We’re in the process of updating our policies, and we’d like to get your input! We want to hear what you think of them and whether any of our changes or clarifications can be improved. Head on over to our Site Policy repository to see the open pull requests.
About every six months, we review our terms and policies to make sure they’re as clear as they can be and decide whether we should make any updates. This time around, we’re very focused on bringing our policies into alignment with a new law in Europe known as the General Data Protection Regulation, so we’ve made some changes to our Privacy Statement and Terms of Service to cover our compliance with that law. We’ve made other changes to our terms to clarify account control and developer obligations when integrations are created for others.
Over the last few months, we’ve gotten a few questions asking about our General Data Protection Regulation (GDPR) compliance. We are proud to announce that we are compliant with the GDPR. Additionally, we have always provided the same level of privacy protection to our users regardless of their residency, location, or citizenship—and that will not change. We provide strong privacy and security protection to all of our users.
For the most part, our changes to the Privacy Statement are only points of clarification. GitHub doesn’t ask for more personal data from our users than we need to provide our services to you. Where we offer you the option of giving us more data, we provide you the ability to access and delete the data you have given us. For example, you can always remove your profile information, your comments in issues, and your repository contents. We have gone through our Privacy Statement to provide more context and transparency, though, so our users understand exactly why we ask for information and what we’ll do with it.
Much like the changes to the Privacy Statement, most of the changes to our terms are clarifications of pre-existing sections. Here are a few sections we’d like to highlight:
We’ll leave the pull requests open until 5 pm Friday, May 18. Then, we’ll take a week to go through your comments and make changes to improve the policies. We’ll enact the new policies on Friday, May 25.
We look forward to hearing from you!
GitHub is more than a home for code. It’s a forum for collaboration, a sandbox for testing, a launchpad for deployment, and often, a platform for learning new skills. After training thousands of people to use Git and GitHub, the GitHub Training Team has established a tried-and-true method for helping new developers retain more information and ramp up quickly as they begin their software journeys. And now, we’re making those experiences accessible to developers everywhere with GitHub Learning Lab.
Instead of a traditional tutorial or webcast, GitHub Learning Lab is an app that gives you a learning experience you can actively participate in, without leaving GitHub. Our friendly bot will take you through a series of practical, fun labs that will give you the skills you need in no time—and share helpful feedback along the way.
With GitHub Learning Lab, you’ll learn through issues opened by a bot in a GitHub repository. After you finish tasks, the bot will comment on your work and even review your pull requests like a project collaborator would.
If you have questions that come up while you complete a course, you can get answers in the GitHub Learning Lab Community Forum. This is a new way to get support from a community of learners and expert trainers (including members of the GitHub Training Team) as your journey progresses.
Check out the GitHub Learning Lab Community Forum
You’ll find five courses covering our most popular topics at launch:
Introduction to GitHub: Get an introduction to the most common, collaborative workflow for developers around the world.
Communicating using Markdown: Learn how to communicate on GitHub and beyond with Markdown’s simple syntax.
GitHub Pages: Host a website or blog directly from your GitHub repository.
Moving your project to GitHub: Get tips for migrating your code and contributors to GitHub.
Managing merge conflicts: Learn why merge conflicts happen and how to fix them.
Coming soon to GitHub Learning Lab:
Contributing to open source: Make your first open source contribution in a friendly mapping project.
This is just the beginning. We’ll be expanding how this app helps new developers, inviting new course authors, and adding more topics as we go. Let us know what you think in the Community Forum.
The GitHub for Visual Studio Extension team has been running a beta of pull request reviews from within Visual Studio for nearly a month, and we’re very excited to announce the feature has shipped this week!
Viewing, checking out, and reviewing pull requests are part of our every day workflow as GitHub users. And if you develop with Visual Studio, you no longer have to leave your editor to work in pull requests with your team.
