GitHub is a platform for hosting Git repositories that became, through a combination of network effects, developer ergonomics, and the fundamental human need to show strangers your code, the de facto centre of the software world — the place where open source lives, where careers are evaluated, where dependencies are resolved, and where the entire JavaScript ecosystem hangs from a single octopus by a thread of node_modules.
GitHub was founded in 2008 by four developers who understood something that SourceForge and Google Code did not: developers are social creatures who pretend not to be, and a platform that lets them share code while pretending they are merely “collaborating on repositories” would attract every developer on Earth.
It did. GitHub now hosts over 200 million repositories, 100 million developers, and approximately one trillion unreviewed pull requests.
“DEVELOPERS DEVELOPERS DEVELOPERS”
— Steve Ballmer, shouting. Microsoft, his company, would eventually acquire the platform where all the developers actually went.
The Acquisition
On June 4, 2018, Microsoft announced it would acquire GitHub for $7.5 billion. The open source community’s reaction followed a trajectory that could be plotted on a Kübler-Ross curve:
- Denial — “They wouldn’t.”
- Anger — “EMBRACE EXTEND EXTINGUISH.” (GitHub trending: GitLab migration guides)
- Bargaining — “Maybe they’ll leave it alone?”
- Depression — “Everything good gets bought.”
- Acceptance — “…VS Code is actually really good.”
GitLab reported a 10x increase in repository imports in the week following the announcement. Six months later, most of those repositories were mirrored back to GitHub, because network effects are stronger than principles, and the developers who swore they would never use Microsoft’s GitHub were already using Microsoft’s VS Code, Microsoft’s TypeScript, and Microsoft’s npm.
The acquisition was, by all measurable standards, a success. GitHub remained free for open source. GitHub Actions launched. Copilot launched. The platform improved. Microsoft, the company that once called Linux “a cancer,” was now the largest contributor to open source on the platform it owned.
The developers who fled to GitLab quietly returned. Nobody discussed it.
The Contribution Graph
GitHub’s most psychologically significant feature is not pull requests, not issues, not Actions. It is the contribution graph — a grid of green squares showing how many contributions a developer made each day for the past year.
The contribution graph was designed as a passive activity indicator. It became an identity.
Developers optimise for green squares the way corporations optimise for quarterly earnings — compulsively, at the expense of everything else, including health, relationships, and the quality of the contributions themselves. A commit that fixes a typo in a README counts the same as a commit that redesigns the authentication system. Both produce a green square. The graph does not measure value. It measures activity. And activity, as Goodhart’s Law predicts, becomes the target.
The developer with 365 consecutive days of contributions is either extraordinarily productive or extraordinarily committed to the appearance of productivity. The graph cannot distinguish between these. Recruiters cannot distinguish between these. The developer’s therapist can.
The Open Source Paradox
GitHub solved the distribution problem for open source. It did not solve the maintenance problem.
Before GitHub, sharing open source code required a SourceForge account, an FTP server, or a mailing list. The barrier to contribution was high. The barrier to consumption was higher. Open source existed but was hard to find, hard to use, and hard to contribute to.
GitHub removed every barrier. Fork, clone, PR, merge. Four actions. The friction dropped to zero. Open source exploded. Every developer could share. Every developer could contribute. Every developer could consume.
The problem: consumption scaled infinitely. Maintenance did not.
A developer writes a library. The library is useful. A thousand developers depend on it. Ten thousand. A hundred thousand. The developer receives: bug reports, feature requests, angry issues (“WHY DOESN’T THIS WORK”), security advisories, Dependabot PRs, and zero compensation. The developer maintains the library in their spare time, which was once abundant and is now consumed entirely by the library.
The developer burns out. The library is unmaintained. A hundred thousand developers depend on unmaintained code. The supply chain has a single point of failure, and the single point of failure is a person who stopped enjoying programming six months ago.
GitHub made open source universal. It did not make open source sustainable. The platform that hosts the world’s code has no mechanism for paying the people who write the world’s code, beyond a “Sponsor” button that collects approximately enough to cover the developer’s coffee habit.
npm and the Dependency Octopus
GitHub’s acquisition of npm in 2020 completed the circle: the platform that hosts the code now also hosts the dependencies of the code, which in JavaScript means hosting approximately the entire internet.
A typical React application has 1,200 dependencies. Each dependency has dependencies. The dependency tree is not a tree — it is a directed acyclic graph of extraordinary complexity, rooted in GitHub repositories maintained by people who may or may not still check their email.
The left-pad incident of 2016 demonstrated what happens when one node in this graph disappears: a developer unpublished an eleven-line npm package, and thousands of builds broke worldwide, including React, Babel, and most of the JavaScript ecosystem. Eleven lines of code. Global infrastructure failure.
GitHub now hosts both the code and the package registry. The octopus holds the repositories in one tentacle and the packages in another. If the octopus sneezes, the internet catches a cold.
GitHub Actions
GitHub Actions, launched in 2019, is a CI/CD platform built into GitHub that allows developers to automate workflows directly from their repositories.
Actions is significant not because it is the best CI/CD system — it is not — but because it is there. Proximity wins. The CI/CD that lives next to the code is the CI/CD that gets used, the way the gym in the basement of the office gets more use than the gym across town, even if the gym across town has better equipment.
Actions also created a new form of infrastructure lock-in: the workflow file. .github/workflows/ci.yml is a YAML file (see YAML) that defines build, test, and deploy pipelines in a format specific to GitHub. Moving to another platform means rewriting every workflow. The lock-in is not contractual — it is ergonomic. Nobody signs a contract with GitHub Actions. Nobody can leave, either.
The Profile as CV
GitHub inadvertently created a parallel résumé system that many employers now value more than the actual résumé.
The logic: “Show me your GitHub profile” reveals more about a developer than a CV ever could. The repositories show what they build. The contribution graph shows how often they build. The code shows how they build.
The problem: this logic privileges developers who have the time, energy, and circumstances to write code in their spare time. A senior developer with two children, a mortgage, and a production system to maintain at work has no GitHub activity — not because they are less skilled, but because they are less available. The junior developer with no responsibilities and a caffeine dependency has a green wall of contributions and a portfolio of to-do apps.
The contribution graph measures privilege as much as it measures skill. The industry has not reckoned with this, because reckoning with it would require acknowledging that “show me your GitHub” is not a meritocratic evaluation — it is a lifestyle filter.
The Solo Developer’s Platform
For the Solo Developer, GitHub is not a collaboration platform. It is a deployment platform, a backup system, a portfolio, and a CI/CD pipeline that happens to also support collaboration with people who do not exist.
The solo developer pushes to GitHub. GitHub Actions runs the tests. The tests pass. The solo developer deploys. There is no pull request, because there is nobody to pull-request to. There is no code review, because the reviewer and the author are the same person, and self-review is either meditation or madness depending on the hour.
The solo developer’s GitHub profile tells a story that the contribution graph cannot capture: one person, one repository, one binary, shipped with scp, serving users who do not know and do not care that the entire operation is one human and one octopus.
Measured Characteristics
Year founded: 2008
Acquisition price: $7.5 billion (Microsoft, 2018)
Repositories hosted: 200+ million
Developers: 100+ million
Days until GitLab migrants returned: ~180
npm packages hosted: 2+ million
left-pad lines of code: 11
Builds broken by left-pad removal: thousands
Contribution graphs causing anxiety: uncounted
Open source maintainers compensated fairly: approximately none
Dependabot PRs opened: billions (estimated)
Dependabot PRs reviewed: some of them
YAML files in .github/workflows/: too many
