents from Anthropic, OpenAI, Google, Cognition, and xAI will be available on GitHub</strong> <strong>as part of your paid GitHub Copilot subscription</strong>.</p>
<p>Don’t want to wait? Starting this week, Copilot Pro+ users can begin working with <strong> OpenAI Codex in </strong><a href="https://code.visualstudio.com/insiders/"><strong>VS Code Insiders</strong></a>, the first of our partner agents to extend beyond its native surfaces and directly into the editor.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" fetchpriority="high" decoding="async" width="2796" height="2022" src="https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?resize=2796%2C2022" alt="'Our collaboration with GitHub has always pushed the frontier of how developers build software. The first Codex model helped power Copilot and inspired a new generation of AI-assisted coding. We share GitHub’s vision of meeting developers wherever they work, and we’re excited to bring Codex to millions more developers who use GitHub and VS Code, extending the power of Codex everywhere code gets written.'
- Alexander Embiricos, Codex Product Lead, OpenAI
'We’re partnering with GitHub to bring Claude even closer to how teams build software. With Agent HQ, Claude can pick up issues, create branches, commit code, and respond to pull requests, working alongside your team like any other collaborator. This is how we think the future of development works: agents and developers building together, on the infrastructure you already trust.'
- Mike Krieger, Chief Product Officer, Anthropic
'The best developer tools fit seamlessly into your workflow, helping you stay focused and move faster. With Agent HQ, Jules becomes a native assignee, streamlining manual steps and reducing friction in everyday development. This deeper integration with GitHub brings agents closer to where developers already work, making collaboration more natural and efficient.'
- Kathy Korevec, Director of Product at Google Labs" class="wp-image-92035" srcset="https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?w=2796 2796w, https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/Quotes_v5.jpg?w=2048 2048w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>
<h2 class="wp-block-heading" id="mission-control">Mission control: Your command center, wherever you build</h2>
<p>The power of Agent HQ comes from<strong> <a href="https://github.blog/changelog/2025-10-28-a-mission-control-to-assign-steer-and-track-copilot-coding-agent-tasks/?utm_source=blog-day1-recap-mission-control-cta&utm_medium=blog&utm_campaign=universe25">mission control</a></strong>, a unified command center that follows you wherever you work. It’s not a single destination; it’s a consistent interface across GitHub, VS Code, mobile, and the CLI that lets you direct, monitor, and manage every AI-driven task. With mission control, you can choose from a fleet of agents, assign them work in parallel, and track their progress from any device. </p>
<p>We’re also providing: </p>
<ul class="wp-block-list">
<li>New <strong>branch controls</strong> that give you granular oversight over when to run CI and other checks for agent-created code.</li>
<li><strong>Identity features</strong> to control which agent is building the task, managing access, and policies just like you would with any other developer on your team.</li>
<li><strong>One-click merge conflict resolution</strong>, improved file navigation, and better code commenting capabilities.</li>
<li><strong>New integrations for Slack and Linear,</strong> on top of our recently announced connections for Atlassian Jira, Microsoft Teams and Azure Boards, and Raycast. </li>
</ul>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" decoding="async" height="427" width="1024" src="https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?resize=1024%2C427" alt="Logos for Slack, Linear, Microsoft Teams, VS Code, Azure Boards, Jira, and Raycast." class="wp-image-91940" srcset="https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?w=2960 2960w, https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/BlogImage_LogoWall_02.jpg?w=2048 2048w" sizes="(max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-video"><video controls poster="https://github.blog/wp-content/uploads/2025/10/Screenshot-2025-10-27-at-11.45.50-AM.png" src="https://github.blog/wp-content/uploads/2025/10/DotCom_MissionControl_v2.mp4"></video></figure>
<p><a href="https://github.blog/changelog/2025-10-28-a-mission-control-to-assign-steer-and-track-copilot-coding-agent-tasks/?utm_source=blog-day1-recap-mission-control-cta&utm_medium=blog&utm_campaign=universe25"><strong>Try mission control today.</strong></a></p>
<h2 class="wp-block-heading" id="new-in-vs-code">New in VS Code: Plan, customize, and connect</h2>
<p>Mission control is in VS Code, too, so you’ve got a single view of all your agents running in VS Code, in the Copilot CLI, or on GitHub.</p>
<p>Today’s <strong>brand new release in VS Code</strong> is all about working alongside agents on projects, and it’s not surprising that great results start with a great plan. Getting the context right before a project is critical, but that same context needs to carry through into the work. Copilot already adapts to the way your team works by learning from your files and your project’s culture, but sometimes you need more pointed context.</p>
<p>So today, we’re introducing <strong>Plan Mode</strong>, which works with Copilot, and asks you clarifying questions along the way, to help you to build a step-by-step approach for your task. Providing the context upfront improves what Copilot can do and helps you find gaps, missing decisions, or project deficiencies early in the process—before any code is written. Once you approve, your plan goes to Copilot to start implementing, whether that’s locally in VS Code or using an agent in the cloud.</p>
<figure class="wp-block-video"><video controls poster="https://github.blog/wp-content/uploads/2025/10/Screenshot-2025-10-27-at-11.48.00-AM.png" src="https://github.blog/wp-content/uploads/2025/10/VScode_PlanMode_v2.mp4"></video></figure>
<p>For even finer control, you can now create custom agents in VS Code with <strong><a href="https://code.visualstudio.com/docs/copilot/customization/custom-instructions#_use-an-agentsmd-file-experimental?utm_source=blog-day1-recap-agents-md-cta&utm_medium=blog&utm_campaign=universe25">AGENTS.md</a></strong> files, source-controlled documents that let you set clear rules and guardrails such as “prefer this logger” or “use table-driven tests for all handlers.” This shapes Copilot’s behavior without you re-prompting it every time.</p>
<p>Now you can rely on the new <strong><a href="https://code.visualstudio.com/docs/copilot/customization/mcp-servers?utm_source=blog-day1-recap-mcp-registry-in-vs-code-cta&utm_medium=blog&utm_campaign=universe25">GitHub MCP Registry</a>, available directly in VS Code</strong>. VS Code is the <em>only</em> editor that supports the full MCP specification. Discover, install, and enable MCP servers like Stripe, Figma, Sentry, and others, with a single click. When your task calls for a specialist, create custom agents in GitHub Copilot with their own system prompt and tools to help you define the ways you want Copilot to work. </p>
<figure class="wp-block-video"><video controls poster="https://github.blog/wp-content/uploads/2025/10/Screenshot-2025-10-27-at-11.51.02-AM.png" src="https://github.blog/wp-content/uploads/2025/10/DotCom_MissionControl_v2_aed2be.mp4"></video></figure>
<h2 class="wp-block-heading" id="increased-confidence-and-control-for-your-team">Increased confidence and control for your team</h2>
<p>Agent HQ doesn’t just give you more power—it gives you confidence. Ensuring code quality, understanding AI’s influence on your workflow, and maintaining control over how AI interacts with your codebase and organization are essential for your team’s success, and we’re tackling these challenges head-on.</p>
<p>When it comes to code quality, the core problem is that “LGTM” doesn’t always mean “the code is healthy.” A review can pass, but can still degrade the codebase and quickly become long-term technical debt. With <strong><a href="https://github.blog/changelog/2025-10-28-github-code-quality-in-public-preview/?utm_source=blog-day1-recap-code-quality-cta&utm_medium=blog&utm_campaign=universe25">GitHub Code Quality</a></strong>, in public preview today, you’ve got org-wide visibility, governance, and reporting to systematically improve code maintainability, reliability, and test coverage across every repository. Enabling it extends Copilot’s security checks to look at the maintainability and reliability impact of the code that’s been changed.</p>
<p>And we’ve<strong> added a code review step</strong> into the Copilot coding agent’s workflow, too, so Copilot gets an initial first-line review and addresses problems (before you even see the code). </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="614" width="1024" src="https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?resize=1024%2C614" alt="Screenshot of GitHub Code Quality, showing the results of Copilot's review." class="wp-image-91946" srcset="https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?w=3004 3004w, https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/BlogImage_CodeQuality_01.jpg?w=2048 2048w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>As an organization, you need to know how Copilot is being used. So today, we’re announcing the public preview of the <strong><a href="https://github.blog/changelog/2025-10-28-copilot-usage-metrics-dashboard-and-api-in-public-preview/?utm_source=blog-day1-recap-copilot-metrics-dashboard-cta&utm_medium=blog&utm_campaign=universe25">Copilot metrics dashboard</a></strong>, showing Copilot’s impact and critical usage metrics across your entire organization.</p>
<p>For enterprise administrators who are managing AI access, including AI agents and MCP, we’re focused on providing consistent <strong>AI controls for teams with the <a href="https://github.blog/changelog/2025-10-28-enterprise-ai-controls-the-agent-control-plane-are-in-public-preview/?utm_source=blog-day1-recap-control-plane-cta&utm_medium=blog&utm_campaign=universe25">control plane</a></strong>—<strong>your agent governance layer</strong>. Set security policies, audit logging, and manage access all in one place. Enterprise admins can also control which agents are allowed, define access to models, and obtain metrics about the Copilot usage in your organization.</p>
<h2 class="wp-block-heading" id="for-developers-by-developers">For developers, by developers </h2>
<p>We built Agent HQ because we’re developers, too. We know what it’s like when it feels like your tools are<em> fighting</em> you instead of helping you. When “AI-powered” ends up meaning more context-switching, more babysitting, more subscriptions, and more time explaining what you need to get the value you were promised. </p>
<p>That ends today.</p>
<p>Agent HQ isn’t about the hype of AI. It’s about the reality of shipping code.  It’s about bringing order and governance to this new era without compromising choice. It’s about giving <em>you </em>the power to build faster, with more confidence, and on your terms.</p>
<p>Welcome home. Let’s build. </p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><a href="https://github.blog/changelog/?label=universe25&utm_source=blog-day1-recap-cta-to-changelog-roundup&utm_medium=blog&utm_campaign=universe25"><strong>See everything we shipped this year ></strong></a></p>
</div>
<p>The post <a href="https://github.blog/news-insights/company-news/welcome-home-agents/">Introducing Agent HQ: Any agent, any way you work</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91822</post-id> </item>
<item>
<title>Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1</title>
<link>https://github.blog/news-insights/octoverse/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1/</link>
<dc:creator><![CDATA[GitHub Staff]]></dc:creator>
<pubDate>Tue, 28 Oct 2025 16:07:06 +0000</pubDate>
<category><![CDATA[News & insights]]></category>
<category><![CDATA[Octoverse]]></category>
<guid isPermaLink="false">https://github.blog/?p=91454</guid>
<description><![CDATA[<p>In this year’s Octoverse, we uncover how AI, agents, and typed languages are driving the biggest shifts in software development in more than a decade.</p>
<p>The post <a href="https://github.blog/news-insights/octoverse/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1/">Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>If 2025 had a theme, it would be growth. Every second, more than one new developer on average joined GitHub—over 36 million in the past year. It’s our fastest absolute growth rate yet and <strong>180 million-plus developers now work and build on GitHub</strong>. </p>
<p>The release of <a href="https://github.com/features/copilot?utm_source=octoverse-copilot-cta&utm_medium=octoverse&utm_campaign=universe25">GitHub Copilot Free</a> in late 2024 coincided with a step-change in developer sign-ups, exceeding prior projections. Beyond bringing millions of new developers into the ecosystem, we saw record-level activity across repositories, pull requests, and code pushes. Developers created more than 230 new repositories every minute, merged <strong>43.2</strong> <strong>million</strong> pull requests on average each month (+23% YoY), and pushed nearly 1 billion commits in 2025 (+25.1% YoY)—including a record of nearly 100 million in August alone. </p>
<p>This surge in activity coincides with a structural milestone: for the first time, TypeScript overtook both Python and JavaScript in August 2025 to become the most used language on GitHub, reflecting how developers are reshaping their toolkits. This marks the most significant language shift in more than a decade.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1440" height="810" src="https://github.blog/wp-content/uploads/2025/10/Octoverse-2025-top-level-metrics.png?resize=1440%2C810" alt="A graphic showing key Octoverse 2025 metrics: 630 million total projects on GitHub, over 180 million developers, 1.12 billion total contributions, 4.3 million AI projects, 43.2 million pull requests merged per month (up 23% year over year), and TypeScript and Python as the top two languages used in 2025." class="wp-image-91474" srcset="https://github.blog/wp-content/uploads/2025/10/Octoverse-2025-top-level-metrics.png?w=1440 1440w, https://github.blog/wp-content/uploads/2025/10/Octoverse-2025-top-level-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/Octoverse-2025-top-level-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/Octoverse-2025-top-level-metrics.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>And the growth we see is global: India alone added more than 5 million developers this year (over 14% of all new accounts) and is on track to account for one in every three new developers on GitHub by 2030. </p>
<p><strong>This year’s data highlights three key shifts: </strong></p>
<ol class="wp-block-list">
<li><strong>Generative AI is now standard in development.</strong> More than 1.1 million public repositories now use an LLM SDK with 693,867 of these projects created in just the past 12 months alone (+178% YoY, Aug ‘25 vs. Aug ‘24). Developers also merged a record 518.7M pull requests (+29% YoY). Moreover, AI adoption starts quickly: 80% of new developers on GitHub use Copilot in their first week.<br></li>
<li><strong>TypeScript is now the most used language on GitHub</strong>. In August 2025, TypeScript overtook both Python and JavaScript. Its rise illustrates how developers are shifting toward typed languages that make agent-assisted coding more reliable in production. It doesn’t hurt that nearly every major frontend framework now scaffolds with TypeScript by default. Even still, Python remains dominant for AI and data science workloads, while the JavaScript/TypeScript ecosystem still accounts for more overall activity than Python alone.<br></li>
<li><strong>AI is reshaping choices, not just code. </strong>In the past, developer choice meant picking an IDE, language, or framework. In 2025, that’s changing. We see correlations between the rapid adoption of AI tools and evolving language preferences. This and other shifts suggest AI is influencing not only how fast code is written, but which languages and tools developers use.</li>
</ol>
<p>And one of the biggest things in 2025? <strong>Agents are here.</strong> Early signals in our data are starting to show their impact, but ultimately point to one key thing: we’re just getting started and we expect far greater activity in the months and years ahead. </p>
<p>Let’s jump in.</p>
<p><strong>💡 Oh, and if you’re a visual learner, we have you covered.👇</strong></p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Octoverse 2025: AI, India, and the new #1 programming language" width="500" height="281" src="https://www.youtube.com/embed/4-u6dUg6IJk?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="h-the-state-of-github-in-2025-a-year-of-record-growth">The state of GitHub in 2025: A year of record growth</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1152" height="288" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-year-of-record-growth.png?resize=1152%2C288" alt="Three key Octoverse 2025 metrics: on average 1 developer joined GitHub every second (up 23% YoY), about 230 new repositories created per minute (+121 million YoY), and 395 million public and open source repositories overall (+72 million YoY)." class="wp-image-91477" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-year-of-record-growth.png?w=1152 1152w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-year-of-record-growth.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-year-of-record-growth.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-year-of-record-growth.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>In 2023, GitHub crossed 100 million developers after nearly three years of growth from 50 million to 100 million. But the past year alone has rewritten that curve with our fastest absolute growth yet. Today, more than 180 million developers build on GitHub.</p>
<p><strong>So, what does “more than one new developer joining GitHub every second on average” actually mean? </strong></p>
<ul class="wp-block-list">
<li><strong>Developers are converging on GitHub. </strong>More than 36 million developers joined GitHub in a single year (23% YoY), confirming GitHub as the primary hub for collaboration. </li>
<li><strong>AI adoption starts immediately. </strong>We see nearly 80% of new developers on GitHub use <a href="https://github.com/features/copilot?utm_source=octoverse-copilot-cta&utm_medium=octoverse&utm_campaign=universe25">GitHub Copilot</a> within their first week, offering evidence that AI is now an expectation among new coders. </li>
<li><strong>The talent boom is geographically diverse. </strong>Every minute, ~25 developers joined from APAC, ~12 from Europe, ~6.5 from Africa and the Middle East, and ~6 from LATAM. India alone added over 5 million developers this year. </li>
</ul>
<h3 class="wp-block-heading" id="github-copilot-steepened-growth-curves">GitHub Copilot steepened growth curves</h3>
<p>Historically, developer sign ups and repository creation followed predictable year-over-year patterns. The launch of <a href="https://github.com/features/copilot?utm_source=octoverse-copilot-cta&utm_medium=octoverse&utm_campaign=universe25">Copilot Free</a> in December 2024 accelerated those curves globally, giving millions access to AI-powered workflows for the first time. The end result? Our typical models for growth overturned dramatically.  </p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-number-of-new-developers-on-github.png?resize=1728%2C972" alt="A line chart showing the number of new developers joining GitHub from 2020 to 2025. The line rises steadily, reaching 36.2 million in 2025, with a sharp increase after the launch of Copilot Free in late 2024. The chart has a dark background with blue data lines and the title ‘The number of new developers on GitHub.’" class="wp-image-91479" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-number-of-new-developers-on-github.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-number-of-new-developers-on-github.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-number-of-new-developers-on-github.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-number-of-new-developers-on-github.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-number-of-new-developers-on-github.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1440" height="810" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-80-percent-of-new-devs-use-copilot-in-week-one.png?resize=1440%2C810" alt="A graphic showing that nearly 80% of new developers on GitHub use Copilot within their first week, displayed in large bold text on a blue background with green and purple gradient ribbons." class="wp-image-91480" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-80-percent-of-new-devs-use-copilot-in-week-one.png?w=1440 1440w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-80-percent-of-new-devs-use-copilot-in-week-one.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-80-percent-of-new-devs-use-copilot-in-week-one.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-80-percent-of-new-devs-use-copilot-in-week-one.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="private-and-public-repositories-play-different-but-interdependent-roles">Private and public repositories play different but interdependent roles</h3>
<p>In 2025, 81.5% of contributions happened in private repositories, while 63% of all repositories were public. The split highlights GitHub’s dual role: most day-to-day work takes place in private projects, but depends on libraries, models, and frameworks in public open source.</p>
<p>Private repositories also grew faster (+33% YoY) than public repositories (+19% YoY), reflecting the growth in organizational development happening on GitHub. We also sometimes see open source software (OSS) work start in private projects.</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>2025‑YTD lens</strong></th><th><strong>Contributions</strong></th><th><strong>Share of total</strong></th><th><strong>What it signals</strong></th></tr></thead><tbody><tr><td><strong>Private repositories</strong></td><td><strong>4.97B</strong></td><td><strong>≈ 81.5%</strong></td><td>Enterprise and team‑level collaboration is happening on GitHub. </td></tr><tr><td><strong>Public repositories</strong></td><td><strong>1.12B</strong></td><td><strong>≈ 18.5%</strong></td><td>The <em>volume</em> of work is smaller, yet these projects supply the libraries, models, and workflows that power the broader ecosystem.</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="key-numbers">Key numbers</h3>
<ul class="wp-block-list">
<li><strong>180M+ developers </strong>are now on GitHub</li>
<li><strong>630M</strong> total repositories with <strong>+121M</strong> new repositories in 2025 marking our biggest year yet</li>
<li><strong>+58M</strong> private repositories (up  33%) underscore the activity happening outside of the public eye. </li>
<li><strong>Open source and public projects represent the majority of repositories on GitHub. </strong>63% of all repositories are open source or public.</li>
</ul>
<h2 class="wp-block-heading" id="developer-productivity-shipping-more-waiting-less">Developer productivity: shipping more, waiting less</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="432" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-developer-productivity-top-line-metrics.png?resize=1728%2C432" alt="A graphic highlighting developer productivity metrics from Octoverse 2025: 5.5 million issues closed in public and private projects in July 2025, 43.2 million pull requests merged per month in 2025, and a 75% year-over-year increase in Jupyter Notebooks as of March 2025. The data is displayed in three panels on a light blue background with abstract gradient shapes." class="wp-image-91483" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-developer-productivity-top-line-metrics.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-developer-productivity-top-line-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-developer-productivity-top-line-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-developer-productivity-top-line-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-developer-productivity-top-line-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>2025 marked the most active 12-month period in GitHub history with more than 1.12B contributions to public and open source projects. Following <a href="https://github.blog/enterprise-software/devops/measuring-enterprise-developer-productivity/">the SPACE framework</a> (a model that looks at developer Satisfaction, Performance, Activity, Communication, and Efficiency), this increase reflects record levels of developer activity. As developers are increasingly working with LLMs and agents, there are some new, notable correlations in this year’s data.</p>
<h3 class="wp-block-heading" id="developer-activity-reached-record-levels-in-2025">Developer activity reached record levels in 2025</h3>
<p>Across every productivity signal on GitHub, developers set new records in 2025.</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Activity</strong></th><th><strong>2024 monthly average</strong></th><th><strong>2025 monthly average</strong></th></tr></thead><tbody><tr><td><strong>Issues closed</strong></td><td> ≈ 3.4M</td><td><strong>4.25M</strong></td></tr><tr><td><strong>Pull requests merged</strong></td><td> 35M</td><td><strong>43.2M</strong></td></tr><tr><td><strong>Code pushes</strong></td><td>65M</td><td><strong>82.19M </strong></td></tr></tbody></table></figure>
<p>Momentum accelerated in early 2025 and coincided with the <a href="https://github.blog/news-insights/product-news/github-copilot-the-agent-awakens/">preview of Copilot coding agent in March</a> and <a href="https://github.blog/changelog/2025-04-04-copilot-code-review-now-generally-available/">the introduction of Copilot code review in April</a>. In March, developers closed 1.4 million more issues than the prior month, then continued breaking records, culminating in 5.5 million issues closed in July. </p>
<p>Code pushes are driving the surge with more than 986M commits in 2025 (+25% YoY) and monthly pushes topping 90M by May. Other activity followed:</p>
<ul class="wp-block-list">
<li><strong>Pull requests created:</strong> +20.4% (47.5M vs 39.5M)</li>
<li><strong>Issues created:</strong> +11.3% (17.5M vs 15.7M)</li>
<li><strong>Comments on issues/PRs:</strong> essentially flat (+0.35%)</li>
<li><strong>Comments on commits:</strong> down -27% (sharp decline)</li>
</ul>
<p>These are <strong>observational signals rather than causal claims </strong>and more work is needed to understand the full impact AI is having in software development. </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="576" width="1024" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-contributions-by-type.png?resize=1024%2C576" alt="A line chart showing total open source contributions on GitHub by type from 2022 to 2025. Total contributions increased steadily to about 98.6 million by 2025, with smaller lines representing specific contribution types such as commits, issues, pull requests, and reviews. The chart uses a dark background with bright colored lines and a green total contributions trend." class="wp-image-91485" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-contributions-by-type.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-contributions-by-type.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-contributions-by-type.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-contributions-by-type.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-contributions-by-type.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="jupyter-notebooks-and-dockerfiles-highlight-two-stages-of-modern-development">Jupyter Notebooks and Dockerfiles highlight two stages of modern development</h3>
