21
Ask HN: Due to spam on GitHub, what platforms can I move my projects?
I have a few projects on Github. I am receiving a lot of spam PRs and requests from vibe coders and bots. Most of them to prop up their profiles. The stars are obviously exaggerated too.
What other platforms are you using for your projects?
It depends on what you are looking to get out of the next platform.
For me, I'm not interested in the socialization aspect of coding, so I have a Synology NAS running a git server accessible via ssh and I push my code there.
I use klaus (https://github.com/jonashaag/klaus) as a read only git web ui. My NAS is connected to my tailscale network so it's easy to view things on the go. It's a simple setup and works great.
Move it to private GitHub repo. Really weird question if you open to public , pr is what’s expected .
sourcehut.org would be my choice. Drew is pretty adamant about stuff and his morales. You will dislike somethings (UI and some policies) but will like majority of the things (tech like CI/CD etc). It's OSS and can be self-hosted as well. But I think drew fighting LLM scrappers on our behalf is good for us. It's also cheap and should progressively improve going forward.
It's my long term plan. And the project and company is setup in a way to be here for the long game. So, I am progressively moving my projects (private and in small numbers, but still...) from gitlab to sourcehut over this year or next.
Link - https://sourcehut.org/
Are we all ignoring the fact that he used to put underage hentai in SourceHut when you hit 404s?
Codeberg.org is really great.
Also I recommend self-hosting Gitea for private projects and backing-up public projects
Git is pretty simple to host yourself. For literally decades I've used git and gitolite to host git for me and a revolving team of developers.
But if you want it to be public though where anyone can access/fork it then you have to deal with "spam".
How do you deal with bot traffic and traffic from AI that's trying to get training data from your codebase
I'm not familiar with git, but can you post a read-only version publicly so others can still access all the commit history but not be subjected to pull requests?
That's pretty much what git over https does by default (is it even possible to do read-write to a git repo over https instead of ssh?).
https://git-scm.com/docs/http-protocol
> is it even possible to do read-write to a git repo over https instead of ssh?
Yes; it's not only possible but very common: https://docs.github.com/en/get-started/git-basics/about-remo...
(IIRC it is in fact actually even sometimes preferable from a security standpoint; or at least that's the tentative conclusion I've reached under a few specific circumstances over the years, although the exact details elude my memory at the moment.)
Fossil
https://fossil-scm.org
If you have somewhere to host it you can go with https://forgejo.org/ and have control over everything.
Codeberg.org
I think one important factor would be still being able to interact with a community of people who care for software and would like to put genuine thoughts. Whether it be for submitting bug reports, issues, PRs or security reports. Of course other platforms are not diverse as GitHub, it would be nice to see which other platforms are attracting such people. This in turn has a higher chance of interacting with such people.
New repository settings for configuring pull request access [feb13-2026]
https://github.blog/changelog/2026-02-13-new-repository-sett...
Related question, is there a web-based self-hosted git replacement that's _light-weight_ (i.e. resilient to scraping)? Should have things like file view, file browser, etc but is not taxing on the server.
Forgejo. A single tiny golang binary, I think about 200mb. It has 75% of the functionality of gitlab with 5% of the resource requirements. I migrated to it and have never missed gitlab.
Forgejo is lightweight relative to some other options, but it is not resilient to scraping. Scrapers can access, commit-by-commit, each individual file, each file's "git blame", and each commit's repository archive... and they do. Most public Forgejo instances need to rely on a reverse proxy like Anubis or Iocaine in order to prevent server resources from being exhausted by bad actors. Or require sign-in for all access.
https://codeberg.org/forgejo/discussions/issues/320
gitea runs well on a low end server in my experience. self hosting on hetzner and it's somehow the holy trinity of cheap, fast and reliable. I previously (years ago) self hosted gitlab but I remember it being very slow which was the reason I moved on
Not sure how the options suggested in this thread except closing the PRs to collaborators only are going to solve spam problem. Obscurity?
Codeberg
Codeberg hosts some decently high profile projects.
It’s probably the one to go for.
Consider donating for their hardware costs. They are completely transparent about their costs and where the money goes.
That's awesome, I didn't know they went to that level of transparency. I think this is a strong consideration.
PROJECTS: 608267
It seems to be alive.
Pretty easy to setup a PR block for anybody you dont like. Like every other people. Or new people
Set up a GitHub action to auto-close any pull requests from anyone not on an approved list.
Leave a message in the pull request that if they want to argue their case for a pull request they can send a message through a communication channel of your choice, and say that anyone sending a message with AI generated text, even to help with language and grammar will be banned.
Self hosted forgejo is pretty good for me
Gitlab
Codefloe
[dead]