CONTRIBUTING.md: The One File That Turns GitHub Visitors Into Contributors π€
CONTRIBUTING.md: The One File That Turns GitHub Visitors Into Contributors π€
True confession: I once spent 40 minutes cloning a popular open source library, reading the source, wanting desperately to fix an obvious bug β and then I closed the repo because I had NO idea how to submit a PR that wouldn't embarrass me.
Was there a coding style guide? Did they want tests? What's the branch naming convention? Do they use Conventional Commits? Is there a code review process? Who reviews it? Will I get yelled at?
I just wanted to fix a typo in an error message. But the uncertainty paralyzed me completely. π
As a full-time developer who contributes to open source, I've been on both sides of this problem: the confused new contributor and the overwhelmed maintainer wondering why nobody submits PRs. And after 7 years of Laravel, Node.js, and security project contributions, I've discovered the single file that changes everything.
It's called CONTRIBUTING.md. And most projects are missing it entirely. π€¦
Why Your Project Has No Contributors (And It's Not Their Fault) π£
Here's the uncomfortable truth about open source:
Contributing to someone else's project is terrifying.
Think about it from a stranger's perspective. They found your project on GitHub. They want to help. But they have zero context about:
- How you like your code formatted
- What your testing requirements are
- Whether you even WANT external contributions
- Who reviews PRs and how long it takes
- What "good" looks like to you
- Whether their PR will be ruthlessly rejected with a terse "doesn't match our vision"
So they do nothing. Because "nothing" feels safer than "rejected and embarrassed." π¬
In the security community, we have a saying: "attackers don't need to guess if you leave the door wide open." The same logic applies in reverse for open source. If you want contributors, you need to leave the door wide open with a welcome sign. πͺ
That welcome sign is your CONTRIBUTING.md.
What a CONTRIBUTING.md Actually Does π―
Think of it as three things at once:
CONTRIBUTING.md =
Welcome Letter
+ Setup Manual
+ Unwritten Rules Made Written
Without it:
Stranger: "I want to help!"
Project: *silence*
Stranger: "Okay, I'll... guess?"
Stranger: *guesses wrong*
Maintainer: "This doesn't follow our conventions"
Stranger: *never comes back*
With it:
Stranger: "I want to help!"
Project: "Great! Here's exactly how."
Stranger: *follows the guide*
Maintainer: "This is perfect, merging now!"
Stranger: *tells friends, contributes again*
The difference is a single Markdown file. That's it. π
Balancing work and open source taught me this: I have maybe 45 minutes to spend on a PR review. If a contributor has followed my CONTRIBUTING guide perfectly, I can review in 10 minutes. If I need to explain 5 different conventions first? That PR sits for a week.
The Anatomy of a Great CONTRIBUTING.md π¬
I've read hundreds of these. Here's what actually works:
1. The Welcome (20 seconds to not scare them off) π
Bad opening:
# Contributing to ProjectName
Before contributing, please ensure you have read this entire document
and agree to all terms and conditions. Violations will result in
immediate ban from the project.
Good opening:
# Contributing to ProjectName π
First off β THANK YOU for wanting to contribute!
Whether you're fixing a typo, improving docs, or adding a feature,
every contribution matters. Here's how to get started!
The tone in those first 3 lines determines whether someone keeps reading or hits the back button.
2. The Quick Start π
This is the most important section. How do I get the project running locally in under 10 minutes?
## Getting Started
1. Fork the repo
2. Clone your fork:
git clone https://github.com/YOUR_USERNAME/project-name
3. Install dependencies:
npm install
4. Set up environment:
cp .env.example .env
5. Run tests to verify setup:
npm test
Simple. Numbered. Verifiable. If they can run the tests successfully, they're ready to contribute. β
3. The Issue Before PR Rule β οΈ
This one saves SO much pain. Add this clearly:
## Before You Start
For any change larger than a typo fix:
1. Open an issue first and describe what you want to change
2. Wait for maintainer feedback (usually 24-48hrs)
3. Only then start coding
This prevents you from spending 3 days on a PR that
won't be merged because it doesn't fit our roadmap.