<p>Notebooks are now a mature tool for experimentation, while Dockerfiles are considered <em>the</em> bridge to reproducibility and production. In 2025, <strong>2.4 million repositories used Notebooks (+75% YoY)</strong> and <strong>1.9 million used Dockerfiles (+120% YoY).</strong> This growth is likely fueled by the need to sandbox agents and LLMs, and containerization is a practical method to run and scale them securely.</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th></th><th><strong>Repositories in 2024</strong></th><th><strong>Repositories in 2025</strong></th><th><strong>Delta</strong></th></tr></thead><tbody><tr><td><strong>Jupyter Notebook present</strong></td><td> 1.4M</td><td><strong>2.42M </strong></td><td>+75%</td></tr><tr><td><strong>Dockerfile present</strong></td><td> 875k</td><td><strong>1.9M</strong></td><td>+120%</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="ai-agents-enter-the-mainstream">AI agents enter the mainstream</h3>
<ul class="wp-block-list">
<li><strong>AI code review</strong> <strong>helps developers. </strong>We <a href="https://github.blog/ai-and-ml/generative-ai/code-review-in-the-age-of-ai-why-developers-will-always-own-the-merge-button/">conducted in-depth interviews with developers about their code review process</a> and found that 72.6% of developers who use Copilot code review said it improved their effectiveness<strong>. </strong></li>
<li><strong>Developers are using AI and agentic tools to build and share their work faster. </strong>Between the total number of developers on GitHub growing in tandem with the release of popular agentic tools and the overall activity increases in languages such as TypeScript and Python, 2025 data shows an increase in rapid prototyping and experimentation. </li>
</ul>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--3" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-what-about-vibe-coding-nbsp" style="margin-top:0">What about vibe coding? </h3>
<p>One notable trend in 2025 was “vibe coding.” <a href="https://x.com/karpathy/status/1886192184808149383?lang=en">First coined by Andrej Karparthy</a>, vibe coding emerged as shorthand for a developer workflow that starts with an idea and jumps straight to a runnable proof-of-concept (often in a single evening, powered by AI autocompletion and copy-pastable cloud tooling). </p>
<p>It might sound playful, but its implications are serious: if AI-assisted tools continue to lower the barrier to entry, we could see programming literacy expand dramatically. We’ll be watching this space for bigger signals in the months and years to come.</p>
</aside>
<h2 class="wp-block-heading" id="h-where-the-world-codes-in-2025">Where the world codes in 2025</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="432" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-where-the-world-codes-top-line-metrics.png?resize=1728%2C432" alt="A graphic showing key 2025 developer population metrics by country: 21.9 million developers in India (up from 4.5 million in 2020, now ranked #2 globally), 6.89 million developers in Brazil (now #4 globally), and 4.37 million developers in Indonesia (up from 0.9 million in 2020). Displayed in three light blue panels with abstract gradient shapes." class="wp-image-91486" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-where-the-world-codes-top-line-metrics.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-where-the-world-codes-top-line-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-where-the-world-codes-top-line-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-where-the-world-codes-top-line-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-where-the-world-codes-top-line-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>The last five years have redrawn not just GitHub’s developer map, but also the distribution of global activity, faster than any period on record.</p>
<h3 class="wp-block-heading" id="a-new-global-top-10">A new global top 10</h3>
<p>India added more than 5.2 million developers in 2025, which accounts for a little over 14% of GitHub’s total +36 million new developers in 2025. That makes India the single largest source of new developers on GitHub this year, continuing its rapid rise since 2020.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1944" height="1094" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-on-github-1.jpeg?resize=1944%2C1094" alt="A chart ranking the top 10 countries by developer population on GitHub from 2020 to 2025. The United States remains #1 with 10.2 million to 28 million developers, followed by India rising to #2 with 4.5 million to 21.9 million. Other countries in the top 10 include China, Brazil, the United Kingdom, Japan, Germany, Indonesia, Russia, and Canada, each showing their five-year growth trends and compound annual growth rates. Displayed on a blue gradient background with abstract ribbon graphics." class="wp-image-92098" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-on-github-1.jpeg?w=1944 1944w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-on-github-1.jpeg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-on-github-1.jpeg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-on-github-1.jpeg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-on-github-1.jpeg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /><figcaption class="wp-element-caption"><em>* Compound annual growth rate (CAGR) computed from raw counts.</em></figcaption></figure>
<h4 class="wp-block-heading" id="h-what-changed">What changed?</h4>
<ul class="wp-block-list">
<li><strong>Significant growth came from India, Brazil, and Indonesia. </strong>These regions combine large, young developer populations with expanding internet access and booming startup ecosystems. Many are also seeing some of the fastest growth in AI-related projects, as local companies adopt new tools to compete globally.</li>
<li>Over the past five years (from 2020 to 2025), India, Brazil, and Indonesia have more than quadrupled the number of developers on the platform; Japan and Germany have more than tripled their developer numbers; and the USA, UK, and Canada have more than doubled the number of developers on the platform.</li>
<li>Brazil, in particular, is benefiting from activity investment in fintech and open banking.</li>
<li><strong>Indonesia</strong> continues to grow with its rise as Southeast Asia’s digital powerhouse (it <a href="https://investinasia.id/blog/indonesia-digital-economy/">accounts for nearly half the region’s online economy</a>!).</li>
</ul>
<h4 class="wp-block-heading" id="regional-growth-snapshots">Regional growth snapshots</h4>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Region</strong></th><th><strong>Stand‑out markets</strong></th><th><strong>2024 to  2025 net new devs</strong></th><th><strong>What’s fueling the boom</strong></th></tr></thead><tbody><tr><td><strong>APAC</strong></td><td>India, Japan, Indonesia, </td><td><strong>+13M</strong></td><td>Government skilling, AI‑assisted local‑language tooling. Japan, in particular, has embraced digital transformation in recent years, leading to a boom in developers. </td></tr><tr><td><strong>LATAM</strong></td><td>Brazil, Mexico, Colombia</td><td><strong>+3.2M</strong></td><td>Remote hiring by US/EU firms, fintech startup density</td></tr><tr><td><strong>Europe</strong></td><td>Germany, United Kingdom, France </td><td><strong>+6.3M</strong></td><td>Cloud infrastructure spend, AI investment, startup‑visa pipelines</td></tr><tr><td><strong>Africa & the Middle East</strong></td><td>Nigeria, Turkey, Egypt</td><td><strong>+3.4M</strong></td><td>Increased mobile adoption, community bootcamps, LLMs that work locally</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="modeling-the-global-developer-landscape-through-2030">Modeling the global developer landscape through 2030</h3>
<p>Looking ahead, our data team modeled the next five years of developer growth using regression analysis, which can help to capture more of the real-world dynamics impacting the data. (You can get more information about this in our methodology section.) </p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-projecting-the-top-developer-populations-2030.png?resize=1728%2C972" alt="A horizontal bar chart projecting the top 10 developer communities on GitHub from 2025 to 2030 using the mean of five forecasting models. India is projected to reach 57.5 million developers, the United States 54.7 million, and Brazil 19.6 million. Other countries shown include China, Japan, the United Kingdom, Germany, Indonesia, Canada, and Egypt. The chart compares current 2025 developer counts in blue with minimum projected growth in green on a dark background." class="wp-image-91490" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-projecting-the-top-developer-populations-2030.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-projecting-the-top-developer-populations-2030.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-projecting-the-top-developer-populations-2030.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-projecting-the-top-developer-populations-2030.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-projecting-the-top-developer-populations-2030.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>The results of our analysis suggest India will continue to expand its lead, reaching <strong>57.5 million developers by 2030,</strong> and accounting for more than one in three of all projected sign ups worldwide. The United States will be the second-largest community with more than 40 million developers expected, while Brazil (19.6M), Japan (11.7M), and the United Kingdom (11M) round out the top five.</p>
<p><strong>Notably, emerging regions across Africa and the Middle East show momentum with Egypt, Nigeria, Kenya, and Morocco all projected to add millions of developers in the coming years</strong>. This points to a developer population that is not only growing but diversifying geographically at unprecedented speed.</p>
<h3 class="wp-block-heading" id="key-takeaways">Key takeaways</h3>
<ul class="wp-block-list">
<li><strong>One in every three</strong> new developers who joined GitHub this year comes from a country that wasn’t in the global top 10 in 2020.</li>
<li><strong>India alone </strong>added the most developers this year of any country, outpacing the US in growth<strong>.</strong></li>
<li><strong>The AI boom is global</strong>: The number of contributors to generative AI projects on GitHub continues to grow fast, and those contributors are working around the world.  </li>
</ul>
<h2 class="wp-block-heading" id="open-source-in-2025-activity-and-influence-in-the-ai-era">Open source in 2025: activity and influence in the AI era</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="432" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-top-metrics.png?resize=1728%2C432" alt="A graphic showing key 2025 open source metrics: 1.128 billion contributions to public and open source repositories (up 13% year over year), 60% of the top 10 projects by contributors are AI focused, and 255,000 new open source contributors in March 2025—the largest month on record. Displayed in three light blue panels with abstract gradient accents." class="wp-image-91492" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-top-metrics.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-top-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-top-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-top-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-top-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Open source development reached record levels this year with <strong>1.12 billion contributions</strong> across public repositories (+13% YoY). March 2025 marked the largest single month of new open source contributors in GitHub history: 255,000 first-timers.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1584" height="891" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-growth-metrics.png?resize=1584%2C891" alt="A side-by-side comparison graphic showing open source growth metrics from 2024 to 2025. Public repositories grew from 330 million to 395 million (+20% year over year), total public and open source contributions increased from around 1 billion to 1.128 billion (+13% YoY), and pull requests merged rose from 402.7 million to 518.7 million (+29% YoY). Displayed on a blue gradient background with colorful geometric icons." class="wp-image-91493" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-growth-metrics.png?w=1584 1584w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-growth-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-growth-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-growth-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-growth-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>In total, 395 million public repositories hosted 1.12 billion contributions and 518.7 million merged pull requests—each a record. </p>
<h3 class="wp-block-heading" id="this-years-fastest%e2%80%91growing-projects-by-contributors">This year’s fastest‑growing projects by contributors</h3>
<p>Six of the 10 fastest-growing repositories were AI infrastructure projects, underscoring demand for runtimes, orchestration, and efficiency tools.</p>
<p>Standards also saw big growth: <a href="https://github.com/modelcontextprotocol/modelcontextprotocol">Model Context Protocol (MCP)</a> hit 37k stars in just eight months, though it’s not on our lists below.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1440" height="810" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-open-source-projects-by-contributors.png?resize=1440%2C810" alt="A table listing the fastest-growing open source projects on GitHub in 2025 by contributors. The top ten are zen-browser/desktop, cline/cline, vllm-project/vllm, astral-sh/uv, microsoft/vscode, infiniflow/ragflow, sgl-project/sglang, continuedev/continue, comfyanonymous/ComfyUI, and home-assistant/core. Growth rates range from 2,301% to 6,836%, with most projects marked as AI-focused. Displayed on a blue gradient background with the GitHub Octoverse ribbon graphic." class="wp-image-91494" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-open-source-projects-by-contributors.png?w=1440 1440w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-open-source-projects-by-contributors.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-open-source-projects-by-contributors.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-open-source-projects-by-contributors.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="the-top-open-source-projects-by-contributors">The top open source projects by contributors</h3>
<p>2025’s top projects split between AI infrastructure (vllm, ollama, huggingface/transformers) and enduring ecosystems (vscode, godot, home-assistant).</p>
<ul class="wp-block-list">
<li>On one side, projects like <strong>vllm</strong>, <strong>ollama</strong>, <strong>ragflow</strong>, <strong>llama.cpp</strong>, and <strong>huggingface/transformers</strong> dominate, confirming that contributors are investing in the foundation layers of AI—model runtimes, inference engines, and orchestration frameworks.</li>
<li>On the other side, mainstay ecosystems such as <strong>vscode</strong>, <strong>godot</strong>, <strong>expo</strong>, and <strong>home-assistant</strong> continue to attract steady contributor bases, showing that open source momentum extends well beyond AI.</li>
</ul>
<p><strong>The takeaway</strong>? AI infrastructure is emerging as a major magnet, but developer ecosystems remain strong.</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Rank</strong></th><th><strong>Repository</strong></th><th><strong>Short description</strong></th></tr></thead><tbody><tr><td>1</td><td><a href="https://github.com/vllm-project/vllm">vllm-project/vllm</a></td><td>High-throughput LLM inference engine</td></tr><tr><td>2</td><td><a href="https://github.com/microsoft/vscode">microsoft/vscode</a></td><td>Widely used open source code editor</td></tr><tr><td>3</td><td><a href="https://github.com/openai/codex">openai/codex</a></td><td>Lightweight coding agent that runs in the terminal</td></tr><tr><td>4</td><td><a href="https://github.com/huggingface/transformers">huggingface/transformers</a></td><td>Core library for model loading & fine-tuning</td></tr><tr><td>5</td><td><a href="https://github.com/godotengine/godot">godotengine/godot</a></td><td>Game engine for 2D/3D development</td></tr><tr><td>6</td><td><a href="https://github.com/home-assistant/core">home-assistant/core</a></td><td>Open source smart-home hub</td></tr><tr><td>7</td><td><a href="https://github.com/ollama/ollama">ollama/ollama</a></td><td>Local model runner and management tool</td></tr><tr><td>8</td><td><a href="https://github.com/ggml-org/llama.cpp">ggml-org/llama.cpp</a></td><td>Lightweight local Llama inference</td></tr><tr><td>9</td><td><a href="https://github.com/volcengine/verl">volcengine/verl</a></td><td>LLM deployment & serving framework</td></tr><tr><td>10</td><td><a href="https://github.com/expo/expo">expo/expo</a></td><td>React Native toolkit for mobile apps</td></tr></tbody></table></figure>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="The human side of Octoverse 2025: Insights on open source" width="500" height="281" src="https://www.youtube.com/embed/jV570EFcC9o?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h3 class="wp-block-heading" id="the-fastest-growing-projects-by-contributors-show-ais-impact-along-with-evergreen-and-utility-projects">The fastest-growing projects by contributors show AI’s impact along with evergreen and utility projects</h3>
<p><strong>We see a mix of projects driving the fastest growth</strong>. zen-browser/desktop leads the pack, with fast-rising, AI-focused projects like vllm-project/vllm, continue-dev/continue, ollama/ollama, and Aider-AI/aider showing the pull of local inference, coding agents, and model runners.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-projects-by-contributors-2.png?resize=1728%2C972" alt="A horizontal bar chart showing the fastest-growing open source projects on GitHub in 2025 by contributor growth. The top projects are zen-browser/desktop, cline/cline, vllm-project/vllm, astral-sh/uv, microsoft/vscode, infiniflow/ragflow, sgl-project/sglang, continuedev/continue, comfyanonymous/ComfyUI, and home-assistant/core. Zen Browser leads with the highest percentage growth, followed by Cline and vLLM. The chart uses bright colored bars on a dark background beside a blue gradient title panel." class="wp-image-91496" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-projects-by-contributors-2.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-projects-by-contributors-2.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-projects-by-contributors-2.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-projects-by-contributors-2.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-fastest-growing-projects-by-contributors-2.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>Growth in open source is broad. </strong>AI infrastructure projects are prominent among top-growth repositories. When we zoom out to the top 20 projects (not all of these are captured in our above graphic), we see a few things at play: </p>
<ol class="wp-block-list">
<li><strong>Reproducibility and dependency hygiene are hot. </strong>The rise of astral-sh/uv and NixOS/nixpkgs points to a hunger for deterministic builds, faster installs, and less “works on my machine.”</li>
<li><strong>Performance-centric developer tools win attention.</strong> Ghostty, Tailwind CSS, and uv are all about speed, tight feedback loops, and minimal friction.</li>
<li><strong>Developers are contributing to projects that emphasize privacy and control.</strong> Zen Browser and Clash-Verge reflect interest in privacy, content control, and routing around networks.</li>
<li><strong>Open source social media continues to grow.</strong> As one of the biggest social projects, Bluesky’s momentum suggests developers are still investing in open protocols and portable identity.</li>
</ol>
<h3 class="wp-block-heading" id="ai-tinkering-and-frontend-projects-attract-first-time-contributors">AI, tinkering, and frontend projects attract first-time contributors</h3>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1944" height="1094" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-projects-attracting-most-first-time-contributors.jpg?resize=1944%2C1094" alt="A chart showing the open source projects that attracted the most first-time contributors on GitHub in 2025. The top ten are microsoft/vscode, firstcontributions/first-contributions, home-assistant/core, slackblitz/bolt.new, flutter/flutter, zen-browser/desktop, is-a-dev/register, vllm-project/vllm, comfyanonymous/ComfyUI, and ollama/ollama. Displayed on a blue gradient background with green 3D ribbon graphics." class="wp-image-91623" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-projects-attracting-most-first-time-contributors.jpg?w=1944 1944w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-projects-attracting-most-first-time-contributors.jpg?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-projects-attracting-most-first-time-contributors.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-projects-attracting-most-first-time-contributors.jpg?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-open-source-projects-attracting-most-first-time-contributors.jpg?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Nearly 20% of the most popular open source projects among first-time contributors in 2025 were AI-focused. But we’re also seeing other project types capture mindshare among developers who are new to open source. </p>
<ul class="wp-block-list">
<li><strong>Most of the most popular projects sit firmly in AI infrastructure. </strong>Repositories like ollama/ollama, comfyanonymous/ComfyUI, and ultralytics/ultralytics appear prominently, confirming that newcomers want to experiment with models, create local runners, or build pipelines.</li>
<li><strong>Major platforms bring visibility. </strong>microsoft/vscode shows up as one of the top destinations for first-time contributors, underscoring the pull of widely used developer tools and the scale of contribution opportunities within them.</li>
<li><strong>firstcontributions/first-contributions exist almost entirely to help people submit their first pull request</strong>. Their year-over-year presence says first-timers still need and seek low-friction practice sandboxes.</li>
<li><strong>Smart-home, mobile, and game-dev ecosystems attract newcomers.</strong> Smart-home (home-assistant/core), mobile (flutter/flutter, expo/expo), game-dev (godotengine/godot), and 3D printing (bambulab/BambuStudio) rank closely behind the learning repositories. These ecosystems offer visible results on day one, which is perfect for those who want to “learn by doing.”</li>
</ul>
<p><strong>Frontend and dev tool projects also light up.</strong> shadcn/ui and uBlockOrigin/uAssets show that CSS, UI, and browser tooling remain magnets for fresh contributors.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--4" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-ai-native-vs-evergreen-ecosystems" style="margin-top:0">AI‑native vs. evergreen ecosystems</h3>
<ul class="wp-block-list">
<li><strong>AI podium.</strong> Six of the overall top 10 projects by <em>total</em> contributors are AI‑centric (vllm, huggingface/transformers, modelcontextprotocol/servers, llama.cpp, etc.). They averaged <strong>+150 %</strong> contributor growth YoY—triple the OSS median.</li>
<li><strong>Evergreen pull.</strong> Internet of things (home‑assistant), game development (godotengine/godot), and the Python language itself (cpython) still add thousands of contributors per quarter.</li>
</ul>
</aside>
<h3 class="wp-block-heading" id="h-the-global-landscape-in-open-source-activity">The global landscape in open source activity</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="576" width="1024" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-by-contributors-contributions-open-source.png?resize=1024%2C576" alt="A chart showing the top 10 countries on GitHub in 2025 by contributors and by total contributions to public repositories. India ranks first for contributors, followed by the United States and Brazil, while the United States ranks first for contributions, followed by India and Brazil. Other countries in the top 10 include Indonesia, Germany, the United Kingdom, Korea, France, Canada, Japan, and Russia. Displayed on a blue and green gradient background with 3D geometric ribbon shapes." class="wp-image-91499" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-by-contributors-contributions-open-source.png?w=1584 1584w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-by-contributors-contributions-open-source.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-by-contributors-contributions-open-source.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-by-contributors-contributions-open-source.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-10-countries-by-contributors-contributions-open-source.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<ul class="wp-block-list">
<li><strong>India now has the largest public and open source contributor base in the world.</strong> This reflects both the country’s booming developer population and its increasing role in OSS adoption.</li>
<li><strong>The U.S. continues to lead in contributions.</strong> Despite having fewer contributors, U.S.-based developers contributed more to public and open source projects on GitHub. This suggests higher per-developer activity.</li>
<li><strong>Brazil, Indonesia, and Germany round out the next tier.</strong> Brazil contributes both strong headcount and volume, while Indonesia enters the top 5 for contributors, showing how emerging regions are shaping OSS.</li>
</ul>
<h3 class="wp-block-heading" id="community-health-governance-isnt-keeping-pace-with-developer-activity">Community health: Governance isn’t keeping pace with developer activity</h3>
<p>Governance is not keeping pace with velocity. This gap presents an opportunity for developers, organizations, and companies to contribute documentation as well as code. </p>
<ul class="wp-block-list">
<li><strong>README reach:</strong> ~63% of public repositories include a README, holding steady year over year. </li>
<li><strong>Contributor guides:</strong> At <strong>5.5%</strong>, contributor guides remain an ecosystem-wide opportunity as the number of first-time contributors increases.</li>
<li><strong>Codes of Conduct:</strong> 2% penetration; governance still lags growth.</li>
</ul>
<p>Key repository files like README or a LICENSE file are more than formalities. They’re foundational to scaling inclusive, legal, secure, and sustainable collaboration. This <a href="https://github.blog/enterprise-software/collaboration/a-checklist-and-guide-to-get-your-repository-collaboration-ready/">guide to getting your repository collaboration-ready</a> shares what documentation is most important for fostering a sense of shared ownership.</p>
<h3 class="wp-block-heading" id="key-takeaways-for-2025">Key takeaways for 2025</h3>