The most recent release of our extension supports you through these common pull request workflows:
Pull request navigation
Review code
Address feedback in Visual Studio
This release also includes:
As we continue to build on the GitHub for Visual Studio Extension, we want to know how we can best support the workflows of our users and contributors. Even if you don’t write code in Visual Studio, we’re wondering:
Let us know on Twitter at @GitHubVS or head over to our tracking issue on pull request workflows to share your thoughts and help us improve our features!
If you haven’t already, be sure to follow us on Twitter at @GitHubVS to see what we’re up to or check out our repository and start contributing!
Whether you want to make repository conversations more productive or keep your code safe from accidental pull requests, our new maintainer tools are for you. Minimized comments, retired namespaces for popular projects, and new pull request requirements are just a few of the ways we’re making it easier for maintainers to grow healthy open source communities on GitHub. Here’s some more information about how they work:
Developers use comments in issues and pull requests to have conversations about the software they’re building on GitHub, but not all of the comments are equally constructive. Sometimes contributors share comments that are off-topic, misleading, or offensive.
While maintainers can edit or delete disruptive comments, they may not feel comfortable doing this, and it doesn’t allow the comment author to learn from their mistake. As part of our tiered moderation tools available to project owners, maintainers can now click in the top-right corner to minimize and hide comments—in addition to editing, deleting, or reporting them.
Minimized comments will be hidden by default with a reason for why it was minimized, giving more space to the comments that advance the conversation. Developers who view the project can choose to temporarily expand minimized comments by clicking “Show comment”.
Learn more about minimized comments
Many package managers allow developers to identify packages by the maintainer’s login and the project name, for example: Microsoft/TypeScript
or swagger-api/swagger-codegen
. This is an efficient way to describe a dependency, but sometimes maintainers delete or rename their accounts, allowing developers to intentionally or unknowingly create projects with the same name.
To prevent developers from pulling down potentially unsafe packages, we now retire the namespace of any open source project that had more than 100 clones in the week leading up to the owner’s account being renamed or deleted. Developers will still be able to sign up using the login of renamed or deleted accounts, but they will not be able to create repositories with the names of retired namespaces.
Popular open source projects receive lots of pull requests. While most of them are constructive, occasionally project owners receive a pull request from a collaborator who suggests changes from a stale branch or another collaborator’s fork.
Since the author can’t always respond to feedback on the proposed changes, these pull requests create noise for maintainers and do little to push the project forward.
To minimize noise, we no longer allow pull requests from contributors unaffiliated with the project or the changes proposed. Specifically, pull requests will be restricted if:
This should not affect automated workflows, private repositories, or repositories on GitHub Enterprise.
If you have questions about how these tools make it easier for your to grow welcoming communities around your project, check out this guide on building open source communities or get in touch with us.
March flew by, but you shipped some not-to-be-missed releases last month. Here’s a list of the ones that hit our radar—many of them 1.0s!
Congratulations to Fastify, which has reached a milestone 1.0 release. If you couldn’t guess from the name, Fastify is a Node.js web framework with an emphasis on speed. In addition to speed, Fastify has a flexible plugin system and 60 officially-recognized plugins. Version 1.0 solidifies the API and begins a period of long term support, with a commitment to security fixes. Be sure to read the Fastify 1.0 release announcement for more details.
Impress.js is also celebrating a 1.0 release. Have you ever wished you could make a presentation in your text editor instead of fighting with Keynote or PowerPoint? Your wishes can come true with impress.js, a presentation framework that uses HTML and CSS transformations. The 1.0 release marks the introduction of a plugin architecture, Markdown support, and a new lead maintainer. Check out the release announcement and get a taste with these examples.
Did you know? Impress.js has been used to create countless presentations, like this Python workshop from the University of Tehran (source repository) that uses substeps, syntax highlighting, and 3-D space.
OpenPGP.js is an OpenPGP implementation written entirely in JavaScript. The project wants to make it possible “to sign, encrypt, decrypt, and verify any kind of text” without relying on native code. The version 3.0 release includes performance improvements, public-key cryptography using elliptic curves, and some improvements to the library’s internal development (like refactoring to ES6 variable declaration syntax). See the release announcement for more.
