Despite remote-working issues and other disruptions, the developer community held up well, and they held the world up well!

How did the develop and open source community perform in the difficult year that was 2020? Was developer productivity raised or hampered by the tumultuous needs for innovation and resilience? How did the remote-work and other stresses of the pandemic foster collaboration or competition in the community? Did security in open source hold up against the massive rise in cyberthreats?

According to a year-end report by GitHub, here are some notable trends:

  • Developer productivity
    • 35% more repositories were created than last year:
      Development work increased—both in time spent and amount of work delivered—across all time zones. It is unclear if developers were taking advantage of flexible work schedules, or stretching the same amount of work over a longer period of time. However, in some cases work volume increased. Developers may have been taking advantage of flexible schedules to manage their time and energy, which contributed to this sustained productivity.
    • 25% more contributions to open source projects: Developer work dropped on the weekends, while open source activity jumped. This could mean that open source is both a place to learn and create, and an important escape from work.
    • Government responses had a clear effect on development across the globe: Users in the US (specifically in the Pacific Time zones), had a push volume that was consistently higher than in the previous year. It increased in May, with activity exceeding 50% higher year over year at many points, before falling to previous levels of a ~25% increase. These users were continuing to do the most work in terms of code pushes through the year.
  • Community and collaboration
    • Some 56 million developers globally built on GitHub
      This included more than 1.9B contributions added, 60m+ new repositories created, and 66% of active users based outside of North America.
    • Python and Typescript continued to grow in popularity: Top languages for 2020 included: Javascript, Python, Java, Typescript, C#, PHP, C++, C, Shell, Ruby, and Objective-C.
    • OSS for Good Projects saw explosive timely growth:
      The year saw an influx in timely OSS projects with trending topics like COVID-19, dataworkshop, angular9, bsa20, and vercel.
    • Data scientists, educators, and designers were joining GitHub, suggesting that collaboration on the platform may increasingly include more than just code.
  • Security in Open Source
    • Most vulnerabilities were from mistakes, not malicious attacks
      While malicious attacks were more likely to get attention in security circles, 83% of the CVEs that GitHub sent alerts for were due to mistakes rather than malicious intent.
    • Security vulnerabilities often went undetected for more than four years before disclosure
      Once identified, the package maintainer and security community typically created and released a fix in just over four weeks, indicating clear opportunities to improve vulnerability detection.
    • 94% of projects relied on open source components, with nearly 700 dependencies Most GitHub projected relied on open source software, with the most frequent use of open source dependencies in JavaScript (94%), Ruby (90%), and .NET (90%).
      A repository can have hundreds of dependencies, so when there is a problem with security in the supply chain, a massive ripple effect is experienced.

The report concluded from the data that the world (as far as the developers’ contributions towards digitalization and business continuity were concerned) was much more resilient than we ever thought possible.

Repositories that automatically generated a pull request to update a fix were able to patch software 1.4x faster