<ul class="wp-block-list">
<li><strong>395M</strong> public and open source repositories (+19% YoY)</li>
<li><strong>1.12B</strong> public and open source contributions (+13% YoY)</li>
<li><strong>518.7M</strong> pull requests merged (+29% YoY)</li>
<li><strong>60%</strong> of top 10 open source projects by contributors are AI‑focused</li>
<li>Only <strong>1 in 50</strong> repositories ships with a Code of Conduct</li>
</ul>
<h2 class="wp-block-heading" id="security-from-shift-left-to-secure-by-default">Security: from “shift left” to secure by default</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="432" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-security-top-metrics.png?resize=1728%2C432" alt="A graphic highlighting three key 2025 security metrics on GitHub: 846,000 repositories now have Dependabot configured (up 137% year over year), 151,000 repositories flagged with broken access control (up 172% YoY, now the top CodeQL alert), and a 30% faster rate for fixing critical severity vulnerabilities. Displayed in three light blue panels with abstract gradient design elements." class="wp-image-91500" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-security-top-metrics.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-security-top-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-security-top-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-security-top-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-security-top-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Average fix times for critical severity vulnerabilities have improved by 30% over the past year, as remediation is beginning to keep pace with faster software development. </p>
<p><strong>Automation is driving this acceleration</strong>. Dependabot usage more than doubled (846k projects, +137% YoY), and AI tools like Copilot Autofix are resolving <a href="https://owasp.org/www-project-top-ten/">common OWASP Top 10</a> issues across thousands of repositories every month. This is underscored by the fact that in 2025, 26% fewer repositories received critical alerts through a combination of increased automation and AI usage. </p>
<p>At the same time, new risks are emerging. Broken Access Control overtook Injection as the most common CodeQL alert, flagged in <strong>151k+ repositories (+172% YoY).</strong> Much of this stems from misconfigured permissions in CI/CD pipelines and AI-generated scaffolds that skip critical auth checks (GitHub’s engineers <a href="https://github.blog/security/web-application-security/inside-github-how-we-hardened-our-saml-implementation/">published a walkthrough of how they improved their SAML authentication flow</a>, which offers some valuable lessons). </p>
<h3 class="wp-block-heading" id="automation-is-working-until-the-merge-queue-stalls">Automation is working (until the merge queue stalls)</h3>
<p><strong>Developers are automating more build, test, and security activity.</strong> In 2025, we saw developers use 11.5 billion total GitHub Actions minutes (measured in CPU minutes) in public projects for free. That’s up 35% year over year from 8.5 billion GitHub Actions in 2024. Note: in last year’s report, we included GitHub Actions minutes across public projects and self-hosted usage. If we use the same rubric this year, 13.5 billion minutes were used, which is up 30% from last year.</p>
<p><strong>Automation raises fixes quickly, but merges still stall when approval depends on humans or policy.</strong> Projects that configure Dependabot with auto-merge rules remediate vulnerabilities more consistently than those relying solely on manual review.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1440" height="810" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-dependabot-metrics.png?resize=1440%2C810" alt="A graphic showing Dependabot activity on GitHub from 2023 to 2025. Dependabot pull requests opened peaked at 57.74 million in 2023, then were 39.91 million in 2024 and 40.15 million in 2025. Dependabot pull requests merged rose from 12.15 million in 2023 to a high of 15.39 million in 2024, then slightly decreased to 14.17 million in 2025. Displayed on a blue gradient background with abstract geometric icons." class="wp-image-91501" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-dependabot-metrics.png?w=1440 1440w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-dependabot-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-dependabot-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-dependabot-metrics.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<ul class="wp-block-list">
<li><strong>We saw a peak of more than 12M Dependabot alerts in December 2022</strong>, which came a year after the Log4Shell vulnerability and immediately after key vulnerabilities in OpenSSL.</li>
<li>Monthly openings have since settled near the 3-4M range, but merges hover around 1M. <strong>Only ~1 in 3 fixes ships</strong> within the same month it’s proposed.</li>
<li><strong>Security alerts follow the same pattern</strong>: brief spikes when new CVEs land, then a long tail of unresolved notifications (a number of which are likely attributable to zombie projects that are no longer maintained).</li>
</ul>
<h3 class="wp-block-heading" id="faster-fix-times">Faster fix times</h3>
<p>In 2025, we saw 30% faster fixes of critical severity vulnerabilities with 26% fewer repositories receiving critical alerts. And this acceleration is happening at scale with the average fix time shrinking from 37 to 26 days in total.  </p>
<h3 class="wp-block-heading" id="configuring-and-codifying-security">Configuring and codifying security</h3>
<p>Repositories that define Dependabot behavior in <code>dependabot.yml</code> more than doubled this year (<strong>846k, +137% YoY</strong>), marking a shift from “notify me” to <strong>“patch me automatically, within guardrails.”</strong></p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Signal</strong></th><th><strong>2024 (cumulative)</strong></th><th><strong>2025  (cumulative)</strong></th><th><strong>YoY</strong></th></tr></thead><tbody><tr><td>Repositories with <strong><code>dependabot.yml</code></strong></td><td>356k</td><td><strong>846k</strong></td><td>+137%</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="h-codeql-in-2025-broken-access-control-vulnerabilities-spike">CodeQL in 2025: Broken access control vulnerabilities spike</h3>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-vulnerability-types-codeql.png?resize=1728%2C972" alt="A line chart showing the most common types of vulnerabilities detected by GitHub CodeQL from 2022 to 2025. Broken Access Control leads with a sharp rise in 2025, followed by increases in Insecure Design, Security Misconfiguration, and Software and Data Integrity Failures. The chart tracks the number of distinct repositories alerted for each vulnerability type, with Broken Access Control surpassing 30,000 by 2025. Displayed on a dark background with bright multicolored lines." class="wp-image-91503" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-vulnerability-types-codeql.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-vulnerability-types-codeql.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-vulnerability-types-codeql.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-vulnerability-types-codeql.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-vulnerability-types-codeql.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Broken Access Control overcame Injection to become the top CodeQL alert, flagged in 151k+ repositories. New CodeQL coverage for GitHub Actions revealed widespread misconfigured permissions and token scopes.</p>
<p>This points to a broader issue: <strong>authentication and authorization remain difficult for both developers and LLMs.</strong> Injection still dominates JavaScript, but Broken Access Control now leads in Python, Go, Java, and C++ (languages where AI-assisted “vibe coding” sometimes scaffolds endpoints that look correct but lack critical auth checks).</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-common-vulnerabilities-in-github-actions-codeql.png?resize=1728%2C972" alt="A line chart showing the most common types of vulnerabilities detected by GitHub CodeQL from 2022 to 2025. Broken Access Control leads with a sharp rise in 2025, followed by increases in Insecure Design, Security Misconfiguration, and Software and Data Integrity Failures. The chart tracks the number of distinct repositories alerted for each vulnerability type, with Broken Access Control surpassing 30,000 by 2025. Displayed on a dark background with bright multicolored lines." class="wp-image-91505" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-common-vulnerabilities-in-github-actions-codeql.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-common-vulnerabilities-in-github-actions-codeql.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-common-vulnerabilities-in-github-actions-codeql.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-common-vulnerabilities-in-github-actions-codeql.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-common-vulnerabilities-in-github-actions-codeql.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>That same category became the fastest-growing target for Copilot Autofix.</strong> By mid-2025, developers were accepting AI-generated fixes for Broken Access Control in 6,000+ repositories per month. Autofix also gained traction for Injection (3,100 projects), Insecure Design (2,300 projects), and Logging/Monitoring failures (3,500 projects).</p>
<p><strong>OpenSSF Scorecard status</strong>: 47 of the top 50 open source projects (94%) defined by their Mona ranking (combined ranking of stars, forks, and issue authors) now use the <a href="https://github.com/ossf/scorecard">OpenSSF Scorecard</a> via GitHub Actions or are independently scanned, bringing real-time checks for security best practices. </p>
<h2 class="wp-block-heading" id="the-top-programming-languages-of-2025-typescript-jumps-to-1-while-python-takes-2">The top programming languages of 2025: TypeScript jumps to #1 while Python takes #2</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="432" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages-metrics.png?resize=1728%2C432" alt="A graphic highlighting the top programming language trends on GitHub in 2025. TypeScript gained over 1 million contributors (+66% year over year), overtaking Python and JavaScript. Python added 850,000 contributors (+48% YoY), and JavaScript grew by 427,000 contributors (+24.79% YoY). Displayed in three light blue panels with abstract gradient shapes.”" class="wp-image-91508" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages-metrics.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>By GitHub contributor counts, August 2025 marks the first time TypeScript emerged as the most used language on GitHub, surpassing Python by ~42k contributors </strong>(other industry indices use different methodologies and may still rank JavaScript and Python higher). This caps a decade-long trend of developers shifting toward typed JavaScript and signals a new default for modern development.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--5" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-methodology-note" style="margin-top:0">Methodology note</h3>
<p>Unless otherwise specified, year-over-year growth rates throughout this section reflect <strong>August 2025 vs. August 2024</strong>, a same-month year-over-year comparison used to control for seasonality in monthly contributor counts.</p>
</aside>
<ul class="wp-block-list">
<li><strong>TypeScript</strong> grew by over 1 million contributors in 2025 (+66% YoY), driven by frameworks that scaffold projects in TypeScript by default and by AI-assisted development that benefits from stricter type systems.</li>
<li><strong>Python</strong> remains dominant in AI and data science with 2.6 million contributors (+48% YoY). Jupyter Notebook remains the go-to exploratory environment for AI (≈403k repositories; <strong>+17.8% YoY</strong> inside AI-tagged projects).</li>
<li><strong>JavaScript</strong> is still massive (2.15M contributors), but its growth slowed as developers shifted toward TypeScript.</li>
</ul>
<p>Together, TypeScript and Python now account for more than 5.2 million contributors (roughly 3% of all active GitHub developers in August 2025). The rise of typed languages suggests AI isn’t just changing the speed of coding, but also influencing which languages teams trust to take AI-generated code into production.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="The future of coding: Idan Gazit breaks down Octoverse 2025" width="500" height="281" src="https://www.youtube.com/embed/MQOaBXwRfYo?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h3 class="wp-block-heading" id="what-changed-in-2025">What changed in 2025</h3>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Rank 2025</strong></th><th><strong>Language</strong></th><th><strong>YoY contributor gain</strong></th><th><strong>YoY % growth (Aug 2024 vs. Aug 2025)</strong></th><th><strong>Big takeaway</strong></th></tr></thead><tbody><tr><td><strong>1</strong></td><td><strong>TypeScript</strong></td><td><strong>~1,054,015</strong></td><td><strong>66.63%</strong></td><td>TypeScript overtook Python and JavaScript for #1 growth, showing its dominance in new green-field development.</td></tr><tr><td><strong>2</strong></td><td><strong>Python</strong></td><td><strong>~850,579</strong></td><td><strong>48.78%</strong></td><td>Considered the lingua franca of AI and ML, Python’s usage has increased significantly amidst generative AI work. </td></tr><tr><td><strong>3</strong></td><td><strong>JavaScript</strong></td><td><strong>~427,148</strong></td><td><strong>24.79%</strong></td><td>Still massive in scale, but more incremental growth as usage shifts toward TypeScript.</td></tr><tr><td><strong>4</strong></td><td><strong>Java</strong></td><td><strong>~174,705</strong></td><td><strong>20.73%</strong></td><td>Java continues its steady enterprise-driven growth.</td></tr><tr><td><strong>5</strong></td><td><strong>C#</strong></td><td><strong>~136,735 </strong></td><td><strong>22.22%</strong></td><td>Cloud, desktop, and game dev keep momentum for C#.</td></tr></tbody></table></figure>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages.png?resize=1728%2C972" alt="A chart showing the top 10 programming languages on GitHub from 2023 to 2025. TypeScript rises to #1 in 2025, overtaking Python and JavaScript, which move to #2 and #3 respectively. Other top languages include Java, C#, PHP, Shell, C++, HCL, and Go. The chart tracks ranking changes over time on a dark background with colored lines representing each language." class="wp-image-91509" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-top-programming-languages.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>Python still trails the combined JavaScript and TypeScript ecosystem</strong>, a continuation of last year’s trend that highlights just how large the typed and untyped JavaScript community remains. </p>
<p>But starting in 2025, <strong>Python’s growth curve began to track almost identically in parallel with JavaScript and TypeScript</strong>, suggesting that AI adoption is influencing language choice across these ecosystems.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-js-ts-combined-usage.png?resize=1728%2C972" alt="A line chart showing combined usage of JavaScript and TypeScript compared to Python, Java, and C# from 2023 to 2025. JavaScript and TypeScript lead with over 4.5 million users by 2025, followed by Python with about 3 million, and smaller but steady usage for Java and C#. The chart has a dark background with colored lines and the title ‘JavaScript & TypeScript have the largest combined usage.’" class="wp-image-91510" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-js-ts-combined-usage.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-js-ts-combined-usage.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-js-ts-combined-usage.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-js-ts-combined-usage.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-js-ts-combined-usage.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h4 class="wp-block-heading" id="what-else-were-seeing">What else we’re seeing</h4>
<ul class="wp-block-list">
<li><strong>Python dominates AI projects.</strong> It remains the clear leader inside AI-tagged repositories, where Jupyter Notebook usage nearly doubled in 2025 offering evidence of its role as the go-to language for prototyping, training, and orchestrating AI workloads.</li>
<li><strong>Typed > loosely typed.</strong> TypeScript’s growth confirms our 2024 observation: much of what was previously counted as “JavaScript” activity already came through TypeScript transpilation pipelines. The data shows typed languages are increasingly becoming the default.</li>
<li><strong>Enterprise stacks endure.</strong> Java and C# each added over 100k contributors this year, showing steady growth across large enterprise and game-dev environments even as AI reshapes the landscape.</li>
<li><strong>Legacy experiments emerge.</strong> COBOL appeared in our dataset with nearly 3,000 active developers—likely driven by organizations and hobbyists creating AI-assisted tutorial repositories aimed at modernizing legacy codebases.</li>
</ul>
<h3 class="wp-block-heading" id="the-fastest-growing-languages-by-percentage-growth">The fastest-growing languages by percentage growth</h3>
<p>The following languages may not have the biggest developer communities behind them, but each has at least 1,000 monthly contributors and they’re posting the fastest year-over-year growth rates on GitHub. </p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Language</strong></th><th><strong>Current developer count</strong></th><th><strong>YoY %</strong></th><th><strong>Why it’s hot</strong></th></tr></thead><tbody><tr><td><strong>Luau</strong></td><td>>3,600</td><td>>194%</td><td>Luau is Roblox’s scripting language and a <em>gradually typed</em> language, reflecting a broader industry trend toward typed flexibility. </td></tr><tr><td><strong>Typst</strong></td><td>>3,600</td><td>>108%</td><td>As a <strong>modern LaTeX alternative</strong>, Typst aims to make academic and technical publishing faster, less cryptic, and more collaborative.</td></tr><tr><td><strong>Astro</strong></td><td>>45,600</td><td>>78%</td><td>Astro’s “islands architecture” and focus on shipping zero-JavaScript by default resonate with developers building fast, content-heavy sites (we <a href="https://github.com/github-linguist/linguist/issues/5459">added Astro to Linguist in 2021</a>, which is our source for languages).</td></tr><tr><td><strong>Blade</strong></td><td>>91,100</td><td>>67%</td><td>As <strong>Laravel’s templating engine</strong>, Blade rides on Laravel’s continued dominance in PHP web development.</td></tr><tr><td><strong>TypeScript</strong></td><td>>2,600,000</td><td>>67%</td><td><strong>Offering type safety for the JavaScript world</strong>, TypeScript’s combination of JavaScript ubiquity and type safety is compelling for both greenfield and legacy projects (plus, its types work well with AI coding tools).</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="core-stacks-for-new-projects-built-in-the-last-12-months">Core stacks for new projects built in the last 12 months</h3>
<p>Nearly 80% of new repositories used just six languages: <strong>Python, JavaScript, TypeScript, Java, C++, and C#.</strong> These core languages anchor most modern development.</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Language</strong></th><th><strong>Total repositories (Sep 2024-Aug 2025) </strong></th><th><strong>Growth (Jan-Aug 2025 vs. Jan-Aug 2024) </strong></th><th><strong>What this growth tells us</strong></th></tr></thead><tbody><tr><td><strong>Python</strong></td><td>9,261,587</td><td><strong>53.41%</strong></td><td>AI’s default glue with growth driven by ML, agents, notebooks, and orchestration.</td></tr><tr><td><strong>JavaScript</strong></td><td>9,345,046</td><td><strong>14.57%</strong></td><td>Still ubiquitous for scripts and web apps, though growth is slower as TypeScript gains share.</td></tr><tr><td><strong>TypeScript</strong></td><td>5,394,256</td><td><strong>78.10%</strong></td><td>Typed standard for modern web dev. Ideal for safe API/SDK integration, especially with AI.</td></tr><tr><td><strong>Java</strong></td><td>3,520,215</td><td><strong>9.35%</strong></td><td>Reliable enterprise and backend workhorse. Gradual AI integration without language churn.</td></tr><tr><td><strong>C++</strong></td><td>1,701,552</td><td><strong>11.82%</strong></td><td>Performance-critical workloads used in game engines, inference, and embedded systems supporting AI.</td></tr><tr><td><strong>C#</strong></td><td>1,478,463</td><td><strong>10.61%</strong></td><td>Steady enterprise and game dev usage, with AI capabilities folded into established ecosystems.</td></tr></tbody></table></figure>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-repos-built-in-the-last-12-months.png?resize=1728%2C972" alt="A horizontal bar chart showing the most common programming languages in GitHub projects created in 2025, comparing year-over-year growth from August 2024 to August 2025. JavaScript leads with 9.3 million repositories (+14.57% YoY), followed by Python with 9.26 million (+53.41%), TypeScript with 5.39 million (+78.10%), Java with 3.52 million (+9.35%), C++ with 1.7 million (+11.82%), and C# with 1.48 million (+10.61%). The chart features bright color bars on a dark background with gradient ribbons on the left." class="wp-image-91511" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-repos-built-in-the-last-12-months.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-repos-built-in-the-last-12-months.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-repos-built-in-the-last-12-months.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-repos-built-in-the-last-12-months.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-repos-built-in-the-last-12-months.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>Additional insights: </strong></p>
<ul class="wp-block-list">
<li><strong>Experimentation is becoming more common. </strong>Though not a language, Jupyter Notebooks grew 24.5% YoY, with exploratory LLM experiments and data analysis now generating new standalone repos rather than remaining siloed in monorepos.</li>
<li><strong>Performance and systems languages are rising with AI (but not evenly). </strong>C grew ~20.9% YoY and C++ grew ~11.8% YoY, reflecting demand for faster runtimes, inference engines, and hardware-optimized loops.</li>
<li><strong>.NET stays strong. </strong>C# grew ~10.6% YoY, consistent with enterprise and game/tooling ecosystems. This suggests AI features are being integrated into existing .NET workflows rather than driving a wholesale language shift.</li>
</ul>
<h3 class="wp-block-heading" id="the-languages-powering-ai-development">The languages powering AI development</h3>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1440" height="810" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-ai-projects.png?resize=1440%2C810" alt="A chart listing the most commonly used programming languages in AI-tagged projects on GitHub in 2025. Python ranks first with 582,000 repositories (+50.7% year over year), followed by JavaScript with 88,000 (+24.8%), TypeScript with 86,000 (+77.9%), Shell with 9,000 (+324%), and C++ with 7,800 (+11%). The chart includes brief descriptions of each language’s role in AI development, displayed on a blue gradient background with green geometric ribbon graphics." class="wp-image-91512" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-ai-projects.png?w=1440 1440w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-ai-projects.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-ai-projects.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-languages-in-ai-projects.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>Python and Jupyter Notebook continue to anchor new AI projects, but the story this year is Python’s growth.</strong> Python now powers nearly half of all new AI repositories (<strong>582,196; +50.7% YoY</strong>), underscoring its role as the backbone of applied AI work, from training and inference to orchestration and deployment. Jupyter Notebook remains the go-to exploratory environment for experimentation (<strong>402,643; +17.8% YoY</strong>), but the shift toward Python codebases signals more projects moving out of prototypes and into production stacks.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-code-environments-in-ai-projects.png?resize=1728%2C972" alt="A line chart showing the most common code environments used in AI projects on GitHub from 2022 to 2025. Python leads sharply with over 110,000 users by 2025, followed by Jupyter Notebooks with around 50,000 users. TypeScript and JavaScript trail behind but show gradual growth. The chart uses colored lines—blue for Python, green for Jupyter Notebooks, yellow for TypeScript, and pink for JavaScript—on a dark background with a blue gradient graphic on the left." class="wp-image-91514" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-code-environments-in-ai-projects.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-code-environments-in-ai-projects.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-code-environments-in-ai-projects.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-code-environments-in-ai-projects.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-most-common-code-environments-in-ai-projects.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Front-end and app-layer languages grew sharply from smaller bases—<strong>TypeScript +77.9% (85,746)</strong> and <strong>JavaScript +24.8% (88,023)</strong>—mirroring the rise of demos, dashboards, and lightweight apps built around model endpoints. <strong>Shell scripts (+324%)</strong> emerged as the fastest riser, reflecting how teams codify eval harnesses, data prep, and deployment pipelines. And <strong>C++ crossed 7,800 repos (+11%)</strong>, a steady reminder of its role in performance-critical inference engines, runtimes, and hardware-close systems.</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--6" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-why-typescript-won-in-2025" style="margin-top:0">Why TypeScript won in 2025</h3>
<ul class="wp-block-list">
<li><strong>By the numbers. </strong>TypeScript finished #1 on GitHub in August 2025 with 2,636,006 monthly contributors (+1.05M YoY; +66.6%) and led new repositories. </li>
<li><strong>Typed contracts scale AI-assisted teams.</strong> Type systems reduce ambiguity and catch LLM errors before production.</li>
<li><strong>Frameworks ship with TypeScript by default. </strong>Next.js 15, Astro 3, SvelteKit 2, Qwik, SolidStart, Angular 18, and Remix all generate a TypeScript codebase by default (npm create, pnpm dlx, or bunx create). </li>
<li><strong>Typed systems help identify LLM-generated compile errors earlier in the pipeline. </strong>A <a href="https://arxiv.org/pdf/2504.09246?utm_source=chatgpt.com">2025 academic study found 94% of LLM-generated compilation errors</a> were type-check failures. </li>
<li><strong>Low barrier to entry. </strong>Tooling like Vite, ts-node, Bun, and IDE autoconfig hide boilerplate, so junior devs can spin up typed stacks quickly.</li>
</ul>
</aside>
