Gauging the future of open source, GitHub this week said it expects the number of software developers using its platform, currently 56 million, to grow to 100 million developers within five years.
In GitHub’s 2020 State of the Octoverse report, the popular code sharing site also noted that more than 60 million repositories and more than 1.9 billion contributions were added in the past year. GitHub noted that much of the growth is happening outside of the United States, with 66 per cent of active users now based outside of North America.
The percentage of open source contributors from the United States has dropped to 22.7 per cent, down from 30.4 per cent in 2015. Contributions are coming from a broader range of countries, the report indicates, with China accounting for 9.76 per cent and India 5.2 per cent. The report goes on to note:
As we look to the future of open source and reaching 100 million developers in 2025, we project open source contributions from the United States dropping to and stabilizing at 16.4%, with strong contributions from China (13.3%) and India (7.9%), and growth in South America and Africa, namely Brazil (3%) and Nigeria (1.5%).”
All told, 34 per cent of GitHub users were in North America during 2020, down two per cent from last year, while 30.7 per cent t were in Asia (up 1.1 per cent) and 26.8 per cent were in Europe (up 0.1 per cent).
Growth on the site goes beyond software developers, with educators in particular joining in increasing numbers. Other new participants have come from the data and science spaces. The report covered communities, security, and productivity.
Other findings in the 2020 State of the Octoverse report:
- 5,646 repositories were created related to Covid-19
- 17 per cent of vulnerabilities were explicitly malicious, with the remaining 83 per cent the result of mistakes
- Active repositories with a supported package ecosystem have a 59 per cent chance of getting a security alert in the next 12 months
- Security vulnerabilities often go undetected for more than four years before being disclosed. Once identified, the package maintainer and security community generally release a fix in about four weeks