I learned this the HARD way. I once spent a weekend building a feature that seemed obviously useful. The PR got closed as "out of scope." I wanted to flip a table. π€
If I'd known the "issue first" rule, I'd have saved 16 hours.
4. Code Standards (The Actual Gatekeeping) π
This is where you make the unwritten rules written:
## Code Standards
- We use PSR-12 for PHP formatting
- Run `composer lint` before committing
- All new features need tests (we use Pest)
- We use conventional commits: feat:, fix:, docs:
- PRs must have a description explaining WHY, not just WHAT
- Keep PRs focused β one thing per PR
Don't assume people know your preferences. They don't. Every project is different. Write it down!
5. The PR Process π
Explain exactly what happens after they submit:
## PR Process
1. Submit your PR with a clear description
2. CI runs automatically (must pass before review)
3. A maintainer will review within 5 business days
4. You might get feedback β that's normal, not rejection!
5. Once approved, we'll merge it
Response time: We review PRs every Monday and Thursday.
That last line changed everything for my projects. When contributors know WHEN to expect a response, they don't panic. They wait. Without that, they assume the project is dead after 2 days of silence! β³
6. The "What To Contribute" Guide πΊοΈ
Not all contributions are equal. Be explicit:
## What We're Looking For
β
Great contributions:
- Bug fixes with reproduction cases
- Documentation improvements
- Performance improvements with benchmarks
- Tests for uncovered code paths
β What we typically won't accept:
- Massive refactors without prior discussion
- New features not on our roadmap
- Dependencies that add bloat for edge cases
This sounds harsh but it's actually KINDER than silence. Contributors know upfront what's worth their time.
7. The Recognition Promise π
People contribute for reputation as much as altruism:
## Recognition
All contributors get added to our CONTRIBUTORS.md and
credited in release notes. First-time contributors get
a special shoutout in our changelog!
We also use All Contributors bot β look for the β¨ emoji!
The CONTRIBUTING.md I Wished I Had (Real Template) π
Here's a template I've refined through contributing to PHP/Laravel and security-related projects:
# Contributing to [Project Name] π
Thank you for considering contributing!
Every contribution β big or small β makes this project better.
## Quick Start
1. Fork and clone the repo
2. Run: `composer install && npm install`
3. Copy `.env.example` to `.env`
4. Run tests: `composer test`
If tests pass, you're ready!
## Before You Code
For anything beyond typos:
- Open an issue first and describe your idea
- Wait for a maintainer to signal it's welcome
- This saves your time and ours!
## Making Changes
Branch naming:
- feat/description - new features
- fix/description - bug fixes
- docs/description - documentation
Commit messages (Conventional Commits):
- feat: add user authentication
- fix: handle null values in parser
- docs: improve setup instructions
## Code Standards
- PHP PSR-12 formatting (run `composer lint`)
- Tests required for new features (Pest framework)
- Keep PRs focused β one thing per PR
- PRs need a description: what changed and WHY
## Pull Request Checklist
β‘ Tests pass locally
β‘ Code follows our style guide
β‘ PR description explains the change
β‘ Linked to related issue (if applicable)
## Response Time
We review PRs every Monday and Thursday.
Expect feedback within 5 business days.
## First-Time Contributors
Look for issues labeled `good first issue`.
These are specifically curated for newcomers!
Feel free to ask questions in the issue thread β
we love helping new contributors get started! π±
## Questions?
Open a GitHub Discussion or email [[email protected]]
Thank you for making this project better! π
Save this. Use it. Iterate on it. Your future contributors will thank you! π
The Five CONTRIBUTING.md Sins I See Every Week π±
Sin #1: The Nonexistent File
$ ls
README.md src/ tests/
No CONTRIBUTING.md. Zero guidance. Visitors leave.