<h2 class="wp-block-heading" id="h-generative-ai-and-agentic-workflows-become-ordinary-engineering">Generative AI and agentic workflows become ordinary engineering</h2>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="432" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-generative-ai-top-metrics.png?resize=1728%2C432" alt="A graphic highlighting three key metrics from the generative AI section of the 2025 Octoverse report. It shows 4.3 million AI-related repositories (nearly doubled since 2023), 1.1 million public repositories importing LLM SDKs (+178% year over year), and 1.9 million average monthly contributions to AI projects (+76% YoY). Displayed in three pastel blue panels with abstract gradient shapes." class="wp-image-91516" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-generative-ai-top-metrics.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-generative-ai-top-metrics.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-generative-ai-top-metrics.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-generative-ai-top-metrics.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-generative-ai-top-metrics.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Last year we saw AI move from experiment to mainstream. In 2025, it became part of the everyday workflow. And no matter what tool developers used over the last 12 months, their work converged on GitHub. </p>
<ul class="wp-block-list">
<li><strong>AI-related repositories on GitHub now exceed 4.3 million, </strong>nearly doubling in less than two years.</li>
<li><strong>Roughly 80% of new GitHub users tried Copilot within their first week, </strong>showing that AI is no longer an advanced tool to grow into, but part of the default developer experience.</li>
</ul>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-growth-in-number-of-contributors-to-genAI-projects.png?resize=1728%2C972" alt="A chart titled ‘Growth in contributors to generative AI projects,’ showing a sharp rise in distinct contributors from January 2024 through mid-2025. The green area graph peaks above 200,000 contributors by late 2025, indicating rapid growth in participation. The design features a dark graph background with bright green gradient fill and geometric gradient ribbons on the left." class="wp-image-91521" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-growth-in-number-of-contributors-to-genAI-projects.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-growth-in-number-of-contributors-to-genAI-projects.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-growth-in-number-of-contributors-to-genAI-projects.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-growth-in-number-of-contributors-to-genAI-projects.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-growth-in-number-of-contributors-to-genAI-projects.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p>Monthly contributors to generative-AI projects climbed sharply across our measurement year. From September 2024 through August 2025, months averaged ~151k contributors (median ~160k). Activity rose from ~86k in January 2025 to a peak of 206,830 in May (+132% YoY vs. May 2024). It then held near ~200k through the summer. On a like-for-like basis, Jan–Aug 2025 averaged ~175k contributors, up +108% YoY vs. Jan–Aug 2024 (~84k), indicating a durable step-change rather than a one-off spike.</p>
<p><strong>Key takeaways: </strong></p>
<ul class="wp-block-list">
<li><strong>Generative AI is becoming infrastructure.</strong> More than 1.1M public repositories now import an LLM SDK (+178% YoY, August ‘25 vs. August ‘24), supported by 1.05M+ contributors and 1.75M monthly commits (+4.8X since 2023). </li>
<li><strong>Growth surged early in the calendar year, then normalized as projects shifted from experimentation to shipping.</strong> Contributors ran +100-118% YoY from Feb-May 2025, then cooled to +31% (Jun), +11% (Jul), and -3% (Aug) as teams focused on shipping vs. experimenting. </li>
<li><strong>AI in open source.</strong> Half (50%) of open source projects have at least one maintainer using <a href="https://github.com/features/copilot?utm_source=octoverse-copilot-cta&utm_medium=octoverse&utm_campaign=universe25">GitHub Copilot</a>.</li>
<li><strong>Early evidence of a prototype-to-production pivot.</strong> Python-based code accelerated mid-2025 while Notebook growth flattened—signaling packaging into production. (By year’s end, Notebooks rebounded, keeping pace with Python.)</li>
</ul>
<h3 class="wp-block-heading" id="h-strong-signals-of-mainstream-appeal-nbsp">Strong signals of mainstream appeal </h3>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th></th><th><strong>Data point</strong></th><th><strong>Why it matters</strong></th></tr></thead><tbody><tr><td><strong>178% YoY increase in projects that import an LLM SDK</strong></td><td><strong>1.13M+</strong> public repositories now import an LLM SDK; <strong>693k+</strong> were created in the last 12 months alone.</td><td>Growth rates indicate a shift from early experimentation to sustained building.</td></tr><tr><td><strong>Contributors up >3X since 2023</strong></td><td>Monthly distinct contributors to AI repos rose from 68k (Jan 2024) to ~200k (Aug 2025). August 2025 is up 111% YoY vs. August 2024.</td><td>AI work is no longer the domain of specialists.</td></tr><tr><td><strong>Monthly contributions near 6M</strong></td><td>Monthly <strong>commits/contributions</strong> to AI projects reached <strong>~6.0M (Aug 2025)</strong> hitting a peak of <strong>6.28M (Jun 2025)</strong>. August 2025 is up <strong>188% YoY</strong> vs. August 2024.</td><td>More code, more often, offering evidence of production-grade adoption and active iteration.</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="scale-replaces-hype">Scale replaces hype</h3>
<p><strong>1.13M+ public repositories now depend on generative-AI SDKs (up 178% YoY). </strong>More than <strong>693k+</strong> were created in the last 12 months, sharply outpacing 2024’s total (~400,000). The compounding curve that began in early 2023 shows no sign of tapering; every week, on average, we are still seeing new all-time highs.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-number-of-projects-using-genAI-model-SDKs.png?resize=1728%2C972" alt="A line and area chart titled ‘Cumulative count of public projects using generative AI model SDKs,’ showing rapid growth from 2021 to 2025. The curve starts near zero and climbs steeply to over 1.1 million repositories by 2025, illustrating the widespread adoption of LLM and AI model SDKs. The chart features a purple-to-pink gradient fill on a dark background with geometric ribbons on the left." class="wp-image-91522" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-number-of-projects-using-genAI-model-SDKs.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-number-of-projects-using-genAI-model-SDKs.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-number-of-projects-using-genAI-model-SDKs.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-number-of-projects-using-genAI-model-SDKs.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-number-of-projects-using-genAI-model-SDKs.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="whos-shipping-the-code">Who’s shipping the code?</h3>
<p>The U.S. remains the largest source of contributions (~12.8M, 31.8%). India ranks second (~5M, 12.5%) and leads by distinct repositories (405k vs. 342k).</p>
<p>A second tier (Germany, Japan, U.K., Korea, Canada, Brazil, Spain, France) contributes another ~40%, globalizing the map.</p>
<figure class="wp-block-image size-full"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1728" height="972" src="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-contributions-to-generative-AI-projects-by-country.png?resize=1728%2C972" alt="A horizontal bar chart titled ‘Global distribution of contributions to generative AI repositories.’ The United States leads with over 12 million contributions, followed by India with around 5 million. Other top contributors include Germany, Japan, the United Kingdom, Korea, Canada, Brazil, Spain, and France. The chart features colorful gradient bars on a dark background with green and blue geometric shapes on the left." class="wp-image-91523" srcset="https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-contributions-to-generative-AI-projects-by-country.png?w=1728 1728w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-contributions-to-generative-AI-projects-by-country.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-contributions-to-generative-AI-projects-by-country.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-contributions-to-generative-AI-projects-by-country.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/octoverse-2025-total-contributions-to-generative-AI-projects-by-country.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="agentic-tools-are-now-being-adopted-in-day-to-day-workflows">Agentic tools are now being adopted in day-to-day workflows</h3>
<p>This year, <a href="https://github.com/features/copilot?utm_source=octoverse-copilot-cta&utm_medium=octoverse&utm_campaign=universe25">GitHub Copilot coding agent</a> went from demo to GA and we’re starting to see its impact.</p>
<p>A first glimpse of coding agent shows<strong> </strong>1+ million pull requests that were created between May 2025 and September 2025.</p>
<p><strong>Where it’s showing up:</strong></p>
<p>A repository-level comparison of public repositories with ≥1 coding agent-authored pull request vs. a random sample without Copilot coding agent shows strong selection effects: coding agent activity is skewed toward repositories with more stars, larger size, and greater age. In other words, teams aren’t only assigning coding agent to throwaway projects; they’re trying it in better-known, more established projects as well. </p>
<p>We invite the community to run <strong>within-repository experiments</strong> (A/B or stepped-wedge) and <strong>matched analyses</strong> conditioned on size, stars, age, and complexity proxies to establish robust baselines. We’ll continue looking into this as we evolve coding agent across GitHub, the Copilot CLI, and more. </p>
<h3 class="wp-block-heading" id="ai-is-driving-notable-breakouts-in-open-source">AI is driving notable breakouts in open source</h3>
<p><strong>Generative AI projects continue to be among GitHub’s most popular.</strong> Projects like vllm, ragflow, and ollama outpaced the historical contributor growth of staples such as vscode, home-assistant, flutter. </p>
<figure class="wp-block-table"><table class="has-fixed-layout"><thead><tr><th><strong>Repository (age ≤3 yrs unless noted)</strong></th><th><strong>AI connection</strong></th></tr></thead><tbody><tr><td><strong>vllm-project/vllm</strong></td><td>Open source <em>vision-language</em> model + training/inference stack</td></tr><tr><td><strong>ggml-org/llama.cpp</strong></td><td>Local Llama inference on CPU/GPU</td></tr><tr><td><strong>infiniflow/ragflow</strong></td><td>End-to-end retrieval-augmented-generation (RAG) template</td></tr><tr><td><strong>cline/cline</strong></td><td>“LLM-native” command-line shell that reasons over local context</td></tr><tr><td><strong>huggingface/transformers</strong> (6.6 yrs)</td><td>Defacto Python library for model loading/fine tuning</td></tr></tbody></table></figure>
<h3 class="wp-block-heading" id="what-this-tells-us">What this tells us</h3>
<ol class="wp-block-list">
<li><strong>Software infrastructure outpaces everything else in velocity.</strong> Brand-new generative AI repositories (≤ 1 yr old) are racking up star counts that took other projects a decade to accumulate.</li>
<li><strong>Standards are emerging in real time.</strong> The rapid rise of <strong>Model Context Protocol </strong>(MCP) shows the community coalescing around interoperability standards.</li>
<li><strong>AI is reshaping classic tooling.</strong> Projects like <strong>ollama</strong><strong> </strong>and<strong> </strong><strong>ragflow</strong> show how local inference and AI-augmented pipelines are moving from proof-of-concept into mainstream developer workflows.</li>
</ol>
<h3 class="wp-block-heading" id="ai-is-helping-developers-fix-code-too">AI is helping developers fix code, too</h3>
<p>GitHub Copilot Autofix contributed to measurable improvements in 2025:</p>
<ul class="wp-block-list">
<li><strong>Broken access control</strong> surged the fastest, with fixes accepted in <strong>6,000+ repositories per month</strong> by mid-2025.</li>
<li><strong>Security logging and monitoring failures, injection, insecure design, and misconfiguration</strong> fixes also climbed sharply, each crossing into the thousands of repositories monthly.</li>
<li>Autofix is addressing the most common OWASP Top 10 issues—not just exotic vulnerabilities—bringing AI into the daily fabric of software security.</li>
</ul>
<h3 class="wp-block-heading" id="heres-how-to-stay-ahead">Here’s how to stay ahead</h3>
<p>Early adopters using agents, open standards, and self-hosted inference are already setting the norms for the next decade. Continuous AI—systems and workflows that are updated, retrained, and deployed on an ongoing basis—is emerging.</p>
<ul class="wp-block-list">
<li><strong>Expect AI libraries to become “plumbing.” </strong>If your stack can’t load a model or pipe context into one, you’ll feel legacy-bound quickly. </li>
<li><strong>Go beyond notebooks</strong><em>.</em> Package your experiments early to share them with others.</li>
<li><strong>Watch the toolchain, not just the models. </strong>The next productivity leap may come from LLM-native editors, shells, and test runners growing out of today’s fast-rising repositories.</li>
<li><strong>Build for interoperability.</strong> Standards like MCP and Llama-derived protocols are gaining momentum across ecosystems.</li>
</ul>
<h2 class="wp-block-heading" id="take-this-with-you">Take this with you</h2>
<p>Three years ago, we said AI wouldn’t replace developers—it would bring more people into the ecosystem. The data now proves it: activity on GitHub has reached record levels, with more contributors, more repositories, and more experimentation than ever.</p>
<p><strong>The past year marked historic milestones</strong>: </p>
<ul class="wp-block-list">
<li><strong>India overtook the United States as the largest contributor base to public and open source projects on GitHub. </strong>It’s also poised to overtake the US developer population within the next few years, underscoring how global the developer community has become.</li>
<li><strong>TypeScript became the most used language for the first time</strong>, overtaking both Python and JavaScript and signaling a generational shift in how modern software is built.</li>
<li><strong>Open source remains the foundation</strong>. Public projects supply the libraries, models, and workflows that power most private development. The strength of this ecosystem and the maintainers who sustain it will determine how far and how fast the next wave of software innovation goes.</li>
</ul>
<p>The story of 2025 isn’t AI versus developers. It’s about the evolution of developers in the AI era where they orchestrate agents, shape languages, and drive ecosystems. No matter which agent, IDE, or framework they choose, GitHub is where it all converges.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<h2 class="wp-block-heading" id="h-glossary">Glossary</h2>
<ul class="wp-block-list">
<li><strong>2025</strong>: Refers to September 1, 2024 through August 31, 2025. </li>
<li><strong>Year-over-year language comparisons:</strong> Unless otherwise noted, YoY values reflect same-month comparisons (e.g., Aug 2025 vs Aug 2024) to normalize for month-length and seasonality in developer activity.</li>
<li><strong>Contributions: </strong>Commenting on a commit, issue, pull request, pull request diff, or team discussion; creating a gist, issue, pull request, or team discussion; pushing commits to a project; and reviewing a pull request. </li>
<li><strong>Contributors</strong>: GitHub users who have performed any of the contribution activities defined above. </li>
<li><strong>Developer: </strong>Anyone with a GitHub account. Also sometimes referred to as a GitHub user. The open source and developer communities are an increasingly diverse and global group of people who tinker with code, make non-code contributions, conduct scientific research, and more. GitHub users drive open source innovation, and they work across industries—from software development to data analysis and design.</li>
<li><strong>Total repositories: </strong>The combined number of public and private repositories on GitHub.</li>
<li><strong>Programming language usage: </strong>Unless otherwise noted, “most used” languages are ranked by the number of distinct monthly contributors who committed code in that language. This is the standard measure for “TypeScript became the most used language on GitHub.”</li>
<li><strong>AI-related repository: </strong>Any repository tagged with AI-related topics (e.g., “AI,” “ML,” “LLM”) or falling under our AI classification methodology. This broad category captures general experimentation and projects adjacent to AI.</li>
<li><strong>Agentic workflows: </strong>Software development tasks completed with the aid of autonomous or semi-autonomous AI tools (e.g., GitHub Copilot coding agent creating pull requests, triaging issues, or running tests).</li>
<li><strong>Copilot coding agent</strong>: A GitHub Copilot feature that can independently draft code, run tests, and open draft pull requests in a secure environment—subject to developer review and approval.</li>
<li><strong>Copilot code review</strong>: A GitHub Copilot feature that reviews pull requests, suggests changes, and surfaces potential issues before merging.</li>
<li><strong>GitHub Actions minutes</strong>: CPU minutes used to execute GitHub Actions (CI/CD workflows). Reported cumulatively and as YoY growth.</li>
<li><strong>CodeQL</strong>: GitHub’s semantic code analysis engine used to detect security vulnerabilities. Alerts are categorized by vulnerability type (e.g., Broken Access Control, Injection, Insecure Design).</li>
<li><strong>Mona rank</strong>: Ranks repositories based on their stars, forks, and unique issue authors in the repository. The steps to compute Mona rank: 1) Calculate individual ranks based on stars, forks, and issue authors. 2) Sum these individual ranks. 3) Assign the final “Mona Rank” based on the summed rank.</li>
<li><strong>LLM SDK: </strong>A set of official libraries and tools published by model providers (such as OpenAI, Anthropic, Meta, Mistral, Cohere, or AI21) that make it easier for developers to connect to and use their large language models. These SDKs wrap the underlying model APIs with client libraries, helper functions, and runtime integrations, letting developers handle prompts, responses, tokens, and extensions without needing to build low-level infrastructure. To determine usage of LLM SDKs, we referenced models offered via GitHub Models. These included SDKs from DeepSeek, Grok, Mistral, Phi, OpenAI, Cohere, Llama, and AI21. </li>
</ul>
<hr class="wp-block-separator has-alpha-channel-opacity">
<h2 class="wp-block-heading" id="h-methodology">Methodology</h2>
<p><strong>Scope & coverage</strong></p>
<ul class="wp-block-list">
<li><strong>Octoverse year:</strong> <strong>Sep 1, 2024 through Aug 31, 2025</strong>.</li>
<li>Unless noted, metrics reflect <strong>public activity</strong> only. Public indicators are also available on the <a href="https://innovationgraph.github.com/"><strong>GitHub Innovation Graph</strong></a>. For country-level reporting there, we publish metrics only when <strong>≥100</strong> unique developers performed the activity in the period.</li>
</ul>
<p><strong>Time windows</strong></p>
<ul class="wp-block-list">
<li><strong>Monthly snapshots:</strong> Calendar-month metrics to show peaks/turning points (e.g., <strong>Aug 2025 </strong>language rankings).</li>
<li><strong>Trailing-12-month (T12):</strong> <strong>Sep ’24–Aug ’25</strong> vs <strong>Sep ’23–Aug ’24</strong> for year-over-year trends/averages.</li>
<li><strong>Longer lookbacks:</strong> Historical context from <strong>Jan 2022 → Aug 2025</strong> where relevant.</li>
</ul>
<p><strong>Units & entities</strong></p>
<ul class="wp-block-list">
<li><strong>Contributors/developers:</strong> <strong>Monthly unique</strong> users per metric (e.g., per language). One user can appear in multiple categories in the same month, so these do not sum across categories.</li>
<li><strong>Repositories:</strong> Counted in a month if created or active, per metric definition.</li>
<li><strong>Activities:</strong> “pushes,” “pull requests created/merged,” “comments,” etc., follow standard GitHub event definitions.</li>
</ul>
<p><strong>Growth baselines</strong></p>
<ul class="wp-block-list">
<li><strong>Same-month YoY:</strong> Month vs. the <strong>same month</strong> prior year (e.g., <strong>Aug ’25 vs Aug ’24</strong>) are used for milestones/seasonality control as in language comparisons.</li>
<li><strong>T12 YoY:</strong> Trailing-12-month <strong>total or average</strong> vs the prior trailing-12-month metric are used for sustained trends (e.g., average monthly contributors, pull requests per month).</li>
<li><strong>Stock vs. flow (cumulative metrics):</strong> <strong>Stock</strong> = level at a point in time (e.g., SDK repos <strong>as of Aug ’25</strong>). <strong>Flow</strong> = <strong>adds</strong> over a window (e.g., <strong>Sep ’24–Aug ’25</strong>). Labeled distinctly.</li>
</ul>
<p><strong>Geography</strong></p>
<ul class="wp-block-list">
<li>Developers are mapped to countries via <strong>self-reported locations</strong>, standardized to <strong>ISO country codes</strong>; country aggregates observe the <strong>≥100 developers</strong> publication threshold.</li>
</ul>
<p><strong>Repository & language classification</strong></p>
<ul class="wp-block-list">
<li><strong>Primary language:</strong> GitHub language detection (e.g., Linguist); mixed-language repositories are attributed to <strong>one primary</strong> language.</li>
<li><strong>Notebooks:</strong> “Jupyter Notebook” is a development-environment classification and is labeled transparently.</li>
<li><strong>AI projects:</strong> Identified via signals such as <strong>generative-AI SDK usage</strong> (imports/dependencies) and related metadata.</li>
<li><strong>Open source quality signals:</strong> Presence of files/policies (e.g., codes of conduct) from repository metadata.</li>
</ul>
<p><strong>Statistical techniques</strong></p>
<ul class="wp-block-list">
<li><strong>Monthly time-series</strong> tracking; <strong>cumulative counts</strong> for stock growth; <strong>Top-N rankings</strong> (contributors, repo counts, growth rates, activity volumes).</li>
<li><strong>Minimum thresholds</strong> to reduce noise (e.g., lists may require <strong>≥1,000</strong> contributors or <strong>≥X</strong> repos; metric-specific).</li>
</ul>
<p><strong>User de-duplication</strong></p>
<ul class="wp-block-list">
<li>Count <strong>unique users per time period and per metric</strong> to avoid within-slice double counting; cross-category duplication is expected by design.</li>
</ul>
<p><strong>Data quality controls</strong></p>
<ul class="wp-block-list">
<li><strong>Exclude incomplete months</strong> (e.g., the current month) from YoY/T12.</li>
<li><strong>Filter bots/automation</strong> where identifiable (account flags + behavioral heuristics).</li>
<li>Enforce <strong>minimum activity</strong> for inclusion in growth and rankings.</li>
<li><strong>Cross-validate</strong> against multiple internal/public sources (e.g., Innovation Graph).</li>
</ul>
<p><strong>Interpretation & reproducibility</strong></p>
<ul class="wp-block-list">
<li><strong>Seasonality:</strong> motivates same-month YoY for snapshots and <strong>T12</strong> for structure.</li>
<li><strong>Attribution:</strong> primary language is repository-level; TypeScript/JavaScript mixes may appear under one language.</li>
<li><strong>Scope:</strong> public-only views undercount private activity but preserve directionality.</li>
<li>Public counterparts for several metrics can be verified via the <strong>Innovation Graph</strong>.</li>
</ul>
<p><strong>Developer growth projections</strong></p>
<ul class="wp-block-list">
<li><strong>Forecasting models</strong>: a collection of time-series and regression models that use historical data and statistics to predict future outcomes. Forecasting models relied on historical GitHub data, sign-up rates and product usage, as well as market-sizing information. </li>
<li><strong>Accuracy of forecasts: </strong>No forecast is ever accurate. Backtesting shows models used for forecasting growth projections were within reasonable levels of accuracy (less than 30% Mean Absolute Percentage Error).</li>
<li><strong>External factors: </strong>Forecasts do not take into account competitive landscape changes, geopolitical/economic conditions, or future covariates (product/feature releases that may shift responses differently from historical data).</li>
</ul>
</body></html>
<p>The post <a href="https://github.blog/news-insights/octoverse/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1/">Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91454</post-id> </item>
<item>
<title>Announcing the 2025 GitHub Partner Award winners 🎉</title>
<link>https://github.blog/news-insights/company-news/announcing-the-2025-github-partner-award-winners/</link>
<dc:creator><![CDATA[Jamie Cooper]]></dc:creator>
<pubDate>Tue, 28 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[Company news]]></category>
<category><![CDATA[News & insights]]></category>
<category><![CDATA[GitHub Partners]]></category>
<category><![CDATA[GitHub Universe]]></category>
<guid isPermaLink="false">https://github.blog/?p=91848</guid>
<description><![CDATA[<p>GitHub celebrates its 2025 Partner Award winners, honoring global, regional, and technology partners for driving innovation, collaboration, and impact across the developer ecosystem.</p>
<p>The post <a href="https://github.blog/news-insights/company-news/announcing-the-2025-github-partner-award-winners/">Announcing the 2025 GitHub Partner Award winners 🎉</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>In today’s fast-moving tech industry, partnerships are a powerful engine for scale. More than just sales channels, they unlock new markets, fuel innovation, and enhance customer impact. At GitHub, collaboration with our partners is central to how we grow and deliver value. Their expertise and shared commitment help us push boundaries, solve complex challenges, and create better outcomes for developers and businesses alike.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Partners are a force multiplier for GitHub. Partners amplify our capabilities, expand our reach, and accelerate innovation for our joint customers. It’s exciting to see how our partner ecosystem is growing and flourishing.</p>
<cite>Elizabeth Pemmerl, Microsoft CVP and GitHub Chief Revenue Officer</cite></blockquote>
<p>That said, we are thrilled to announce the winners of our<strong> 2025 GitHub Partner Awards</strong>—a celebration of the outstanding contributions, innovation, and collaboration from our valued partners around the globe. Each year, we recognize partners who have gone above and beyond in delivering exceptional value, driving transformative impact, and strengthening our shared mission. </p>
<p>These partners, recognized in specific categories, are an integral part of the GitHub partner landscape, enabling our joint customers to unlock innovation, fortify security, and build unique solutions and services that integrate GitHub’s secret sauce to meet our joint customers where they are.</p>
<p>This year’s honorees exemplify excellence, leadership, and the spirit of true partnership. Now, let’s roll out the red carpet for our 2025 GitHub Partner Award winners!</p>
