It was the best of times for software developers, it was the worst of times for everyone else.
GitHub, in its annual data dump known as the State of the Octoverse, revealed on Wednesday that COVID-19 has been good for quarantine-oriented activities like writing code. Software developers, the biz found, have created 35 per cent more code repositories over the past year, compared to the previous one. They've also created 40 per cent more open-source projects, and increased their contributions to open source projects by 25 per cent.
Also, pull request merge times – the interval between a submitted code improvement and its incorporation into the project – decreased by 7.5 hours.
GitHub suggests this is consistent with prior research that indicates employees with workplace flexibility – variable schedules and the ability to work from home – work longer hours, sometimes as much as one or two days per week.
Productivity gains of that magnitude, in conjunction with potential real estate cost reductions, help explain why companies like HPE have been rethinking office-bound work policies.
"We see increased development work – both time spent and amount of work – across all time zones we investigated," the GitHub report stated. "Developers may be taking advantage of flexible schedules to manage their time and energy, which contributes to this sustained productivity."
The report, however, warns that if work takes the place of personal time and rest breaks, the pace may not be sustainable. GitHub says that it has over 56m developers building projects, and expects to have 100m by 2025.
GitHub's journey towards microservices and more: 'We actually have our own version of Ruby that we maintain'READ MORE
"Of those 17 per cent, the vast majority come from the npm ecosystem," the report stated. GitHub, as it happens, now runs npm, having acquired the company that runs the registry back in March.
The report goes on to note that software vulnerabilities typically go undetected for more than four years, which is consistent with a 2017 RAND report [PDF] that found zero-day flaws have a median survival time of five years before public disclosure.
Once word gets out about a security hole, GitHub's data indicates that it takes about 4.4 weeks before a fix appears. The code storage biz reckons this represents an opportunity to improve vulnerability detection and response. ®