Did you know? OpenPGP is an internet standard for encrypted email.
It feels like a bit of an understatement to say that DBeaver is a cross-platform SQL client. They call it the “universal SQL client” and for good reason: it supports MySQL, PostgreSQL, Oracle, SQLite, Microsoft Access, and many others. DBeaver’s 5.0 release introduces a (beta) PostgreSQL debugger, niceties like automatic reconnecting, and a load of bug fixes. Check out the release notes for more details.
Legit is another project being welcomed into the version 1.0 club. Legit is described as “Git for Humans.” Inspired by GitHub Desktop, Legit adds shortcuts to the Git command line interface. It simplifies synchronizing with remote repositories, publishing new branches, or undoing commits. Legit 1.0 improves help messages, adds new –fake and –verbose options so you can see what’s happening under the hood, and cleans up some installation and configuration commands. Even Git experts will want to check out these convenient additions.
Did you know? Kenneth Reitz, the creator of Legit, used to be a guest blogger for us back in the day with the GitHub Reflog.
Plyer is an HTML5 video player that can also embed Vimeo and YouTube videos. The release notes call version 3.0 a “massive release” that rewrites most of the video player in ES6. Apart from the substantial rewrite, it adds new features like support for Safari’s picture-in-picture mode, YouTube quality controls, and more.
Did you know? Plyr showcases how open source is being used by companies around the world, from sports magazines to automakers.
Pell makes a bold and convincing claim to be “the simplest and smallest WYSIWYG text editor for web.” At just 3.5 kilobytes minified, it certainly is small and covers all the basic formatting you’d expect from an editor: bold, italic, headings, lists, quotes, and more. Version 1.0 trims some extraneous styles and fixes bugs. Check out the release notes for more information.
MJML is a high-level framework that helps you design responsive emails. Version 4.0 introduces some control over how the Outlook web app renders your messages, customization for the default breakpoints, column gutters, bug fixes, and more. Read the release notes for more info.
Did you know: The MJML community has created a bunch of tools to work with MJML, including an Atom package.
Workbox is a collection of JavaScript libraries for developing Progressive Web Apps that go offline gracefully with service workers. The version 3.0 release of Workbox shrinks the size of the library, kicks off official CDN support, and improves debugging and logging. Take a look at the full release notes though, because there’s a lot more.
rc.rectangle(15, 15, 80, 80, { roughness: 0.5, fill: 'red' });
rc.rectangle(120, 15, 80, 80, { roughness: 2.8, fill: 'blue' });
rc.rectangle(220, 15, 80, 80, { bowing: 6, stroke: 'green', strokeWidth: 3 });
rc.rectangle(320, 15, 80, 80, { fill: 'red', stroke: 'blue', hachureAngle: 60, hachureGap: 10, fillWeight: 5, strokeWidth: 5 });
rc.circle(460, 55, 80, { stroke: 'red', strokeWidth: 4, fill: 'rgba(0,255,0,1)', fillWeight: 4, hachureGap: 6 });
rc.circle(510, 55, 80, { stroke: 'blue', strokeWidth: 4, fill: 'rgba(255,255,0,1)', fillWeight: 4, hachureGap: 6 });
Rough.js is a library that helps you use the Canvas API to make shapes that look hand-drawn. It can be used to draw lines, simple geometric shapes, or complex SVG paths. Version 2.0 fixes bugs, improves documentation and examples, and adds support for asynchronous drawing, so complicated shapes don’t block the main thread. Check out the project on GitHub.
Did you know? There’s a Snake clone made with Rough.js for those times you’re feeling nostalgic for your old Nokia feature phone. Play it here or view the source.
That’s just a handful of releases you shipped last month—keep them coming! If you’ve got a release that should be on our radar, send us a note.