<h2 class="wp-block-heading" id="h-2025-partner-award-winners">🏆 2025 Partner Award winners 🏆</h2>
<p><strong>Global Awards</strong></p>
<ul class="wp-block-list">
<li>GSI Services and Channel Partner of the Year: <strong> </strong><a href="https://www.accenture.com/us-en?c=acn_glb_sembrandpuregoogle_13513493&n=psgs_0323&&&&&gclsrc=aw.ds&&c=ad_usadfy17_10000001&n=psgs_Brand-%7C-US-%7C-Exact_accenture&gad_source=1&gad_campaignid=935554953&gbraid=0AAAAADG9MDqAO-bajNgajJympCZ295xL6&gclid=CjwKCAjwiY_GBhBEEiwAFaghvnZaPohQoJ5vT99KM5QyiyEhN3_yC9nL7x5HyLFIZDYkfxPgtw9nTRoC6KUQAvD_BwE"><strong>Accenture and Avanade</strong></a></li>
<li>Strategic Services and Channel Partner of the Year: <a href="https://xebia.com/"><strong>Xebia</strong></a></li>
<li>Growth Services and Channel Partner of the Year: <a href="https://ecanarys.com/"><strong>Canarys</strong></a></li>
</ul>
<p><strong>Regional Awards</strong></p>
<ul class="wp-block-list">
<li>AMER Services and Channel Partner of the Year:<a href="https://www.slalom.com/us/en"> <strong>Slalom</strong></a></li>
<li>APAC Services and Channel Partner of the Year: <a href="https://www.palo-it.com/en/"><strong>PALO IT</strong></a></li>
<li>EMEA Services and Channel Partner of the Year: <a href="https://www.capgemini.com/us-en/"><strong>Capgemini</strong></a></li>
<li>Emerging Market Services and Channel Partner of the Year:<strong> </strong><a href="https://www.ilegra.com/en"><strong>ilegra</strong></a></li>
</ul>
<p><strong>Pillar Awards</strong></p>
<ul class="wp-block-list">
<li>Platform Services and Channel Partner of the Year:<a href="https://www.infosys.com/"><strong> Infosys</strong></a></li>
<li>Security Services and Channel Partner of the Year:<strong> </strong><a href="https://www.eficode.com/?utm_term=eficode&utm_campaign=Brand_All_US_EN_Search_Google&utm_source=adwords&utm_medium=ppc&hsa_acc=7859814498&hsa_cam=21107856399&hsa_grp=159312572639&hsa_ad=759445672298&hsa_src=g&hsa_tgt=kwd-626362631482&hsa_kw=eficode&hsa_mt=e&hsa_net=adwords&hsa_ver=3&gad_source=1&gad_campaignid=21107856399&gbraid=0AAAAAD-3ocQTFOFKq6GAGW52xgifxeEQx&gclid=CjwKCAjwiY_GBhBEEiwAFaghvrayVGVYh8R-B7buWtBJ0YHSQ4RBqBLY4VQzw-peYrWRCJHw89yKrRoCOe0QAvD_BwE"><strong>Eficode</strong></a></li>
<li>AI Services and Channel Partner of the Year: <a href="https://www.cognizant.com/us/en"><strong>Cognizant</strong></a></li>
</ul>
<p><strong>Technology Award</strong></p>
<ul class="wp-block-list">
<li>Technology Partner of the Year Award:<a href="https://jfrog.com/"><strong> JFrog</strong></a></li>
</ul>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>We’re incredibly grateful for the dedication our partners bring to the table every day. Together, we’re driving a joint mission that’s fundamentally transforming how software is built—raising the bar for the entire industry and reshaping the way people live and work. Your commitment to collaboration and customer success continues to power this momentum and inspire what’s possible.</p>
<cite>Matt Finkelstein, VP, Global Microsoft, Partner & Services Solution Sales, GitHub</cite></blockquote>
<h2 class="wp-block-heading" id="a-word-of-thanks">A word of thanks</h2>
<p>We extend our heartfelt congratulations to all our winners. Your dedication and partnership continue to inspire us and move the industry forward. As we look to the future, we remain committed to growing together, innovating fearlessly, and creating shared success. </p>
<p>Thank you for being part of our journey.</p>
</body></html>
<p>The post <a href="https://github.blog/news-insights/company-news/announcing-the-2025-github-partner-award-winners/">Announcing the 2025 GitHub Partner Award winners 🎉</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91848</post-id> </item>
<item>
<title>How to find, install, and manage MCP servers with the GitHub MCP Registry</title>
<link>https://github.blog/ai-and-ml/generative-ai/how-to-find-install-and-manage-mcp-servers-with-the-github-mcp-registry/</link>
<dc:creator><![CDATA[Andrea Griffiths]]></dc:creator>
<pubDate>Fri, 24 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[Generative AI]]></category>
<category><![CDATA[MCP]]></category>
<guid isPermaLink="false">https://github.blog/?p=91673</guid>
<description><![CDATA[<p>Learn how to bring structure and security to your AI ecosystem with the GitHub MCP Registry, the single source of truth for managing and governing MCP servers.</p>
<p>The post <a href="https://github.blog/ai-and-ml/generative-ai/how-to-find-install-and-manage-mcp-servers-with-the-github-mcp-registry/">How to find, install, and manage MCP servers with the GitHub MCP Registry</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Picture this: you walk into a grocery store and nothing makes sense. The cereal is scattered across three aisles. The milk is hiding in some random cooler near self-checkout. And those produce labels? They haven’t been updated in months.</p>
<p>That’s exactly what discovering Model Context Protocol (MCP) servers felt like. Until now.</p>
<p>As a refresher, <a href="https://github.blog/ai-and-ml/llms/what-the-heck-is-mcp-and-why-is-everyone-talking-about-it/">MCP is how developers connect tools, APIs, and workflows to their AI systems</a>. Each MCP server is like an ingredient in your AI stack, whether it’s Playwright for browser automation, Notion for knowledge access, or GitHub’s own MCP server with over a hundred tools. </p>
<p>The new <a href="https://github.blog/ai-and-ml/github-copilot/meet-the-github-mcp-registry-the-fastest-way-to-discover-mcp-servers/">GitHub MCP Registry</a> changes everything by giving you a single, canonical source for discovering, installing, and managing MCP servers right on GitHub.</p>
<p>Here’s what you need to know about finding the right tools for your AI stack, publishing your own servers, and setting up governance for your team.</p>
<p>In this blog, we’ll walk through how to:</p>
<ul class="wp-block-list">
<li>Install an MCP server</li>
<li>Publish your own</li>
<li>Enable governance and team use</li>
</ul>
<p>We’ll also share a few tips and tricks for power users. Let’s go!</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="A deep dive into the GitHub MCP registry | GitHub Checkout" width="500" height="281" src="https://www.youtube.com/embed/wm1yjcTk50w?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h2 class="wp-block-heading" id="h-what-s-in-the-registry-today">What’s in the registry today</h2>
<p>Currently, the <a href="https://github.com/mcp">GitHub MCP Registry</a> has <strong>44 MCP servers</strong>, including:</p>
<ul class="wp-block-list">
<li><strong>Playwright</strong>: Automate and test web apps.</li>
<li><strong>GitHub MCP server</strong>: Access 100+ GitHub API tools.</li>
<li><strong>Context7</strong>, <strong>MarkItDown</strong> (Microsoft), <strong>Terraform</strong> (HashiCorp).</li>
<li>Partner servers from <strong>Notion, Unity, Firecrawl, Stripe,</strong> and more.</li>
</ul>
<p>You can browse by tags, popularity, or GitHub stars to find the tools you need.</p>
<h2 class="wp-block-heading" id="h-how-to-install-an-mcp-server">How to install an MCP server</h2>
<p>The registry makes installation a one-click experience in <strong>VS Code</strong> or <strong>VS Code Insiders</strong>.</p>
<h3 class="wp-block-heading" id="h-example-installing-playwright">Example: Installing Playwright</h3>
<ol class="wp-block-list">
<li>Navigate to Playwright MCP server in the GitHub MCP Registry.</li>
<li>Click <strong>Install in VS Code</strong>.</li>
<li>VS Code launches with a pre-filled configuration.</li>
<li>Accept or adjust optional parameters (like storage paths).</li>
</ol>
<p>That’s it. You’re ready to use Playwright in your agentic workflows.</p>
<p>✅ <strong>Pro tip:</strong> Remote MCP servers (like GitHub’s) use OAuth during install so you don’t need to manually handle tokens or secrets. Just authenticate once and start building.</p>
<h2 class="wp-block-heading" id="h-how-to-publish-your-own-mcp-server">How to publish your own MCP server</h2>
<h3 class="wp-block-heading" id="h-1-install-the-mcp-publisher-cli">1. Install the MCP Publisher CLI</h3>
<ul class="wp-block-list">
<li>macOS/Linux/WSL (Homebrew, recommended):</li>
</ul>
<pre class="wp-block-code"><code>brew install mcp-publisher</code></pre>
<ul class="wp-block-list">
<li>macOS/Linux/WSL (prebuilt binary, latest version):</li>
</ul>
<pre class="wp-block-code"><code>"https://github.com/modelcontextprotocol/registry/releases/download/latest/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher && sudo mv mcp-publisher /usr/local/bin/</code></pre>
<h3 class="wp-block-heading" id="h-2-initialize-your-server-json-file">2. Initialize your <code>server.json</code> file</h3>
<p>Navigate to your server’s source directory and run:</p>
<pre class="wp-block-code"><code>cd /path/to/your/mcp-server
mcp-publisher init</code></pre>
<p>This creates a <code>server.json</code> file. Example:</p>
<pre class="wp-block-code"><code>{
"$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
"name": "io.github.yourname/your-server",
"title": "Describe Your Server",
"description": "A description of your MCP server",
"version": "1.0.0",
"packages": [
{
"registryType": "npm",
"identifier": "your-package-name",
"version": "1.0.0",
"transport": { "type": "stdio" }
}
]
}</code></pre>
<h3 class="wp-block-heading" id="3-prove-you-own-the-package">3. Prove you own the package</h3>
<p>Add the required metadata for your package type.</p>
<ul class="wp-block-list">
<li><strong>NPM:</strong> Add an <code>"mcpName"</code> field to your <code>package.json</code>:</li>
</ul>
<pre class="wp-block-code language-plaintext"><code>{
"name": "your-npm-package",
"mcpName": "io.github.username/server-name"
}</code></pre>
<ul class="wp-block-list">
<li><strong>PyPI/NuGet:</strong> Add this to your README:</li>
</ul>
<pre class="wp-block-code language-plaintext"><code>mcp-name: io.github.username/server-name</code></pre>
<ul class="wp-block-list">
<li><strong>Docker:</strong> Add a label to your Dockerfile:</li>
</ul>
<pre class="wp-block-code language-plaintext"><code>LABEL io.modelcontextprotocol.server.name="io.github.username/server-name"</code></pre>
<h3 class="wp-block-heading" id="4-authentication">4. Authentication</h3>
<ul class="wp-block-list">
<li>For GitHub-based namespaces (<code>io.github.*</code>), run:</li>
</ul>
<pre class="wp-block-code"><code>mcp-publisher login github</code></pre>
<p> This will open a browser for OAuth login.</p>
<ul class="wp-block-list">
<li>For custom domains (<code>com.yourcompany/*</code>), follow DNS verification steps in the <a href="https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md">official docs</a>.</li>
</ul>
<h3 class="wp-block-heading" id="5-publish-your-server">5. Publish your server</h3>
<p>Once authenticated, publish to the registry:</p>
<pre class="wp-block-code"><code>mcp-publisher publish</code></pre>
<p>If successful, your server will be discoverable in the MCP registry. You can verify with:</p>
<pre class="wp-block-code"><code>curl "https://registry.modelcontextprotocol.io/v0/servers?search=io.github.yourname/your-server"</code></pre>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Once you’ve completed the steps above, email <a target="_blank" href="mailto:partnerships@github.com" rel="noreferrer noopener">partnerships@github.com</a> and request for your server to be included.</p>
</blockquote>
<p>✅ <strong>Pro tips:</strong> </p>
<ul class="wp-block-list">
<li><strong>Namespace:</strong> Use <code>io.github.username/*</code> for GitHub auth, or <code>com.yourcompany/*</code> for DNS-based verification.</li>
<li><strong>Remote endpoints:</strong> Add a <code>"remotes"</code> array in your <code>server.json</code> for cloud/HTTP endpoints:</li>
</ul>
<pre class="wp-block-code"><code>"remotes": [
{
"type": "streamable-http",
"url": "https://yourdomain.com/yourserver"
}
]</code></pre>
<ul class="wp-block-list">
<li><strong>Multiple deployment options:</strong> You can list both <code>"packages"</code> and <code>"remotes"</code> for hybrid deployments.</li>
<li><strong>Examples:</strong> See <a href="https://github.com/domdomegg/airtable-mcp-server">airtable-mcp-server (npm/docker/MCPB)</a>, <a href="https://github.com/domdomegg/time-mcp-nuget">time-mcp-nuget</a>, <a href="https://github.com/domdomegg/time-mcp-pypi">time-mcp-pypi</a>.</li>
</ul>
<h2 class="wp-block-heading" id="automate-publishing-with-github-actions">Automate publishing with GitHub Actions</h2>
<p>You can automate publishing so every tagged release is published to both your package registry and the MCP registry.</p>
<p>Create <code>.github/workflows/publish-mcp.yml</code>:</p>
<pre class="wp-block-code language-plaintext"><code>name: Publish to MCP Registry
on:
push:
tags: ["v*"]
jobs:
publish:
runs-on: ubuntu-latest
permissions:
id-token: write # For OIDC
contents: read
steps:
- uses: actions/checkout@v5
# (Edit these for your package type)
- name: Setup Node.js
uses: actions/setup-node@v5
with:
node-version: "lts/*"
- name: Install dependencies
run: npm ci
- name: Build and test
run: |
npm run build --if-present
npm run test --if-present
- name: Publish to npm
run: npm publish
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
# MCP publishing (works for all package types)
- name: Download MCP Publisher
run: |
curl -L "https://github.com/modelcontextprotocol/registry/releases/download/latest/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher
- name: Publish to MCP Registry
run: |
./mcp-publisher login github-oidc
./mcp-publisher publish
# Optional: keep server.json version in sync with git tag
- run: |
VERSION=${GITHUB_REF#refs/tags/v}
jq --arg v "$VERSION" '.version = $v' server.json > tmp && mv tmp server.json</code></pre>
<p>To trigger the workflow:</p>
<pre class="wp-block-code language-plaintext"><code>git tag v1.0.0
git push origin v1.0.0</code></pre>
<p>When you publish, your server shows up in the open source registry and downstream registries (like GitHub’s) automatically pick up updates. No more notifying a dozen different registries every time you ship a new version.</p>
<p>✅ <strong>Pro tips:</strong></p>
<ul class="wp-block-list">
<li>Host your code in a <strong>public GitHub repository</strong> to show verified ownership.</li>
<li>Add tags in <code>server.json</code> so developers can easily discover your server by category.</li>
<li>Updates propagate automatically downstream—no manual notifications required</li>
</ul>
<p><strong>How to manage MCP servers in the enterprise</strong></p>
<p>If you’re managing MCP usage across a large organization, governance isn’t optional. You need control over which servers your developers can install—especially when those servers interact with sensitive data.</p>
<p>GitHub now supports <strong>registry allow lists</strong> so admins can control which MCP servers are available to developers.</p>
<p>Here are the steps for admins (which may be you!):</p>
<ol class="wp-block-list">
<li>Stand up or connect an internal registry that follows the MCP API spec (registry + HTTP endpoint).</li>
<li>Add vetted MCP servers (internal + external) to your registry.</li>
<li>Point GitHub Enterprise settings to that registry endpoint.</li>
<li>MCP-aware surfaces (starting with VS Code) enforce the allow list automatically.</li>
</ol>
<p><strong>Example: How the allow list works</strong></p>
<p>Your internal registry at <code>https://internal.mybank.com/mcp-registry</code> returns:</p>
<pre class="wp-block-code"><code>{
"servers": [
{
"name": "github.com/github/mcp-server",
"version": "1.0.0"
},
{
"name": "github.com/microsoft/markitdown-mcp",
"version": "2.1.0"
},
{
"name": "internal.mybank.com/mcp-servers/custom-tools",
"version": "1.5.0"
}
]
}</code></pre>
<p>When developers try to install an MCP server in VS Code, GitHub checks your registry endpoint and only allows installations from your approved list.</p>
<p>This governance model means you can vet partnerships, run security scans, and maintain compliance, all while giving developers access to the tools they need.</p>
<p>✅ <strong>Pro tip:</strong> Use GitHub’s API or your existing security pipeline to vet MCP servers before adding them to your allow list.</p>
<h2 class="wp-block-heading" id="tips-and-tricks-for-power-users">Tips and tricks for power users</h2>
<p>Once you’ve got the basics down, here are some shortcuts to get more out of the registry:</p>
<ul class="wp-block-list">
<li><strong>Sort smarter</strong>: Use GitHub stars and org verification to quickly assess quality and legitimacy. If a server has thousands of stars and comes from a verified org like Microsoft or HashiCorp, that’s a strong signal.</li>
<li><strong>Local testing</strong>: Test your MCP server before publishing using the<a href="https://github.com/modelcontextprotocol/inspector"> MCP Inspector</a>. This helps you catch issues early without polluting the registry. </li>
<li><strong>Agent synergy</strong>: Copilot coding agent comes preloaded with GitHub and Playwright MCP servers. This combo enables auto-generated pull requests with screenshots of web apps, perfect for UI-heavy projects where visual validation matters.</li>
<li><strong>Tool overload fix</strong>: VS Code is rolling out semantic tool lookups, so your agent won’t flood contexts with 90+ tools. Instead, only the relevant ones surface based on your prompt. This makes working with large MCP servers like GitHub’s much more manageable.</li>
</ul>
<h2 class="wp-block-heading" id="whats-next">What’s next?</h2>
<p>The GitHub MCP Registry is just getting started. Here’s a look at what’s on the horizon—from self-publication to enterprise adoption—so you can see where the ecosystem is heading.</p>
<ul class="wp-block-list">
<li><strong>Self-publication</strong>: Expected in the next couple months. This will unlock community-driven growth and make the registry the canonical source for all public MCP servers.</li>
<li><strong>More IDE support</strong>: Other IDEs are coming. The goal is to make MCP server installation seamless regardless of where you write code.</li>
<li><strong>Enterprise features</strong>: Governance flows to help unlock MCP usage in regulated industries. Think financial services, healthcare, and other sectors where compliance isn’t negotiable.</li>
<li><strong>Agentic workflows</strong>: GitHub MCP server will start bundling tools into use-case-driven flows (e.g., “analyze repository + open pull request”) instead of just exposing raw API endpoints. This will make complex workflows feel like simple commands.</li>
</ul>
<h2 class="wp-block-heading" id="get-started-today">Get started today</h2>
<p>The GitHub MCP Registry has 44 servers today and will continue growing (trust us!).</p>
<p>👉 Explore the <a href="https://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025">MCP Registry</a> on GitHub<a href="https://github.com/mcp?utm_source=blog-source&utm_campaign=mcp-registry-server-launch-2025"><br></a>👉 To nominate your server now, email <strong>partnerships@github.com</strong>.</p>
<p>Soon, this registry will become the single source of truth for MCP servers, giving you one place to discover, install, and govern tools without hopping across outdated registries.</p>
<p>The future of AI-assisted development isn’t about coding faster. It’s about orchestrating tools that amplify your impact. And the GitHub MCP Registry is where that orchestration begins.</p>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/generative-ai/how-to-find-install-and-manage-mcp-servers-with-the-github-mcp-registry/">How to find, install, and manage MCP servers with the GitHub MCP Registry</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91673</post-id> </item>
<item>
<title>The road to better completions: Building a faster, smarter GitHub Copilot with a new custom model</title>
<link>https://github.blog/ai-and-ml/github-copilot/the-road-to-better-completions-building-a-faster-smarter-github-copilot-with-a-new-custom-model/</link>
<dc:creator><![CDATA[Shengyu Fu]]></dc:creator>
<pubDate>Thu, 23 Oct 2025 18:31:12 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[AI agents]]></category>
<category><![CDATA[AI coding tools]]></category>
<category><![CDATA[LLM]]></category>
<guid isPermaLink="false">https://github.blog/?p=91797</guid>
<description><![CDATA[<p>Find out about the latest custom models powering the completions experience in GitHub Copilot. </p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/the-road-to-better-completions-building-a-faster-smarter-github-copilot-with-a-new-custom-model/">The road to better completions: Building a faster, smarter GitHub Copilot with a new custom model</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Code completion remains the most widely used GitHub Copilot feature, helping millions of developers stay in the flow every day. Our team has continuously iterated on the custom models powering the completions experience in GitHub Copilot driven by developer feedback. That work has had a big impact on giving you faster, more relevant suggestions in the editor.  </p>
<p>We’re now delivering suggestions with 20% more accepted and retained characters, 12% higher acceptance rate, 3x higher token-per-second throughput, and a 35% reduction in latency. </p>
<p>These updates now power GitHub Copilot across editors and environments. We’d like to share our journey on how we trained and evaluated our custom model for code completions. </p>
<h2 class="wp-block-heading" id="h-why-it-matters-nbsp">Why it matters </h2>
<p>When Copilot completions improve, you spend less time editing and more time building. The original Copilot was optimized for the highest acceptance rate possible. However, we realized that a heavy focus on acceptance rates could lead to incorrectly favoring a high volume of simple and short suggestions.  </p>
<p>We heard your feedback that this didn’t reflect real developer needs or deliver the highest quality experience. So, we pivoted to also optimize for accepted and retained characters, code flow, and other metrics. </p>
<ul class="wp-block-list">
<li><strong>20% higher accepted-and-retained characters</strong> results in more of each Copilot suggestion staying in your final code, not just ending up temporarily accepted and deleted later. In other words, suggestions provide more value with fewer keystrokes.</li>
<li><strong>12% higher acceptance rate</strong> means you find suggestions more useful more often, reflecting better immediate utility. </li>
<li><strong>3x throughput</strong> <strong>with 35% lower latency</strong> makes Copilot feel faster. It handles more requests at once while keeping your coding flow unbroken (throughput describes how much work the system can handle overall, while latency describes how quickly each individual request completes).</li>
</ul>
<h2 class="wp-block-heading" id="h-how-we-evaluate-custom-models-nbsp">How we evaluate custom models </h2>
<p>Copilot models are evaluated using combined signals from <strong>offline</strong>, <strong>pre-production</strong>, and <strong>production</strong> evaluations. Each layer helps us refine different aspects of the experience while ensuring better quality in real developer workflows. </p>
<h3 class="wp-block-heading" id="h-1-offline-evaluations-nbsp-nbsp">1) Offline evaluations  </h3>
<p><strong>Execution-based benchmark: </strong>As part of our offline evaluations, we first test against internal and public repositories with strong code by unit test and scenario coverage, spanning all major languages. Each test simulates real tasks, accepts suggestions, and measures build-and-test pass rates. This emphasizes functional correctness over surface fluency.  </p>
<p>Below is an example of a partial token completion error: the model produced <code>data<strong>et</strong></code> instead of <code>data<strong>set</strong></code>.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="447" width="1024" src="https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?resize=1024%2C447" alt="Screenshot of a Python code editor showing a function named resolve_file inside a file called dataset_utilities.py. The function takes two string arguments, dataset and filename, and returns a string. The purpose, according to the docstring, is to resolve a file from a dataset and assert that only one file is found. The code uses os.path and glob to find files. There’s a highlighted line path = os.path.join(dat... with an error under dat, suggesting a variable name typo (dat instead of dataset). Several red underlines indicate syntax or reference errors in the code." class="wp-image-91828" srcset="https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=1026 1026w, https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/partial-token-completion-error.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><strong>LLM-judge scoring: </strong>While we start with execution-based evaluation, this has downsides: it only tells if the code will compile, but the results are not always aligned with developer preferences. To ensure the best possible outcomes, we run an independent LLM to score completions across three axes:  </p>
<ul class="wp-block-list">
<li><strong>Quality:</strong> Ensure syntax validity, duplication/overlap, format and style consistency. </li>
<li><strong>Relevance: </strong>Focus on relevant code, avoid hallucination and overreach. </li>
<li><strong>Helpfulness:</strong> Reduce manual effort, avoid outdated or deprecated APIs. </li>
</ul>
<h3 class="wp-block-heading" id="h-2-pre-production-evaluations-qualitative-dogfooding-nbsp">2) Pre-production evaluations: Qualitative dogfooding </h3>
<p>Our next step includes working with internal developers and partners to test models side-by-side in real workflows (to do the latter, we exposed the preview model to developers through Copilot’s model picker). We collect structured feedback on readability, trust, and “taste.” Part of this process includes working with language experts to improve overall completion quality. This is unique: while execution-based testing, LLM-based evaluations, dogfood testing, and A/B testing are common, we find language-specific evaluations lead to better outcomes along quality and style preferences. </p>
<h3 class="wp-block-heading" id="h-3-production-based-evaluations-a-b-testing-nbsp">3) Production-based evaluations: A/B testing </h3>
<p>Ultimately, the lived experience of developers like you is what matters most. We measure improvements using accepted-and-retained characters, acceptance rates, completion-shown rate, time-to-first token, latency, and many other metrics. We ship only when statistically significant improvements hold up under real developer workloads. </p>
<h2 class="wp-block-heading" id="h-how-we-trained-our-new-copilot-completions-model-nbsp">How we trained our new Copilot completions model </h2>
<h3 class="wp-block-heading" id="h-mid-training-nbsp">Mid-training </h3>
<p>Modern codebases use modern APIs. Before fine-tuning, we build a code-specific foundational model via mid-training using a curated, de-duplicated corpus of modern, idiomatic, public, and internal code with nearly 10M repositories and 600-plus programming languages. (Mid-training refers to the stage after the base model has been pretrained on a very large, diverse corpus, but before it undergoes final fine-tuning or instruction-tuning). </p>
<p>This is a critical step to ensure behaviors, new language syntax, and recent API versions are utilized by the model. We then use supervised fine-<s> </s>tuning and reinforcement learning while mixing objectives beyond next-token prediction—span infillings and docstring/function pairs—so the model learns structure, naming, and intent, not just next-token prediction. This helps us make the foundational model code-fluent, style-consistent, and context-aware, ready for more targeted fine-tuning via supervised fine-tuning. </p>
