Is there a risk associated to publishing Public repo?

[DorianDaSilva]

Quick question about making repo public.

Does it represent a potential safety risk or is it possible for someone to access a cpu or account through it? Is there any specific sign to look for on a pull request to make sure there is no malicious code added in it by collaborators? Or maybe specific code to watch out for?

I read about the tx.response hack but not sure of what it is or how to spot it. Any resources to learn more about how to identify & eliminating threats?

Just curious

[alymurtazamemon]

@DorianDaSilva As far as a public repository is concerned, there is no issue in making the repository public. But you should understand the difference between private and public repositories.

**Private Repo: **When you make a repo private, that repository will not be visible to anyone, and nobody will able to collaborate in your code until you invite them (in the settings of the repo there is an option of inviting collaborators). This is useful when our code is important and we do not want to share it with anyone.

**Public Repos: **These repositories will be visible to everyone who has an account on GitHub and anybody can clone, fork, and even collaborate in your code (for collaboration they will send you pull requests for any feature they think is important and it is up to you to accept that or not). Here we have to be careful because our code will be visible to everyone so we should make sure that we do not push our private files to public repos like the env file (And if you push a private file accidentally then make sure to remove every commit history from the public repo or even it is better to think that file is compromised now).

[DorianDaSilva]

@alymurtazamemon Got it. So mainly the only way malicious code could be added is through accepting a compromised pull request or sharing .env

Than you!