Sin #2: The Corporate Legalese Monster
# Contributing Guidelines
By submitting a pull request, you agree that your contribution
will be licensed under the project's MIT License.
You warrant that... [500 more words of legal text]
Cool, I just wanted to fix a broken link in the docs! π
Sin #3: The Outdated Relic
## Setup
1. Install Ruby 2.1
2. Run `bundle install`
3. Ask Bob in the IRC channel for the secret setup key
(Bob left the project in 2019. IRC is dead. Ruby 2.1 hasn't been supported in years.)
Out-of-date CONTRIBUTING.md is worse than none. It creates false confidence followed by real frustration. π¨
Sin #4: The Paradox of Choices
## Ways to Contribute
You can contribute via the web interface, the API,
the plugin system, the webhook integration,
the SDK, the CLI tool, or directly to the core.
Each has different requirements. See:
- WEB_CONTRIBUTING.md
- API_CONTRIBUTING.md
- PLUGIN_CONTRIBUTING.md
- CORE_CONTRIBUTING.md
Pick ONE standard process. Confusion is a contributor killer. π€
Sin #5: The Hidden Requirements Trap
## Requirements
Your PR must...
- Pass CI β (CI you never told them about)
- Follow our DCO signing β (what's DCO?)
- Have a matching issue β (issues template unclear)
- Be in scope β (scope never defined)
If your requirements are a surprise, they're not requirements. They're rejection mechanisms.
Examples of Great CONTRIBUTING.md Files (Go Study These) π
React: Clear, welcoming, explains the PR process step-by-step.
VS Code: Massive project but their contributing guide is genuinely beginner-friendly. Uses clear sections and links to specific guides.
Laravel: Taylor Otwell's projects have excellent concise guidelines. Short but complete β respect the contributor's time.
Homebrew: Explains community norms and code of conduct alongside technical requirements. Community-first thinking! π
What they all have in common:
- Friendly tone
- Quick local setup
- Clear code standards
- Defined review process
- Explicit "what we want" guidance
The ROI of a Good CONTRIBUTING.md π
I added a solid CONTRIBUTING.md to one of my Laravel packages six months ago. Results:
Before:
- 0 external PR in 3 months
- Occasional issue with zero context
- Me maintaining everything alone
After:
- 4 external PRs in 6 weeks
- Issues came with reproduction cases
- Two contributors became regulars
Total time invested in CONTRIBUTING.md: ~2 hours.
Value returned: Dozens of contribution hours from people who actually wanted to help.
That's probably the best ROI I've ever seen in open source. π
Your CONTRIBUTING.md Action Plan π―
Today (30 minutes):
- Open your most-used project's repo
- Create
CONTRIBUTING.mdat the root - Add: welcome, setup, standards, PR process
- Commit and push
This week:
- Ask a friend to try contributing using ONLY your guide
- Note every time they're confused
- Fix those gaps
Ongoing:
- Update it when your process changes
- Link to it from your README's "Contributing" section
- Reference it when closing PRs that miss requirements
Remember: Every great open source project you love was built by contributors who were once strangers. Your CONTRIBUTING.md is the handshake that turns a stranger into a collaborator. π€
TL;DR π
- No CONTRIBUTING.md = no contributors (it really is that simple)
- Cover: welcome, setup, standards, PR process, response time
- Tone matters β be encouraging, not intimidating
- Update it when things change (stale docs are worse than none)
- 2 hours writing CONTRIBUTING.md can save 200 hours of confusion
Your project deserves contributors. Your contributors deserve guidance. Write the file. π
Have a great CONTRIBUTING.md story? Connect with me on LinkedIn β share what changed after you wrote yours!
Want to see how I structure mine? Check out my GitHub repos β I try to practice what I preach! π
Now open your editor and write the file your future contributors are waiting for! π