<h3 class="wp-block-heading" id="h-supervised-fine-tuning-nbsp">Supervised fine-tuning </h3>
<p>Newer general-purpose chat models perform well in natural language to generate code, but underperform on fill-in-the-middle (FIM) code completion. In practice, chat models experience cursor-misaligned inserts, duplication of code before the cursor (prefix), and overwrites of code after the cursor (suffix).  </p>
<p>As we moved to fine-tuned behaviors, we trained models specialized in completions by way of synthetic fine-tuning to behave like a great FIM engine. In practice, this improves: </p>
<ul class="wp-block-list">
<li><strong>Prefix/suffix awareness</strong>: Accurate inserts between tokens, mid-line continuations, full line completions, and multi-line block completions without trampling the suffix. </li>
<li><strong>Formatting fidelity</strong>: Respect local style (indentation, imports, docstrings) and avoid prefix duplication. </li>
</ul>
<p>The result is significantly improved FIM performance. For example, here is a benchmark comparing our latest completions model to GPT-4.1-mini on <a href="https://github.com/openai/human-eval-infilling" target="_blank" rel="noreferrer noopener">OpenAI’s HumanEval Infilling Benchmarks</a>.  </p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="538" width="1024" src="https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?resize=1024%2C538" alt="A chart showing HumanEval Infilling Benchmarks for two different AI models. These include a custom model from GitHub named Copilot Completions and OpenAI's GPT-4o-mini. The evaluations show superior performance across single line, multi line, random span, and random span light tests for the Copilot Completions model. " class="wp-image-91837" srcset="https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=2400 2400w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/HumanEvalInfilling_1200x630.png?w=2048 2048w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<h3 class="wp-block-heading" id="h-reinforcement-learning-nbsp">Reinforcement learning </h3>
<p>Finally, we used a custom reinforcement learning algorithm, teaching the model through rewards and penalties to internalize what makes code suggestions useful in real developer scenarios along three axes:</p>
<ul class="wp-block-list">
<li><strong>Quality</strong>: Syntax-valid, compilable code that follows project style (indentations, imports, headers).  </li>
<li><strong>Relevance</strong>: On-task suggestions that respect surrounding context and the file’s intent.  </li>
<li><strong>Helpfulness</strong>: Suggestions that reduce manual effort and prefer modern APIs.  </li>
</ul>
<p>Together, these create completions that are correct, relevant, and genuinely useful at the cursor instead of being verbose or superficially helpful. </p>
<h2 class="wp-block-heading" id="h-what-we-learned-nbsp">What we learned </h2>
<p>After talking with programming language experts and finding success in our prompt-based<s> </s>approach, one of our most important lessons was adding related files like C++ header files to our training data. Beyond this, we also came away with three key learnings: </p>
<ul class="wp-block-list">
<li><strong>Reward carefully: </strong>Early reinforcement learning version over-optimized for longer completions, adding too many comments in the form of “reward hacking.” To mitigate this problem, we introduced comment guardrails to keep completions concise and focused on moving the task forward while penalizing unnecessary commentary. </li>
<li><strong>Metrics matter: </strong>Being hyper-focused on a metric like acceptance rate can lead to experiences that look good on paper, but do not result in happy developers. That makes it critical to evaluate performance by monitoring multiple metrics with real-world impact.</li>
<li><strong>Train for real-world usage: </strong>We align our synthetic fine-tuning data with real-world usage and adapt our training accordingly. This helps us identify problematic patterns and remove them via training to improve real-world outcomes.  </li>
</ul>
<h2 class="wp-block-heading" id="h-what-s-next-nbsp">What’s next </h2>
<p>We’re continuing to push the frontier of Copilot completions by: </p>
<ul class="wp-block-list">
<li>Expanding into domain-specific slices (e.g., game engines, financial, ERP). </li>
<li>Refining reward functions for build/test success, semantic usefulness (edits that advance the user’s intent without bloat), and API modernity preference for up-to-date, idiomatic libraries and patterns. This is helping us shape completion behavior with greater precision. </li>
<li>Driving faster, cheaper, higher-quality completions across all developer environments.  </li>
</ul>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p>Experience faster, smarter code completions yourself. <a href="https://github.com/features/copilot" target="_blank" rel="noreferrer noopener">Try GitHub Copilot in VS Code ></a> </p>
</div>
<h3 class="wp-block-heading" id="h-acknowledgments-nbsp">Acknowledgments </h3>
<p>First, a big shoutout to our developer community for continuing to give us feedback and push us to deliver the best possible experiences with GitHub Copilot. Moreover, a huge thanks to the researchers, engineers, product managers, designers across GitHub and Microsoft who curated the training data, built the training pipeline, evaluation suites, client and serving stack<s> </s>—<s> </s>and to the GitHub Copilot product and engineering teams for smooth model releases. </p>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/the-road-to-better-completions-building-a-faster-smarter-github-copilot-with-a-new-custom-model/">The road to better completions: Building a faster, smarter GitHub Copilot with a new custom model</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91797</post-id> </item>
<item>
<title>From karaoke terminals to AI résumés: The winners of GitHub’s For the Love of Code challenge</title>
<link>https://github.blog/open-source/from-karaoke-terminals-to-ai-resumes-the-winners-of-githubs-for-the-love-of-code-challenge/</link>
<dc:creator><![CDATA[Lee Reilly]]></dc:creator>
<pubDate>Wed, 22 Oct 2025 20:30:35 +0000</pubDate>
<category><![CDATA[Open Source]]></category>
<category><![CDATA[developer experience]]></category>
<category><![CDATA[open source]]></category>
<category><![CDATA[open source community]]></category>
<guid isPermaLink="false">https://github.blog/?p=91749</guid>
<description><![CDATA[<p>This summer, we invited devs to participate in our hackathon for joyful, ridiculous, and wildly creative projects. Here are the winners of For the Love of Code!</p>
<p>The post <a href="https://github.blog/open-source/from-karaoke-terminals-to-ai-resumes-the-winners-of-githubs-for-the-love-of-code-challenge/">From karaoke terminals to AI résumés: The winners of GitHub’s For the Love of Code challenge</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Every developer has that project they build just for the fun of it. You know how it goes: you start by asking “what if?” and then you have something weird and wonderful hours later. </p>
<p>This summer, we decided to celebrate that spirit with <a href="https://github.blog/open-source/for-the-love-of-code-2025/"><strong>For the Love of Code</strong></a>, our first-ever competition for projects built purely for fun. More than 300 developers answered the call. Some leaned on GitHub Copilot to refactor ideas, fix bugs, and spark inspiration. Some teamed up. Others flew solo, guided only by caffeine and curiosity.</p>
<p>Entries spanned everything from a <a href="https://github.com/cyprieng/github-breakout">Breakout game powered by your GitHub graph</a>, to a <a href="https://github.com/sanaysarthak/git-laugh-track">laugh-track that plays on every commit</a>, <a href="https://github.com/NeoKish/vscode-yelp-style-reviewer">a Yelp-style code reviewer in VS Code</a> ★★★★☆, a <a href="https://github.com/leereilly/copilot-cam">Copilot you can literally see on camera</a>, and even a <a href="https://github.com/GustyCube/pr-notes-comic-strip">comic strip made from your release notes</a>.</p>
<p>We invited participants to build anything that sparks joy across six whimsical categories:</p>
<ul class="wp-block-list">
<li><strong>🔘 Buttons, beeps & blinkenlights:</strong> Hardware hacks, LEDs, sensors, and gadgets galore.</li>
<li>🖥️<strong> Terminal talent: </strong>Command-line creations and retro computing love letters.</li>
<li><strong>🌐 World wide wonders: </strong>Browser-based experiments, apps, and interactive art.</li>
<li><strong>🤖 Agents of change:</strong> AI, bots, and automation with heart.</li>
<li><strong>🕹️ Game on: </strong>Games big or small, serious or silly.</li>
<li>🃏<strong> Everything but the kitchen sink: </strong>The wildcard (if it doesn’t fit anywhere else, it fits here).</li>
</ul>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--7" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-how-github-copilot-powered-creativity" style="margin-top:0">💡 How GitHub Copilot powered creativity</h3>
<p><a href="https://github.com/features/copilot">GitHub Copilot</a> helped contest participants:</p>
<ul class="wp-block-list">
<li>Create efficient Go code to integrate with the GitHub API</li>
<li>Scaffold repetitive code and boilerplate</li>
<li>Suggest API calls and syntax corrections</li>
<li>Debug hardware quirks and runtime errors</li>
<li>Spark inspiration for algorithms and UI design</li>
<li>Write their first Python program</li>
<li>Make their first real push to GitHub</li>
</ul>
<p>And it didn’t stop there. When creativity met Copilot, side projects turned into something spectacular.<br><br><a href="https://github.blog/ai-and-ml/github-copilot/copilot-faster-smarter-and-built-for-how-you-work-now/">Discover how Copilot can help you with your project ></a></p>
</aside>
<h2 class="wp-block-heading" id="meet-the-winners-open-source-experiments-ai-side-projects-and-more">Meet the winners: Open source experiments, AI side projects, and more</h2>
<p>Here are the top three entries from each category.</p>
<h2 class="wp-block-heading" id="%f0%9f%94%98-buttons-beeps-blinkenlights">🔘 Buttons, beeps & blinkenlights </h2>
<h3 class="wp-block-heading" id="plane-tracker-diy-radar-on-your-desk">Plane Tracker: DIY radar on your desk</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="1024" width="771" src="https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?resize=771%2C1024" alt="A person holding an Adafruit TFT Gizmo display connected to a laptop. The screen shows a green radar interface with red blips representing nearby planes. In the background, Python code and a terminal window in VS Code display mock plane data being sent via Bluetooth." class="wp-image-91771" srcset="https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=1656 1656w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=226 226w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=768 768w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=771 771w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=1156 1156w, https://github.blog/wp-content/uploads/2025/10/plane-tracker.jpg?w=1542 1542w" sizes="auto, (max-width: 771px) 100vw, 771px" /></figure>
<p><a href="https://github.com/cpstroum/flight-tracker-bluefruit">Plane Tracker</a> by @cpstroum is a DIY radar that uses an <a href="https://learn.adafruit.com/introducing-circuit-playground/overview?gad_source=1&gad_campaignid=21079267614&gbraid=0AAAAADx9JvS9gzUjK958dRkUNTd_N30et&gclid=Cj0KCQjw9czHBhCyARIsAFZlN8RtFMPe77bX67pkLaGHs37V1Nq0iJBnTNQ47Vuex2Y-oozA28_oRmsaAhPqEALw_wcB">Adafruit Circuit Playground</a>, Bluetooth, and the ADS-B Exchange API to fetch live flight data. It turns nearby planes into a real-time mini radar display.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @cpstroum with Git itself and with structuring the initial project for their first real push to GitHub. Thanks, Copilot! And welcome aboard, @cpstroum!
<h3 class="wp-block-heading" id="h-cadrephoto-the-easy-e-ink-photo-frame">Cadrephoto: The easy e-ink photo frame</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="512" width="1024" src="https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?resize=1024%2C512" alt="A wooden e-ink photo frame displays a grayscale version of “Girl with a Pearl Earring.” A smartphone next to it shows an email being sent with the same image, and a red arrow points from the phone to the frame, illustrating how the photo is updated remotely." class="wp-image-91770" srcset="https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=1280 1280w, https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/cadrephoto.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/ozh/cadrephoto">Cadrephoto</a> by @ozh is a Raspberry Pi and e-ink photo frame that displays pictures emailed to it (no app, no setup, perfect for less tech-savvy people). It checks an inbox, downloads the latest photo, and updates the screen automatically.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @ozh with their first Python project. It worked smoothly inside JetBrains IDEs and made code completion feel almost like magic.
<h3 class="wp-block-heading" id="h-buildin-traffic-light-builds-for-your-repository">BuildIn: Traffic-light builds for your repository</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="1024" width="1024" src="https://github.blog/wp-content/uploads/2025/10/buildin.png?resize=1024%2C1024" alt="A collage of four photos showing an Arduino breadboard project with multiple jumper wires and LEDs in different colors—blue, green, yellow, and red—lit up during various testing stages." class="wp-image-91769" srcset="https://github.blog/wp-content/uploads/2025/10/buildin.png?w=1080 1080w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=150 150w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=600 600w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=400 400w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=200 200w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=1000 1000w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=90 90w, https://github.blog/wp-content/uploads/2025/10/buildin.png?w=116 116w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/SUNSET-Sejong-University/BuildIn/">BuildIn</a> by @SUNSET-Sejong-University and @lepetitprince99 is a real-life traffic light for your code that sits on your desk. Using an Arduino and the GitHub API, it lights up red, yellow, green, or blue to show your repository’s build status at a glance.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @SUNSET-Sejong-University debug and optimize their code. It saved time tracking down tricky hardware issues and made troubleshooting much easier.
<h2 class="wp-block-heading" id="h-terminal-talent">🖥️ Terminal talent</h2>
<h3 class="wp-block-heading" id="h-restohack-a-roguelike-resurrected-from-1984">RestoHack: A roguelike resurrected from 1984</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" width="582" height="422" src="https://github.blog/wp-content/uploads/2025/10/restohack.png?w=582&resize=582%2C422" alt="A black terminal window displaying ASCII art of a tombstone reading “REST IN PEACE mjh 0 AU killed by a giant rat 2025,” from a retro text-based game." class="wp-image-91768" srcset="https://github.blog/wp-content/uploads/2025/10/restohack.png?w=582 582w, https://github.blog/wp-content/uploads/2025/10/restohack.png?w=300 300w" sizes="auto, (max-width: 582px) 100vw, 582px" /></figure>
<p><a href="https://github.com/Critlist/restoHack">RestoHack</a> by @Critlist resurrects the 1984 roguelike game that inspired <a href="https://github.com/NetHack/NetHack">NetHack</a>, rebuilt from the original source with modern tools and a preservationist’s touch. It compiles cleanly, runs faithfully, and proves that forty years later, permadeath still hits hard.</p>
<h3 class="wp-block-heading" id="h-jukebox-cli">Jukebox CLI</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="466" width="1024" src="https://github.blog/wp-content/uploads/2025/10/jukebox.png?resize=1024%2C466" alt="A pixel art jukebox interface in a terminal-based music player. The screen shows colorful pixel graphics in the center, a playlist of songs on the right, and playback controls with progress and volume bars at the bottom." class="wp-image-91767" srcset="https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=1780 1780w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/jukebox.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/FedeCarollo/jukebox-cli">Jukebox CLI </a>by @FedeCarollo is a colorful, animated jukebox that runs right in your terminal. Built in Rust with Ratatui, it plays MP3s, shows floating musical notes, and color-codes each track in a scrollable playlist. You can play, pause, skip, and adjust the volume without ever leaving your command line.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @FedeCarollo explore unfamiliar Rust libraries and find their footing.
<h3 class="wp-block-heading" id="h-tuneminal-sing-your-commits-from-the-command-line">Tuneminal: Sing your commits from the command line</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="521" width="1024" src="https://github.blog/wp-content/uploads/2025/10/tuneminal.png?resize=1024%2C521" alt="A terminal-based karaoke interface titled “Tuneminal.” The screen displays a song library with “IRIS – Kenshi Yonezu,” current score and accuracy, and placeholders for lyrics and an audio visualizer." class="wp-image-91766" srcset="https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=1279 1279w, https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/tuneminal.png?w=1024 1024w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/heza-ru/Tuneminal">Tuneminal</a> by @heza-ru turns your terminal into a full-blown karaoke stage with scrolling lyrics, live audio visualization, and scoring that rewards your inner rock star. It’s open source, cross-platform, and the perfect excuse to sing while that <code>git clone</code> takes a while.</p>
<h2 class="wp-block-heading" id="h-world-wide-wonders">🌐 World wide wonders</h2>
<h3 class="wp-block-heading" id="h-netstalgia-surf-the-90s-web-on-virtual-dial-up">Netstalgia: Surf the ‘90s web on virtual dial-up</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="640" width="1024" src="https://github.blog/wp-content/uploads/2025/10/netstalgia.png?resize=1024%2C640" alt="A retro 1990s-style web page called “Netsalgia.com” designed to look like a Windows 95 desktop. The page features colorful buttons, visitor counters, fake ads, and a pop-up asking users to star the GitHub repository for this nostalgic project." class="wp-image-91765" srcset="https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=3584 3584w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=2048 2048w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=288 288w, https://github.blog/wp-content/uploads/2025/10/netstalgia.png?w=3000 3000w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/heza-ru/Netstalgia">Netstalgia</a> by @heza-ru (again!) is a fully functional ‘90s web fever dream built with modern tech, but visually stuck on virtual dial-up. It’s got dancing babies, popup ads, a fake BBS, and more CRT glow than your old Gateway 2000 ever survived.</p>
<p>In true retro internet spirit, it even ships with a fake GitHub Star Ransomware—a tongue-in-cheek “virus” that demands you star the repo to “decrypt your files.” A clever (and harmless) new twist on the eternal quest for GitHub stars. ⭐💾</p>
<h3 class="wp-block-heading" id="bionic-reader-speed-read-your-screen">Bionic Reader: Speed read your screen</h3>
<p><a href="https://github.com/Awesome-XV/Bionic-Reader">Bionic Reader</a> by @Awesome-XV rewires how you read by bolding the first few letters of each word so your brain fills in the rest. It’s like giving your eyes a speed boost without the caffeine jitters to read faster than ever.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @Awesome-XV write project documentation and scaffold the initial codebase.
<h3 class="wp-block-heading" id="h-the-git-roast-show-roast-your-github-profile-lovingly">The Git Roast Show: Roast your GitHub profile… lovingly</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="640" width="1024" src="https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?resize=1024%2C640" alt="A stylized image featuring a cartoon GitHub Octocat character in a tuxedo and sunglasses holding a microphone. The text above reads “The GitRoast Show,” and a speech bubble says “we don’t fork around here.” The background has a swirling teal marble texture." class="wp-image-91764" srcset="https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=3584 3584w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=2048 2048w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=288 288w, https://github.blog/wp-content/uploads/2025/10/the-git-roast-show.png?w=3000 3000w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/rawrnuck/thegitroastshow">Git Roast Show</a> by @rawrnuck and @Anmol0201 is a full-stack web app that humorously “roasts” your GitHub profile. Built with React, Vite, and Express, it fetches live GitHub data to generate personalized, sound-enhanced, and animated comedy roasts.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @rawrnuck understand algorithms and handle the repetitive parts of their project.
<h3 class="wp-block-heading" id="nightlio-a-mood-tracker-you-actually-own">Nightlio: a mood tracker you actually own</h3>
<p><a href="https://github.com/shirsakm/nightlio">Nightlio</a> by @shirsakm is a privacy-first mood tracker and daily journal you can self-host in minutes. Log how you feel on a 5-point scale, add Markdown notes, tag entries like #Sleep or #Productivity, then explore calendars, streaks, and simple stats to spot patterns. It runs anywhere with Docker, stores data in a local SQLite file, and keeps things clean with JWT-protected APIs, a React/Vite front end, and optional Google OAuth. No ads. No subscriptions. Your server, your rules.</p>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="484" width="1024" src="https://github.blog/wp-content/uploads/2025/10/nightlio.gif?resize=1024%2C484" alt="A dark-themed productivity app called Nightliio is shown in motion. The animation highlights mood tracking icons, personal goals such as “Read Before Bed” and “Morning Meditation,” and sections for adding goals, viewing history, and tracking progress through colorful animated bars." class="wp-image-91763"></figure>
<p><strong><em>Note</em></strong><em>: Because @heza-ru placed in two categories, we’ve added a fourth winner to this category.</em></p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @shirsakm with refactors, color palette updates, and codebase-wide changes that would have taken much longer by hand.
<h2 class="wp-block-heading" id="%f0%9f%a4%96-agents-of-change">🤖 Agents of change</h2>
<h3 class="wp-block-heading" id="neosgenesis-ai-that-thinks-about-thinking">Neosgenesis: AI that thinks about thinking</h3>
<p><a href="https://github.com/answeryt/Neosgenesis">Neosgenesis</a> by @answeryt is a metacognitive AI framework that teaches machines to think about how they think. It runs a five-stage loop (think, verify, learn, optimize, decide) while juggling multiple LLMs, tools, and real-time feedback. A multi-armed bandit picks the best reasoning patterns, and when it stalls, an “aha” mode explores fresh paths.</p>
<h3 class="wp-block-heading" id="medivision-assistant-accessible-ai-healthcare-for-all">MediVision Assistant: Accessible AI healthcare for all</h3>
<p><a href="https://github.com/omkardongre/medi-vision-assistant-ai">MediVision Assistant</a> by @omkardongre is an AI healthcare companion that helps elderly and disabled users manage their health through voice, image, and video. Users can scan medications, analyze skin conditions, log symptoms by voice, and chat with an AI doctor-like assistant.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @omkardongre generate React components, API templates, and AI integration code. It handled the boilerplate so they could focus on building features and improving the experience.
<h3 class="wp-block-heading" id="h-quiviva-the-resume-that-talks-back">Quiviva: The résumé that talks back</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="640" width="1024" src="https://github.blog/wp-content/uploads/2025/10/quiviva.png?resize=1024%2C640" alt="A colorful web interface titled “An Interactive CV that Talks Back.” The animation shows a chatbot window on the right where users can type questions to Kasia’s AI-powered résumé. The left side explains the project as a playful mix of AI, design, and storytelling, with a list of example questions and a button to download the CV as a PDF." class="wp-image-91762" srcset="https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=3584 3584w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=1536 1536w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=2048 2048w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=288 288w, https://github.blog/wp-content/uploads/2025/10/quiviva.png?w=3000 3000w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/katawiecz/quiviva">Quiviva</a> by @katawiecz is an interactive AI-powered CV that turns a job hunt into a chat adventure. Ask about skills or projects, or type “Gandalf” to unlock secret nerd mode. All this goes to show that even résumés can be fun.</p>
<h2 class="wp-block-heading" id="%f0%9f%95%b9%ef%b8%8f-game-on">🕹️ Game on</h2>
<h3 class="wp-block-heading" id="ai-dventure-infinite-worlds-infinite-choices">AI-Dventure: Infinite worlds, infinite choices</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" width="1009" height="672" src="https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=1009&resize=1009%2C672" alt="A screenshot of a text adventure game." class="wp-image-91761" srcset="https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=1009 1009w, https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/ai-dventure.png?w=768 768w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/FedeCarollo/ai_dventure">AI-Dventure</a> by @FedeCarollo is an interactive text adventure built in Rust and powered by OpenAI’s models. Players explore dynamically generated worlds in fantasy, horror, sci-fi, or historical settings where every command shapes the story and no two runs are the same.</p>
<h3 class="wp-block-heading" id="h-beatbugging-debug-to-the-beat">BeatBugging: Debug to the beat</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" width="759" height="437" src="https://github.blog/wp-content/uploads/2025/10/beatbugging.png?w=759&resize=759%2C437" alt="A retro-style terminal interface titled “BEATBUGGING SYSTEM” shows a progress bar at 25%, simulating the initialization of a “musical debugging interface” with audio frequencies, memory readouts, and ASCII symbols displayed on a dark screen." class="wp-image-91760" srcset="https://github.blog/wp-content/uploads/2025/10/beatbugging.png?w=759 759w, https://github.blog/wp-content/uploads/2025/10/beatbugging.png?w=300 300w" sizes="auto, (max-width: 759px) 100vw, 759px" /></figure>
<p><a href="https://github.com/sandra-aliaga/beatbugging">BeatBugging</a> by @sandra-aliaga, @Joshep-c, @RyanValdivia, and @tniia turns debugging into a rhythm game that converts your system logs into musical beats. Built in Python, it lets you fix bugs to the rhythm on a 5-by-5 grid and makes debugging sound unexpectedly good.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped the team figure out next steps when they got stuck, offering helpful hints that kept development moving.
