cdrepo: Browse GitHub repos like local directories

GitHub doesn't tell you how big a repo actually is until you've already pulled it down. So you wait. You watch the progress bar. You wonder if you really needed all of it. Reposizer is a one-line npm tool that shows you the size, file count, language breakdown, and stars of any repo — public or private — before you clone.   npx reposizer owner/repo No login. No GitHub token unless the repo is private. It's the check I wish I'd had every time I've ever blindly typed git clone. 📘 Docs: https://lnkd.in/e4Zgs7EN #opensource #developertools #npm #buildInPublic

Top 10 things that set The Code Registry apart in tech due diligence: 3/10 The present state of the code is only half the story. The Code Registry analyzes full Git history, developer activity, and how the system evolved. Because real risk is built over time, not just visible today. Know Your Code™ If you want deeper context behind the code, let’s talk. https://lnkd.in/e_bwqaCh

If you maintain a high-velocity GitHub repo, it might be time to turn on merge queues! GitHub will automatically queue up batches of PRs to be merged once all CI checks pass on the combined changes. No more needing to manually click “Update branch” yourself. Learn more in this very helpful post from Nicholas C. Zakas: https://lnkd.in/gtGZ547Q

Your Node.js CI pipeline might be silently leaking credentials right now, and your logs won't show a thing. The recent Axios supply chain attack (March 2026) proved that the default configurations of GitHub Actions and GitLab CI create a complete exfiltration kill chain. It relies on three compounding defaults: -> secrets live before any gate fires; -> "npm install" silently runs arbitrary code; -> egress is wide open. You can verify your exposure today with three simple checks: 1. The Secret Check: Output your environment variables at the very start of a job. Notice how many secrets are already live. 2. The Execution Check: Audit your transitive dependency tree for "postinstall" scripts running silently without your explicit approval. 3. The Egress Check: Verify if a simple Node.js HTTP POST request to an external domain succeeds from your runner. If all three pass, your pipeline is an open vault. Read the full structural breakdown and the remediation ladder here: https://lnkd.in/eGbvVrht #DevSecOps #SupplyChainSecurity #nodejs #cicd

𝗠𝗮𝗻𝗮𝗴𝗶𝗻𝗴 𝗺𝘂𝗹𝘁𝗶𝗽𝗹𝗲 𝗚𝗶𝘁𝗛𝘂𝗯 𝗮𝗰𝗰𝗼𝘂𝗻𝘁𝘀 𝘀𝗵𝗼𝘂𝗹𝗱𝗻’𝘁 𝗯𝗲 𝘁𝗵𝗶𝘀 𝗽𝗮𝗶𝗻𝗳𝘂𝗹… 𝗯𝘂𝘁 𝗶𝘁 𝗶𝘀. Over the past few months, I kept running into a frustrating issue: using work + personal GitHub accounts on the same machine without breaking SSH or mixing identities. So I built a clean, repeatable SSH setup that solves the following: • Authentication conflicts • Wrong-account commits • Broken push/pull workflows What’s inside the guide: • Separate SSH keys per account • Smart aliasing via ~/.ssh/config • Per-repo Git identity setup • Quick debugging checks The goal was simple: 👉 Make it predictable and production-safe—not just “works on my machine." If you’ve ever pushed code from the wrong account… you know the pain. 😅 🔗 GitHub repo: https://lnkd.in/dFH75WvV If this helps, consider giving the repo a ⭐ #github #git #ssh #developers #webdev #softwareengineering #opensource

GitHub hosts its own source code on GitHub. Which means: if the platform goes down, engineers can't access the code to fix it. They solved the circular dependency problem with eBPF: → Monitors network egress from deployment scripts via cgroups → Intercepts DNS queries and routes them through a userspace proxy → Catches problematic dependencies before they block incident recovery → Took 6 months to roll out across production Full breakdown in the comments ↓ #devops #ebpf #sre

A product gap I have noticed in Claude on claude.ai: the GitHub connector can be unreliable, and the failure is not communicated clearly enough to the user. Sometimes there is a small popup about a refresh token issue. That is easy to miss. If your development spans multiple conversations which it usually does, it helps to explicitly ask it to re-check repository access and context before continuing.

Want to migrate Container Images between registries Without Docker or Privileged Access? Use Skopeo Why not just retag with the Docker client? 🤔 * Using the Docker client means exposing the Unix socket of the Docker Daemon * And that effectively grants root-level control over the host In secure setups, this is often unacceptable ❌ The key realization is: Pushing and pulling container images is just an HTTP operation (OCI registry API); no namespaces, no cgroups, no daemon required. 👉 So, moving container images doesn’t actually require a container runtime. 💡 Skopeo can also be run safely within containers, no need for docker-in-docker, no need to mount the unix socket either. Project's link on Github 👇 https://lnkd.in/dSx2UiMk #devops #skopeo #docker

I spent a few weeks telling Claude Code to handle CI failures itself. Run gh pr checks, parse the JSON, find the error, fix the code. It worked. In short sessions. The longer the session ran, the worse it got. The GitHub API returns verbose JSON. A single check run log can be tens of thousands of lines. The agent ingests all of that to find the three lines that actually matter. In a fresh context window, it manages. Three hours into a loaded development session? It starts hallucinating fixes for the wrong error or missing the signal entirely. I noticed a pattern. Each failed CI parsing attempt added more noise to the context, making the next attempt less likely to succeed. The agent wasn't getting dumber. Its context was getting noisier. So I built bellwether. It's a TypeScript CLI that reads your PR state, CI status, review comments, merge state, and returns compact filtered output. The actual compiler error, not the ten thousand lines around it. I'm not sure this is the final shape. But raw GitHub API output vs filtered signal, that's the difference between an agent that degrades over a session and one that stays sharp. #devtools #opensource #aiengineering

GitHub's rolling out some neat updates to its standard code findings. Less noise, more signal when scanning those public repos. Definitely worth a look if you're building in the open. #CodeQuality #DevTools