Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it safe to download code from GitHub? [closed]

Tags:

github

I'm fairly new when it comes to using GitHub, so I'm a bit skeptical when it comes to downloading repos and running them on my machine. I am looking at a key logger right now, for personal use (fun) and not to do anything malicious.

like image 311
wellington Avatar asked Sep 23 '17 17:09

wellington

2 Answers

Nothing that you download from the internet is 100% safe. However, you can generally gauge the safety of code on Github by the following factors:

  • # of Contributors/Commits: This tells you that there are a lot of people working on it, not just a single bad actor. While it is possible that it is a group conspiracy to infect users' computers, a larger # of people working to improve the code is generally a good sign.
  • # of Stars: Basically shows how many people are interested in the project. You can take this as a crowd-verified reputation system of sorts. If a lot of people are interested, it is likely not malicious.
  • Activity: Are people updating it, fixing bugs, etc? Ensure that there aren't open unaddressed bugs.

In terms of quality, you should also look for good documentation and the existence of unit tests to check that the code is clean.

like image 75
wraasch Avatar answered Sep 28 '22 11:09

wraasch

As with anything you download over the internet, there could be malicious stuff when you download anything, some antivirus quickscan keep novices happy, most do automatically nowadays as people use the files.

When you do compile it and run it, well, it is assumed you KNOW what the program is when you compile you will have all the source code for it to compile. If the program is communicating with the internet through a backdoor, the backdoor should be pretty elaborate and is often not some simple 1 line of code (If the program is using any 3rd party linked libraries, checkout the libraries themselves).....security concern can go on and on.

but in the end, if you trust the dev who are working on the tree, download and run it. GitHub has pretty secure end-to-end transmission, and you can check the integrity of the repo with checksums to virtually eliminate the man-in-the-middle stuff.

like image 20
Andrew Lam Avatar answered Sep 28 '22 10:09

Andrew Lam
Sign in to Comment

Related questions

GIT - who pushed/wrote most code
GitHub - README.md Windows editor?
Replace a commit in git
How to clone the latest stable branch to a dir via github?
Is it safe to delete a fork of a GitHub repo, when the original refers to mine?
How to embed a file gist in an HTML file?
Git not pushing all files and folders
Difference between git reset --hard HEAD^ vs git reset --hard HEAD? [duplicate]
List files modified in a pull request within Travis
How to change the version of Visual Studio when opening on github
Commit a single file in Visual Studio Professional 2017
How to perform string manipulation while declaring env vars in GitHub Actions
How can I make this long_description and README differ by a couple of sentences?
How do I automatically add new files to Git?
Remove files from master at github
Delete a folder in github, but not in local
GitHub Webhook Secret Never Validates
How do I use multiple SSH keys on GitHub?
Git BFG to retroactively enable LFS - protected commits issue
Git:Submodules are not being pulled when cloning project

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!