<h3 class="wp-block-heading" id="mumind-a-multiplayer-battle-of-wits-and-vibes">MuMind: A multiplayer battle of wits and vibes</h3>
<p><a href="https://github.com/FontesHabana/MuMind">MuMind</a> by @FontesHabana is a web-based multiplayer version of the party game Herd Mentality, where players try to match the majority’s answers to score points. Built with React, Tailwind CSS, and Framer Motion, it offers multilingual support, lively animations, and a smooth, responsive experience.</p>
<h2 class="wp-block-heading" id="%f0%9f%83%8f-everything-but-the-kitchen-sink">🃏 Everything but the kitchen sink</h2>
<h3 class="wp-block-heading" id="gitfrag-defrag-your-contributions-graph">GitFrag: Defrag your contributions graph</h3>
<figure class="wp-block-video"><video autoplay controls loop muted src="https://github.blog/wp-content/uploads/2025/10/gitfrag.mp4"></video></figure>
<p>@chornonoh-vova built <a href="https://github.com/chornonoh-vova/gitfrag">GitFrag</a> to reorganize your contributions graph using classic sorting algorithms (bubble, merge, quick, and counting sort). Each is visualized with smooth progress animations, GitHub login, and dark mode support. There’s also a<a href="https://www.chornonoh-vova.com/blog/gitfrag-challenge"> wonderful writeup of how the developer approached it</a>.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @chornonoh-vova structure their understanding of algorithms and add thoughtful details that made their visualization shine.
<h3 class="wp-block-heading" id="h-code-sensei-meditate-your-way-through-vs-code">Code Sensei: Meditate your way through VS Code</h3>
<p><a href="https://github.com/redhatsam09/code-sensei">Code Sensei</a> by @redhatsam09 turns your VS Code sessions into a zen pixel adventure where your focus fuels the fun. Type to walk, pause to hop—but stay away too long away and your sensei meets a dramatic, 8-bit demise.</p>
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
<iframe loading="lazy" title="Code Sensei" width="500" height="281" src="https://www.youtube.com/embed/MHrUYFEAnhU?feature=oembed" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
</div></figure>
<h3 class="wp-block-heading" id="h-reviewer-karma-good-vibes-for-great-reviews">Reviewer Karma: Good vibes for great reviews</h3>
<figure class="wp-block-image size-large"><img data-recalc-dims="1" loading="lazy" decoding="async" height="702" width="1024" src="https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?resize=1024%2C702" alt="A leaderboard titled “Scoring System” and “Current Rankings” shows how reviewers earn points for giving code reviews, using positive emojis, and writing constructive comments. The rankings table lists @alice in first place with 18 points, followed by @bob, @carol, @dave, and @eve." class="wp-image-91759" srcset="https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=1796 1796w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=300 300w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=768 768w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=1024 1024w, https://github.blog/wp-content/uploads/2025/10/reviewer-karma.png?w=1536 1536w" sizes="auto, (max-width: 1000px) 100vw, 1000px" /></figure>
<p><a href="https://github.com/master-wayne7/reviewer-karma-action">Reviewer Karma</a> by @master-wayne7 keeps your pull requests peaceful by rewarding reviewers for good vibes and great feedback. Every emoji, comment, and code critique earns points on a live leaderboard that turns pull request reviews into a friendly competition.</p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M23.922 16.992c-.861 1.495-5.859 5.023-11.922 5.023-6.063 0-11.061-3.528-11.922-5.023A.641.641 0 0 1 0 16.736v-2.869a.841.841 0 0 1 .053-.22c.372-.935 1.347-2.292 2.605-2.656.167-.429.414-1.055.644-1.517a10.195 10.195 0 0 1-.052-1.086c0-1.331.282-2.499 1.132-3.368.397-.406.89-.717 1.474-.952 1.399-1.136 3.392-2.093 6.122-2.093 2.731 0 4.767.957 6.166 2.093.584.235 1.077.546 1.474.952.85.869 1.132 2.037 1.132 3.368 0 .368-.014.733-.052 1.086.23.462.477 1.088.644 1.517 1.258.364 2.233 1.721 2.605 2.656a.832.832 0 0 1 .053.22v2.869a.641.641 0 0 1-.078.256ZM12.172 11h-.344a4.323 4.323 0 0 1-.355.508C10.703 12.455 9.555 13 7.965 13c-1.725 0-2.989-.359-3.782-1.259a2.005 2.005 0 0 1-.085-.104L4 11.741v6.585c1.435.779 4.514 2.179 8 2.179 3.486 0 6.565-1.4 8-2.179v-6.585l-.098-.104s-.033.045-.085.104c-.793.9-2.057 1.259-3.782 1.259-1.59 0-2.738-.545-3.508-1.492a4.323 4.323 0 0 1-.355-.508h-.016.016Zm.641-2.935c.136 1.057.403 1.913.878 2.497.442.544 1.134.938 2.344.938 1.573 0 2.292-.337 2.657-.751.384-.435.558-1.15.558-2.361 0-1.14-.243-1.847-.705-2.319-.477-.488-1.319-.862-2.824-1.025-1.487-.161-2.192.138-2.533.529-.269.307-.437.808-.438 1.578v.021c0 .265.021.562.063.893Zm-1.626 0c.042-.331.063-.628.063-.894v-.02c-.001-.77-.169-1.271-.438-1.578-.341-.391-1.046-.69-2.533-.529-1.505.163-2.347.537-2.824 1.025-.462.472-.705 1.179-.705 2.319 0 1.211.175 1.926.558 2.361.365.414 1.084.751 2.657.751 1.21 0 1.902-.394 2.344-.938.475-.584.742-1.44.878-2.497Z"></path><path d="M14.5 14.25a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Zm-5 0a1 1 0 0 1 1 1v2a1 1 0 0 1-2 0v-2a1 1 0 0 1 1-1Z"></path></svg> Copilot cameo: GitHub Copilot helped @master-wayne7 write efficient Go code for the GitHub API, structure logic for assigning karma points, and handle repetitive tasks like error checking and markdown generation. It kept the project flowing smoothly from start to finish.
<hr class="wp-block-separator has-alpha-channel-opacity">
<h2 class="wp-block-heading" id="these-projects-show-whats-possible-when-we-let-our-curiosity-take-center-stage">These projects show what’s possible when we let our curiosity take center stage</h2>
<p>Remember these are hackathon projects. They might not be feature complete, there may be bugs, spaghetti code, and the occasional rogue program escaped from the Grid. But they are clear examples of what we can accomplish when we do something just for the love of it.</p>
<p>All of our category winners get 12 months of GitHub Copilot Pro+.</p>
<p>If <em>For the Love of Code</em> proved anything, it’s that creativity and code thrive best together—especially with Copilot lending a hand.</p>
<h2 class="wp-block-heading" id="shoutout-to-the-makers">Shoutout to the makers</h2>
<p>Congratulations to all of our winners: @Anmol0201, @answeryt, @Awesome-XV, @chornonoh-vova, @cpstroum, @Critlist, @FedeCarollo, @FontesHabana, @heza-ru, @joshep-c, @katawiecz, @lepetitprince99, @master-wayne7, @omkardongre, @RyanValdivia, @ozh, @rawrnuck, @redhatsam09, @sandra-aliaga, @shirsakm, @SUNSET-Sejong-University, @tniia.</p>
<p>Massive thank you to our judges, which included a mix of GitHub Stars, Campus Experts, and GitHub Developer Relations friends: @Ba4bes, @colbyfayock, @j0ashm, @JuanGdev, @howard-lio, @luckyjoseph, @metzinaround, @Taiwrash, and @xavidop.</p>
<p>And thank you Copilot for your assistance!</p>
<p>Now back to work everyone! Playtime is over.</p>
<p>💜 If you enjoyed <em>For the Love of Code</em>, stay tuned… <a href="https://itch.io/jam/game-off-2025"><em>Game Off 2025</em></a> begins this November!</p>
</body></html>
<p>The post <a href="https://github.blog/open-source/from-karaoke-terminals-to-ai-resumes-the-winners-of-githubs-for-the-love-of-code-challenge/">From karaoke terminals to AI résumés: The winners of GitHub’s For the Love of Code challenge</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91749</post-id> </item>
<item>
<title>Top security researcher shares their bug bounty process</title>
<link>https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/</link>
<dc:creator><![CDATA[Shilpa Kumari]]></dc:creator>
<pubDate>Wed, 22 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[Application security]]></category>
<category><![CDATA[Security]]></category>
<category><![CDATA[Supply chain security]]></category>
<category><![CDATA[Vulnerability research]]></category>
<category><![CDATA[Web application security]]></category>
<category><![CDATA[bug bounty]]></category>
<category><![CDATA[cybersecurity]]></category>
<category><![CDATA[Cybersecurity Awareness Month]]></category>
<category><![CDATA[GitHub Security]]></category>
<guid isPermaLink="false">https://github.blog/?p=91734</guid>
<description><![CDATA[<p>For this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!</p>
<p>The post <a href="https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/">Top security researcher shares their bug bounty process</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p><em>As we wrap Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight another top performing security researcher who participates in the GitHub Security Bug Bounty Program, André Storfjord Kristiansen!</em></p>
<p>GitHub is dedicated to maintaining the security and reliability of the code that powers millions of development projects every day. <a href="https://bounty.github.com/">GitHub’s Bug Bounty Program</a> is a cornerstone of our commitment to securing both our platform and the broader software ecosystem.</p>
<p>With the rapid growth of AI-powered features like <a href="https://github.com/features/copilot">GitHub Copilot</a>, <a href="https://docs.github.com/en/copilot/concepts/agents/coding-agent/about-coding-agent">GitHub Copilot coding agent</a>, <a href="https://githubnext.com/projects/github-spark">GitHub Spark</a>, and more, our focus on security is stronger than ever—especially as we pioneer new ways to assist developers with intelligent coding. Collaboration with skilled security researchers remains essential, helping us identify and resolve vulnerabilities across both traditional and emerging technologies.</p>
<p>We have also been closely auditing the researchers participating in our public program—to identify those who consistently demonstrate expertise and impact—and inviting them to our exclusive VIP bounty program. VIP researchers get direct access to:</p>
<ul class="wp-block-list">
<li>Early previews of beta products and features before public launch</li>
<li>Dedicated engagement with GitHub Bug Bounty staff and the engineers behind the features they’re testing 😄</li>
<li>Unique Hacktocat swag—including this year’s brand new <a href="https://bugbounty.printengine.com/page/2/">collection</a>!</li>
</ul>
<p>Explore <a href="https://github.blog/security/vulnerability-research/githubs-revamped-vip-bug-bounty-program/#how-can-one-receive-an-invite">this blog post</a> to learn more about our VIP program and discover how you can <a href="https://bounty.github.com/#:~:text=How%20can%20I%20earn%20an%20invitation%20to%20the%20GitHub%20VIP%20program%3F">earn an invitation</a>!</p>
<p>As part of ongoing <a href="https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/">Cybersecurity Awareness Month celebration</a> this October, we’re spotlighting another outstanding researcher from our Bug Bounty program and exploring their unique methodology, techniques, and experiences hacking on GitHub. <strong>@dev-bio</strong> is particularly skilled in identifying injection-related vulnerabilities and has discovered some of the most subtle and impactful issues in our ecosystem. They are also known for providing thorough, detailed reports that greatly assist with impact assessments and enable us to take quicker, more effective action.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p><strong>How did you get involved with Bug Bounty? What has kept you coming back to it?</strong></p>
<p>I got involved with the program quite coincidentally while working on a personal project in my spare time. Given my background in (and passion for) software engineering, I’m always curious about how systems behave, especially when it comes to handling complex edge cases. That curiosity often leads me to pick apart new features or changes I encounter to see how they hold up—something that has taken me down fascinating rabbit holes and ultimately led to some findings with great impact.</p>
<p>What keeps me going is the thrill of showing how seemingly minor issues can have real-world impact. Taking something small and possibly overlooked, exploring its implications, and demonstrating how it could escalate into a serious vulnerability feels very rewarding.</p>
<p><strong>What do you enjoy doing when you aren’t hacking?</strong></p>
<p>Having recently become a father of two, much of my time outside of work revolves around being present with my family and striving to be the best version of myself for them. I also want to acknowledge that my partner—my favorite person and better half—has been incredibly supportive. Even if she has no clue what I’m doing during my late-night sessions, she gives me uninterrupted time to work on my side projects, for which I’m deeply grateful.</p>
<p>I’m from Norway, and one of the many benefits of living here is the easy access to incredible nature. We try to make the most of it together through hiking, camping, and cross-country skiing. Being out in the wilderness is a perfect way to disconnect, recharge, and gain perspective away from a busy world. We find that after time outdoors, one can come back more grounded, with a clear mind and renewed focus.</p>
<p><strong>How do you keep up with and learn about vulnerability trends?</strong></p>
<p>I stay up to date by reading write-ups from other researchers, which are an excellent way to see how others are approaching problems and what kinds of vulnerabilities are being uncovered. While this is important, one should also attempt to stay ahead of the curve, so I try to identify and dive into areas that are in need of further research.</p>
<p>Professionally, as a security engineer, my primary area of expertise is software supply chain security, an often-neglected but increasingly important field. I spend much of my time researching gaps and developing solutions to mitigate emerging threats. I’m also very lucky to work closely with some of the best talent in Norway.</p>
<p><strong>What tools or workflows have been game-changers for your research? Are there any lesser-known utilities you recommend?</strong></p>
<p>When doing research in my spare time, I prefer to write my own tools rather than relying solely on what you get off the shelf, as I find that it gives me a deeper understanding of the problem and helps me identify new areas that could be worth exploring in the future.</p>
<p>None of my personal security tooling has been published yet, but I plan to—eventually™—release a toolkit to build comprehensive offline graphs of GitHub organizations with an extensible query suite to quickly uncover common misconfigurations and hidden attack paths.</p>
<p><strong>What are your favorite classes of bugs to research and why?</strong></p>
<p>I’m particularly drawn to injection-related vulnerabilities, subtle logical flaws, and overlooked assumptions that may not seem important at first glance. Recently, I’ve been intrigued by novel techniques for bypassing even the strictest content security policies.</p>
<p>What I enjoy most is demonstrating how seemingly benign findings can be chained together into something with significant impact. These vulnerabilities often expose weaknesses in the underlying design rather than just surface-level issues. My passion for building resilient systems naturally shapes this approach, driving me to explore how small cracks can compromise a system’s overall integrity.</p>
<p><strong>You’ve found some complex and significant bugs in your work. Can you talk a bit about your process?</strong></p>
<p>The most significant discoveries I have made in my spare time have been coincidental and, in most cases, a side effect of being sidetracked by my own curiosity, rather than the result of a targeted approach with a rigid methodology.</p>
<p>I’ve always had an insatiable curiosity and fascination with how systems work under the hood, and I let that curiosity guide my process outside of work. When I notice something unusual, I dig deeper, peeling back the layers until I fully understand what’s happening. From there—if it’s worthwhile—I carefully document each step to map out potential attack paths and piece together a clear, comprehensive picture of the vulnerability, which enables me to build a strong foundation for further analysis and reporting.</p>
<p><strong>Do you have any advice or recommended resources for researchers looking to get involved with Bug Bounty?</strong></p>
<p>Don’t settle for a simple finding. Dig deeper and explore its implications. When you have a grasp of the bigger picture, seemingly benign issues could turn out to have substantial impact.</p>
<p><strong>Do you have any social media platforms you’d like to share with our readers?</strong></p>
<p>Currently I have a <a href="https://pages.dev.bio/">page</a>, where I’ll be posting interesting content in the near future. I’m also on <a href="https://www.linkedin.com/in/storfjord">LinkedIn</a>.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p>Thank you, @dev-bio, for participating in GitHub’s bug bounty researcher spotlight! Each submission to our bug bounty program is a chance to make GitHub, our products, and our customers more secure, and we continue to welcome and appreciate collaboration with the security research community. So, if this inspired you to go hunting for bugs, feel free to report your findings through <a href="https://www.hackerone.com/Github">HackerOne</a>.</p>
</body></html>
<p>The post <a href="https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/">Top security researcher shares their bug bounty process</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91734</post-id> </item>
<item>
<title>How to update community health files with AI</title>
<link>https://github.blog/ai-and-ml/github-copilot/how-to-update-community-health-files-with-ai/</link>
<dc:creator><![CDATA[Alexandra Lietzke]]></dc:creator>
<pubDate>Tue, 21 Oct 2025 16:00:00 +0000</pubDate>
<category><![CDATA[AI & ML]]></category>
<category><![CDATA[GitHub Copilot]]></category>
<category><![CDATA[community health files]]></category>
<category><![CDATA[maintainers]]></category>
<guid isPermaLink="false">https://github.blog/?p=91663</guid>
<description><![CDATA[<p>Have you ever thought about using AI to update community health files for your repositories? This blog shares actionable next steps for doing just that, including a starter kit with a checklist and tutorials on how to create three useful files.</p>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-to-update-community-health-files-with-ai/">How to update community health files with AI</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>Maintaining your project’s community health files shouldn’t get in the way of writing code. <a href="https://github.com/features/copilot">GitHub Copilot</a> can help you update and enhance your documentation, so you can stay focused on what really matters: working on the projects that excite you most.</p>
<p>In this blog, we’ll touch on some of the most common community health files (focusing on <code>README</code>, contributor guides, and licenses) and why they’re so important for maintainers, along with actionable steps you can take to add them to your projects. ✨</p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--8" style="border-top-width:4px">
<h2 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-what-is-github-copilot" style="margin-top:0">What is GitHub Copilot?</h2>
<p><a href="https://github.com/features/copilot">GitHub Copilot</a> has evolved from a smart autocomplete tool into a multi-model, agentic assistant that understands your entire codebase and can carry out cross-file refactors, run terminal commands, and even draft pull requests.</p>
</aside>
<h2 class="wp-block-heading" id="what-are-community-health-files-and-why-are-they-so-important">What are community health files and why are they so important?</h2>
<p><strong>Community health files</strong> are standardized documents that help maintain a welcoming, organized, and collaborative environment in <a href="https://github.blog/open-source/new-to-open-source-heres-everything-you-need-to-get-started/">open source projects</a>. These files communicate expectations, guide contributors, and support the overall health of a repository. They do <em>not</em> include technical documentation or code itself, but rather the scaffolding that supports healthy collaboration. You can typically find them in a repository’s root directory or in a special <code>.github</code> folder (if they need to be applied across multiple repositories).</p>
<p>Keeping these files up-to-date should be considered <a href="https://opensource.guide/building-community/">a practical investment into your project’s future and reputation</a>, as they’re often the first touchpoint for new contributors, and their existence signals project maturity and maintainability. They not only improve transparency, consistency, and collaboration, but also help set the tone for how contributors and maintainers interact and engage productively. </p>
<p>If crucial community health files are missing or outdated, everyone feels the effects. Picture this: Your open source project starts gaining traction with new contributors. They want to help, but your repository doesn’t have the right files, which leads to contributors unintentionally formatting pull requests incorrectly, opening vague issues, and even introducing security vulnerabilities—all because they didn’t know the proper procedures from the start. Now, your maintainers are overwhelmed and faced with answering the same questions over and over, while also trying to retroactively enforce standards.</p>
<p>It’s clear that the presence of these files helps promote efficiency and clearly communicates best practices, which in turn, creates a better environment for contributors and makes life easier for maintainers—and thanks to AI, the process doesn’t have to be manual. AI tools like GitHub Copilot, for example, can automatically detect missing or stale files, suggest updates, and even generate drafts—saving time and reducing human error. </p>
<p>Here are three common types of community health files and why they’re so important for building a welcoming community (and don’t worry, we’ll tell you exactly how you can generate your own with Copilot later in this blog!): </p>
<p><strong>README</strong><br>Often one of the first things a visitor sees when viewing a repository, a<strong> </strong><a href="http://readme.md"><strong><code>README.MD</code></strong></a><strong> </strong>introduces the project and explains its purpose, along with how to get started. Intended to help remove barriers, this document gives your users crucial information they need to quickly get up and running—like what the project is, information on its features, and how to install or use it. </p>
<p><strong>CONTRIBUTOR GUIDE</strong><strong><br></strong>A <strong>contributor guide</strong> provides guidelines on how contributors can and should participate—things like coding standards and pull request instructions. This guide tells users how they can efficiently contribute and what to expect. For instance, does the project even accept contributions? Contributor guides help set standards and expectations.</p>
<p><strong>LICENSE</strong><strong><br></strong>A <strong>license </strong>specifies the legal terms under which the project can be used, modified, and distributed. In short, it tells people how they can use your software. A common example of this type of file is the MIT License. </p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--9" style="border-top-width:4px">
<h2 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-choosing-the-right-kind-of-license-for-your-project" style="margin-top:0">Choosing the right kind of license for your project</h2>
<p>While you are not required to choose a license for your repository, if you don’t add one, others do not have permission to use, modify, or distribute your code. If you want your repository to be recognized as Open Source, according to the <a href="https://opensource.org/">Open Source Initiative</a> (OSI) and its definition, you should select a widely used OSI-approved <a href="https://opensource.org/licenses">Open Source License</a>.</p>
<p>Here are some resources on how to choose the right license and add it to your repository: </p>
<ul class="wp-block-list">
<li><a href="https://choosealicense.com/">How to choose an open source license</a></li>
<li><a href="https://opensource.guide/legal/#which-open-source-license-is-appropriate-for-my-project">The Legal Side of Open Source</a></li>
<li><a href="https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository">Licensing a repository</a></li>
<li><a href="https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/adding-a-license-to-a-repository">Adding a license to a repository</a></li>
</ul>
</aside>
<p>Here are some other popular <a href="https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/creating-a-default-community-health-file">community health files</a>: </p>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>ISSUE/PULL REQUEST TEMPLATES</strong></td><td>Standardizes the format and information required when submitting issues or pull requests.</td></tr><tr><td><strong>SECURITY</strong></td><td>Provides instructions for reporting vulnerabilities and outlines the project’s security policy.</td></tr><tr><td><strong>GOVERNANCE</strong></td><td>Explains how the project is managed, including roles, responsibilities, and decision-making processes.</td></tr><tr><td><strong>CODE OF CONDUCT</strong></td><td>Defines standards for how to engage in a community.</td></tr><tr><td><strong>SUPPORT</strong></td><td>Shares specific guidance on how others can get help with your project.</td></tr><tr><td><strong>FUNDING</strong></td><td>Displays a sponsor button in your repository to increase the visibility of funding options for your open source project.</td></tr></tbody></table></figure>
<p>And while it’s not exactly considered a community health file, we wanted to give an honorable mention to… the <a href="https://docs.github.com/en/copilot/how-tos/configure-custom-instructions/add-repository-instructions"><strong>Copilot instructions file</strong></a>, which is an AI configuration that complements health docs. It uses the other community health files as context and tells GitHub Copilot exactly how to interact with the codebase, including what to prioritize or avoid. This file helps ground the LLM—whether you’re using GitHub Copilot or another LLM in VS Code, on <a href="https://github.com">github.com</a>, or Copilot coding agent—giving it an understanding of what your project is and how it’s structured, allowing for consistency across your codebase. </p>
<p>Having these kinds of files in your project is so important, especially when it comes to scaling open source projects where maintainers probably don’t have time to personally help every contributor.<br><br>That’s where time-saving tools like GitHub Copilot come in handy. Keep on reading for actionable next steps, tips, and tutorials on the most efficient ways to add these files to your repositories. ✨</p>
<h2 class="wp-block-heading" id="starter-kit-how-to-update-community-health-files-using-github-copilot">Starter kit: How to update community health files using GitHub Copilot</h2>
<p>We created a starter kit for you that explains how you can use AI to add these valuable files to your projects, complete with prompting best practices, a checklist full of things to consider, and step-by-step tutorials on how to add three common files to your repository using Copilot. Let’s dive in. </p>
<h3 class="wp-block-heading" id="h-part-one-prompting">Part one: Prompting</h3>
<p>Whether you’re starting from scratch or refining existing documentation, GitHub Copilot can help you write clearer, more consistent community health files with just a few prompts. </p>
<p>One thing to note: The LLMs powering GitHub Copilot are nondeterministic, which means that you can receive different outputs each time you prompt the model. <a href="https://github.blog/ai-and-ml/generative-ai/prompt-engineering-guide-generative-ai-llms/">Prompt engineering</a> can drastically improve the quality and relevance of the outputs you get from an LLM, but you’ll still want to verify the accuracy of these outputs, especially when using Copilot to generate more sensitive files like licenses that have legal weight.  </p>
<aside data-color-mode="light" data-dark-theme="dark" data-light-theme="light_dimmed" class="wp-block-group post-aside--large p-4 p-md-6 is-style-light-dimmed has-global-padding is-layout-constrained wp-block-group-is-layout-constrained is-style-light-dimmed--10" style="border-top-width:4px">
<h3 class="wp-block-heading h5-mktg gh-aside-title is-typography-preset-h5" id="h-prompting-best-practices" style="margin-top:0">Prompting best practices</h3>
<p>Want better suggestions from Copilot when generating community health files? Try these tips when writing your prompts:</p>
<ul class="wp-block-list">
<li>Write clear, structured prompts, like “Generate a <code>CONTRIBUTING.md</code> file for a <code>Node.js</code> project that includes setup instructions, coding standards, and pull request guidelines.”</li>
<li>For an even better prompt, make sure you include important context like audience type, project goals, and tone.</li>
<li>Use <a href="https://docs.github.com/en/copilot/tutorials/customization-library/prompt-files/create-readme">existing prompt files</a> to help standardize requests.</li>
</ul>
</aside>
<h3 class="wp-block-heading" id="h-part-two-checklist">Part two: Checklist</h3>
<p>This checklist helps ensure that Copilot-generated content is accurate, inclusive, secure, and aligned with your project’s goals.</p>
<h4 class="wp-block-heading" id="h-before-you-start">🔍 Before you start</h4>
<ul class="wp-block-list">
<li>Have you reviewed existing community health files in similar or related repositories?</li>
<li>Do you have clear goals for what each file should communicate (e.g., onboarding, behavior expectations, security reporting)?</li>
<li>Are you familiar with your organization’s GitHub usage policies and branding guidelines?</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%a7%a0-prompting-copilot-effectively">🧠 Prompting Copilot effectively</h4>
<ul class="wp-block-list">
<li>Are your prompts specific and contextual? (e.g., “Generate a <code>CONTRIBUTING.md</code> for a Python-based open source project with a code style guide.”)</li>
<li>Have you included examples or tone preferences in your prompt? (e.g., “Use inclusive language and a welcoming tone.”)</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%9b%a1%ef%b8%8f-security-privacy">🛡️ Security & privacy</h4>
<ul class="wp-block-list">
<li>Are you avoiding prompts that include sensitive or proprietary information (e.g., internal credentials, private URLs, confidential project names)?</li>
<li>Have you reviewed your repository’s visibility settings (public vs. private) and ensured that community health files are appropriate for that audience?</li>
<li>Are you familiar with GitHub Copilot’s privacy settings and how your prompts and suggestions are handled?</li>
<li>Will your <code>SECURITY.md</code> include:
<ul class="wp-block-list">
<li>A clear contact method for reporting vulnerabilities?</li>
<li>A brief explanation of how security issues are triaged?</li>
<li>Any relevant links to your organization’s responsible disclosure policy?</li>
</ul>
</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%a7%be-reviewing-copilot-output">🧾 Reviewing Copilot output</h4>
<ul class="wp-block-list">
<li>Does the generated content reflect your project’s values and community standards?</li>
<li>Have you checked for hallucinated links, names, or policies that don’t exist?</li>
<li>Are all references to external resources accurate and up-to-date?</li>
</ul>
<h4 class="wp-block-heading" id="%f0%9f%a7%aa-testing-feedback">🧪 Testing & feedback</h4>
<ul class="wp-block-list">
<li>Have you asked a teammate or contributor to review the generated files?</li>
<li>Have you tested any instructions (e.g., setup steps in <code>README</code> or <code>CONTRIBUTING</code>) to ensure they work?</li>
<li>Are you open to iterating based on community feedback?</li>
</ul>
<h3 class="wp-block-heading" id="h-part-three-tutorial">Part three: Tutorial</h3>
<p>In this tutorial, we’ll walk through how you can use Copilot to quickly and easily update <code>README.md</code>, a <code>LICENSE</code> file, and <code>CONTRIBUTING.md</code>.</p>
<h4 class="wp-block-heading" id="%f0%9f%93%9d-create-a-readme">📝 Create a README </h4>
<p><strong>Why make a <code>README</code>? </strong>Adding a <code>README</code> provides a clear overview of your project, helping users and contributors quickly understand its purpose, setup, and usage. Without it, potential users could abandon your repository due to confusion or lack of context.</p>
<p>Here’s how to make one: </p>
<ol class="wp-block-list">
<li><strong>Open GitHub Copilot Chat</strong> in your IDE (e.g., VS Code).</li>
<li><strong>Switch to agent mode</strong> to enable project-aware assistance.</li>
<li><strong>Select your preferred model</strong> (e.g., Claude for strong writing and coding support).</li>
<li><strong>Ensure your project is open</strong> in the IDE so Copilot can read its context (e.g., <code>package.json</code>, <code>app.tsx</code>).</li>
<li>In the chat window, type: “Help me write a <code>README.md</code> for my project. Ensure it includes installation instructions, a project overview, and follows standard <code>README</code> practices.”</li>
<li><strong>Review the generated README.md</strong>. Copilot will analyze your project files and generate a structured <code>README.md</code>.</li>
<li><strong>Validate the installation instructions manually</strong> to ensure accuracy (LLMs may <a href="https://github.blog/ai-and-ml/llms/demystifying-llms-how-they-can-do-things-they-werent-trained-to-do/#hallucinations">hallucinate)</a>.</li>
<li>If satisfied, <strong>click “Keep”</strong> to save the <code>README.md</code> file.</li>
<li><strong>Commit the <code>README.md</code></strong> to your repository.</li>
</ol>
<h4 class="wp-block-heading" id="%f0%9f%93%84-add-a-license">📄 Add a license</h4>
<p><strong>Why make a license? </strong>A license defines how others can legally use, modify, and distribute your code, protecting both your rights and theirs. It removes ambiguity and prevents misuse, making your project safer to adopt and contribute to.</p>
<p>Here’s how to add one: </p>
<ol class="wp-block-list">
<li><strong>Open GitHub Copilot Chat</strong> in your IDE.</li>
<li>Decide <a href="https://docs.github.com/en/repositories/managing-your-repositorys-settings-and-features/customizing-your-repository/licensing-a-repository">what kind of license you want to add</a>.</li>
<li>Type the following prompt: “Can you add [the license you want] to my project?”</li>
<li>Copilot will generate a <code>LICENSE</code> file with the license of your choice. </li>
<li><strong>Review the license</strong> to ensure it’s accurate (especially any copyright owner names and statements).</li>
<li>If correct, <strong>click “Keep”</strong> to save the file.</li>
<li><strong>Commit the <code>LICENSE</code> file</strong> to your repository.</li>
</ol>
<h4 class="wp-block-heading" id="%f0%9f%a4%9d-create-a-contributor-guide">🤝  Create a contributor guide</h4>
<p><strong>Why make a contributor guide? </strong>A contributor guide streamlines collaboration by outlining contribution standards, workflows, and expectations. This makes it easier for others to get involved with your project. The goal is to reduce friction and errors while also encouraging consistent, scalable contributions.</p>
<p>Here’s how to create one: </p>
<ol class="wp-block-list">
<li><strong>Open GitHub Copilot Chat</strong> in your IDE.</li>
<li>Click the <strong>“+” icon</strong> to start a new chat.</li>
<li>Type this prompt: <em>“Create a contributing guide file that follows best practices and link it in the <code>README</code>.”</em></li>
<li>Copilot will generate a <code>CONTRIBUTING.md</code> file with:
<ul class="wp-block-list">
<li>Contribution guidelines</li>
<li>Code standards</li>
<li>Pull request instructions</li>
<li>Issue reporting process</li>
</ul>
</li>
<li><strong>Review and edit</strong> the guide to match your team’s workflow.</li>
<li><strong>Save and commit</strong> the <code>CONTRIBUTING.md</code> file.</li>
<li><strong>Update your README</strong> to include a link to the contributor guide:</li>
</ol>
<pre class="wp-block-code"><code>## Contributing
See <a href="https://m365.cloud.microsoft/CONTRIBUTING.md">CONTRIBUTING.md</a> for guidelines.</code></pre>
<h2 class="wp-block-heading" id="take-this-with-you">Take this with you</h2>
<p>GitHub Copilot isn’t just for writing code—it can be your documentation sidekick, too. Helping you write smarter, faster, and with less friction, Copilot sharpens your community health files, scales best practices, and turns good intentions into great documentation. </p>
<p>The result? Better docs, stronger communities, and happier maintainers.</p>
<div class="wp-block-group post-content-cta has-global-padding is-layout-constrained wp-block-group-is-layout-constrained">
<p><a href="https://docs.github.com/en/copilot/about-github-copilot/github-copilot-features">Read the Docs</a> to learn more about GitHub Copilot features or <a href="https://resources.github.com/copilot-for-business/?ef_id=_k_Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB_k_&OCID=AIDcmmc3fhtaow_SEM__k_Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB_k_&gclid=Cj0KCQjwsp6pBhCfARIsAD3GZubTXuCGU1hy65GlbZ2fA1YjoRRhw64GoF8UI-lrQsnWSqAWJ7dC3QoaAqQ4EALw_wcB">get started</a> today.</p>
</div>
</body></html>
<p>The post <a href="https://github.blog/ai-and-ml/github-copilot/how-to-update-community-health-files-with-ai/">How to update community health files with AI</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91663</post-id> </item>
<item>
<title>Inside the breach that broke the internet: The untold story of Log4Shell</title>
<link>https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/</link>
<dc:creator><![CDATA[Gregg Cochran]]></dc:creator>
<pubDate>Mon, 20 Oct 2025 16:00:16 +0000</pubDate>
<category><![CDATA[Open Source]]></category>
<category><![CDATA[Log4j]]></category>
<category><![CDATA[open source]]></category>
<category><![CDATA[Security]]></category>
<guid isPermaLink="false">https://github.blog/?p=91594</guid>
<description><![CDATA[<p>Log4Shell proved that open source security isn't guaranteed and isn’t just a code problem. It's about supporting, enabling, and empowering the people behind the projects that build our digital infrastructure.</p>
<p>The post <a href="https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/">Inside the breach that broke the internet: The untold story of Log4Shell</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></description>
<content:encoded><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html><body><p>When Christian Grobmeier went to help his son with a Minecraft problem, he found the game displaying a warning: “We are suffering from a security hole from Log4J, please be careful and update immediately.”</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>I stared at the screen and told my son,<strong> ‘I’m sorry, it’s my fault.’</strong></p>
<cite>Christian Grobmeier, Log4j maintainer</cite></blockquote>
<p>This is the untold story of how one maintainer and the <a href="https://github.com/apache/logging-log4j2">Log4j</a> team navigated a crisis that exposed critical gaps in our digital infrastructure and demonstrated the importance of open source security and sustainability. Now, initiatives like the <a href="https://resources.github.com/github-secure-open-source-fund/">GitHub Secure Open Source Fund</a> are working to make sure it never happens again.</p>
<p>It all started a few hours earlier on a cold November day, when Christian, who is a maintainer of the open source project Log4j, planned to spend time playing games with his son. Instead, he found himself staring at his phone, watching notifications pile up in his inbox—10, then 20 emails flooding in. When he saw the words “remote code execution,” his first thought was: “Maybe I’m on the wrong mailing list.”</p>
<p>He wasn’t. And within hours, Christian would be at the center of what became known as Log4Shell: the most severe vulnerability in internet history, affecting billions of devices from Fortune 500 companies to Minecraft servers worldwide.</p>
<p>“I told my son, I will play with you in like five minutes,” Christian recalls. “But he didn’t see me for the next couple of days.”</p>
<figure class="wp-block-table"><table class="has-fixed-layout"><tbody><tr><td><strong>Watch the full interview with Christian Grobmeier and Gregg Cochran, staff program manager at GitHub, above. 👆</strong></td></tr></tbody></table></figure>
<h2 class="wp-block-heading" id="h-the-ubiquity-that-made-log4shell-a-perfect-storm">The ubiquity that made Log4Shell a perfect storm</h2>
<p>Log4j is foundational software. This 20+ year-old Java logging library quietly powers system events in applications worldwide, like user logins and calculation results. But this small piece of software had quietly become a dependency in thousands of projects across the Java ecosystem.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Log4j is such a small, tiny library. But everybody can use it in their software.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>That ubiquity made Log4Shell devastating. Financial services companies relied on it for compliance auditing. E-commerce systems used it to track security incidents. Insurance companies needed it to monitor their software behavior. In a 2022 Tidelift survey, 49% of open source developers reported that their organization relies on Java—and most of them were using Log4j without even knowing it.</p>
<p>When Christian realized the scope of the vulnerability, the weight hit him immediately: “Literally all Java applications in the world could be affected. Even 10% would be a major problem. This would be catastrophic.”</p>
<h2 class="wp-block-heading" id="h-a-vulnerability-that-scored-a-perfect-10">A vulnerability that scored a perfect 10</h2>
<p>Log4Shell reveals how a seemingly innocent feature became an attack vector. Log4j used <a href="https://docs.oracle.com/cd/E19747-01/819-0076/jndi.html">Java’s Naming and Directory Interface</a> (JNDI) to provide flexibility, allowing developers to load software components from remote servers. But the library didn’t validate whether JNDI lookup strings were coming from trusted sources.</p>
<p>“How can a string break the internet?” Christian asks. </p>
<p>The exploitation was frighteningly simple. An attacker could input a malicious JNDI string into any application field that gets logged—a username field, a search box, even a Minecraft chat message—and execute remote code on the target system.</p>
<pre class="wp-block-code language-plaintext"><code>jndi:<protocol>://<server-name>:<port>/<path-to-object></code></pre>
<p>“You don’t even need to have special knowledge,” Christian notes. “You just run around and push the string wherever you want it.”</p>
<p class="purple-text text-gradient-purple-coral" style="margin-top:var(--wp--preset--spacing--40);margin-bottom:var(--wp--preset--spacing--40)"><strong>The Common Vulnerability Scoring System (CVSS) gave Log4Shell a perfect 10: the highest possible score.</strong></p>
<p class="purple-text text-gradient-purple-coral" style="margin-top:var(--wp--preset--spacing--40);margin-bottom:var(--wp--preset--spacing--40)">“The first time I heard about this score, I thought, maybe it’s not so bad,” Christian remembers. “And then after a couple of days, I thought, yeah, <strong>maybe we should extend this to a score of 15 or 20.</strong>“</p>
<h2 class="wp-block-heading" id="the-human-cost-of-maintaining-critical-infrastructure">The human cost of maintaining critical infrastructure</h2>
<p>The personal toll on maintainers during the Log4Shell crisis reveals the hidden human cost of our software supply chain. Christian and his team, mostly volunteers, suddenly found themselves responsible for patching a vulnerability affecting half the internet. The pressure was immense and deeply personal.</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Some of us stopped sleeping. We all felt that either we fix it right now in the next few days, or we close this project.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>Fixing the initial vulnerability led to the discovery of additional issues, creating what Christian describes as “a bag of water with a hole. When you patch the hole, you see another one.”</p>
<p>Meanwhile, the community response was mixed. “On the one hand, you have people who really hate you, and on the other hand, you have people who are really behind you,” Christian explains. </p>
<p>Perhaps most telling:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Nobody stops in to check on you. They check on the project. There’s also nobody standing up and saying, ‘hey, thank you for the good work you’re doing to remediate this issue.’</p>
<cite>Christian Grobmeier</cite></blockquote>
<h2 class="wp-block-heading" id="how-the-github-secure-open-source-fund-is-strengthening-security">How the GitHub Secure Open Source Fund is strengthening security</h2>
<p>The Log4Shell incident highlighted a critical gap in open source security: Maintainers often lack the training and resources to build security into their projects from the ground up. This realization sparked initiatives like the GitHub Secure Open Source Fund, which provides both funding and security training to critical open source projects.</p>
<p>The fund has been effective and efficient as a form of proactive protection, pooled resources, and shared responsibility. Think of it as “insurance” for the open source supply chain—helping make the digital ecosystem safer and reducing risks that could impact billions of users.</p>
<p>Christian participated in the <a href="https://github.blog/open-source/maintainers/securing-the-supply-chain-at-scale-starting-with-71-important-open-source-projects/">GitHub Secure Open Source Fund</a> security training program, and the impact was transformative.</p>
<p>The training didn’t just provide technical knowledge—it shifted his perspective. Christian explains, “With this training, developers are no longer the weakest link. Instead, they’re the first line of defense.”</p>
<p>This change in mindset is crucial. As Christian puts it:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Ignorance is by far the worst and most critical security hole. It will basically break all software.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>When asked if the GitHub Secure Open Source Fund training could have prevented Log4Shell, Christian is direct: “If this training had existed five years ago, maybe Log4Shell wouldn’t be here today.”</p>
<h2 class="wp-block-heading" id="technical-lessons-building-security-by-default">Technical lessons: Building security by default</h2>
<p>The Log4Shell incident taught the industry several critical lessons about secure development practices:</p>
<p><strong>1. Validate all external input</strong>: Never trust data that crosses trust boundaries, especially in foundational libraries that process user input.</p>
<p><strong>2. Disable dangerous features by default</strong>: Log4j now ships with JNDI lookups disabled by default. </p>
<p><strong>3. Implement defense in depth</strong>: Modern applications need multiple layers of protection, from input validation to runtime protections.</p>
<p><strong>4. Automate security scanning</strong>: Tools like GitHub’s code scanning and Dependabot can catch vulnerabilities before they reach production.</p>
<p><strong>5. Maintain a software bills of materials (SBOMs)</strong>: When Log4Shell hit, many organizations couldn’t determine if they were affected because they didn’t know their dependencies.</p>
<p>“I got phone calls from colleagues, asking me: ‘Am I really affected?’ SBOMs give you a technical way to find out what dependencies you’re using in a project,” Christian explains. </p>
<h2 class="wp-block-heading" id="industry-wide-lessons-for-sustainable-open-source">Industry-wide lessons for sustainable open source</h2>
<p>While the technical lessons from Log4Shell are crucial, technology changes aren’t enough. The deeper challenge lies in how we support the humans who maintain the open source infrastructure our world depends on. This crisis exposed several systemic issues in how we approach open source sustainability and security:</p>
<p><strong>Community is crucial</strong>: “If you’re maintaining open source software, just as one single person, that’s a risk,” Christian emphasizes.</p>
<p><strong>Security training needs to be accessible</strong>: Traditional security education often doesn’t reach the maintainers who need it most.</p>
<p><strong>Funding alone isn’t enough</strong>: While financial support helps, Christian found that training and community were equally important. When offered funding to pay team members, many declined due to tax implications or existing jobs.</p>
<p><strong>Kindness matters</strong>: “Behind every small open source library, there’s a human writing the code,” Christian reminds us. “If you find something that’s not right, help out instead of being angry.”</p>
<p><strong>Security can be improved for every project</strong>: During the program, Christian implemented multiple new security improvements, including hardening GitHub Actions against script injections, developing a new threat model, and collaborating with ScanCode to identify hidden Log4j artifacts in third-party code.</p>
<h2 class="wp-block-heading" id="your-role-in-securing-the-software-supply-chain">Your role in securing the software supply chain</h2>
<p>The Log4Shell story isn’t just about one vulnerability; it’s about the collective responsibility we all share in maintaining the open source ecosystem that powers the modern internet.</p>
<p><strong>For maintainers</strong>: Apply to programs like the <a href="https://resources.github.com/github-secure-open-source-fund/">GitHub Secure Open Source Fund</a>. <a href="http://gh.io/protect-your-project">Enable built-in security tools</a> like GitHub’s <a href="https://docs.github.com/en/code-security/code-scanning/introduction-to-code-scanning/about-code-scanning">code scanning</a> and <a href="https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide">Dependabot</a>. <a href="https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/exporting-a-software-bill-of-materials-for-your-repository">Export SBOMs</a> to help downstream users understand their dependencies, and <a href="https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/about-repository-security-advisories">publish security advisories</a> for all vulnerabilities found in your project.</p>
<p><strong>For enterprises: </strong>Become a Funding or Ecosystem Partner of the <a href="https://resources.github.com/github-secure-open-source-fund/">GitHub Secure Open Source Fund.</a> Invest engineering time in the upstream projects you depend on. Don’t just consume open source—contribute with code, documentation, security reviews, and funding.</p>
<p><strong>For individual developers</strong>: Select carefully the new dependencies that you pull in, for example by <a href="https://scorecard.dev/">checking their security posture</a>. Consider the data you process may be attacker controlled and strictly validate untrusted inputs to prevent unintended behavior. Contribute test cases and documentation.</p>
<h2 class="wp-block-heading" id="the-path-forward">The path forward</h2>
<p>Today, <a href="https://github.com/apache/logging-log4j2">Log4j</a> has an 8.3 OpenSSF score, which demonstrates good security practices.</p>
<p>But the broader lesson extends beyond any single project. As Christian puts it:</p>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
<p>Learning is the only cure for ignorance. So just keep learning.</p>
<cite>Christian Grobmeier</cite></blockquote>
<p>The Log4Shell incident showed us how quickly our digital world can be threatened by a single vulnerability. But it also demonstrated the power of the open source community to respond, adapt, and improve. The question isn’t whether the next critical vulnerability will emerge—it’s whether we’ll be ready for it.</p>
<hr class="wp-block-separator has-alpha-channel-opacity">
<p><strong>Ready to strengthen your open source project’s security?</strong> The GitHub Secure Open Source Fund provides funding, training, and resources to help maintainers build more secure software:</p>
<ul class="wp-block-list">
<li><strong>Projects and Maintainers:</strong> <a href="https://resources.github.com/github-secure-open-source-fund/">Apply now</a> to the GitHub Secure Open Source Fund and help make open source safer for everyone.</li>
<li><strong>Funding and Ecosystem Partners:</strong> <a href="https://docs.google.com/forms/d/e/1FAIpQLSeLMDmnxjbrneIPKlX8u3vK4I9ym6vRZPtWzMpT27apx6h9dw/viewform">Become a Funding or Ecosystem Partner</a> and support a more secure open source future. Join us on this mission to secure the software supply chain — at scale!</li>
</ul>
<hr class="wp-block-separator has-alpha-channel-opacity">
<h3 class="wp-block-heading" id="thank-you-to-all-of-our-partners">Thank you to all of our partners</h3>
<p>We couldn’t do this without our incredible network of partners. Together, we are helping secure the open source ecosystem for everyone! </p>
<p><strong>Funding Partners: </strong>Alfred P. Sloan Foundation, American Express, Chainguard, Datadog, Herodevs, Kraken, Mayfield, Microsoft, Shopify, Stripe, Superbloom, Vercel, Zerodha, 1Password</p>
<p><strong>Ecosystem Partners: </strong>Ecosyste.ms, CURIOSS, Digital Data Design Institute Lab for Innovation Science, Digital Infrastructure Insights Fund, Microsoft for Startups, Mozilla, OpenForum Europe, Open Source Collective, OpenUK, Open Technology Fund, OpenSSF, Open Source Initiative, OpenJS Foundation, University of California, Santa Cruz OSPO, Sovereign Tech Agency, SustainOSS</p>
</body></html>
<p>The post <a href="https://github.blog/open-source/inside-the-breach-that-broke-the-internet-the-untold-story-of-log4shell/">Inside the breach that broke the internet: The untold story of Log4Shell</a> appeared first on <a href="https://github.blog">The GitHub Blog</a>.</p>
]]></content:encoded>
<post-id xmlns="com-wordpress:feed-additions:1">91594</post-id> </item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=https%3A//github.blog/feed/

Home · About · News · Docs · Terms