GitHub Team Management and Repo Security

TL;DR follow the GitHub users you will be adding to teams or repos and prevent embarrassing mistakes.

Following users on GitHub to keep up on their activity is an awkward feature that doesn’t get a ton of play. Here is a practical use for the GitHub follow that makes team management better and even safer. This applies whether you are using GitHub Teams within an organization or managing collaborators on a public project.

Following a user automatically pushes them to the top of the user search fields on the team/collaborator management page. So instead of potentially having to exactly type their username to add them to a team or project, you can just type the first couple letters and you will see them appear at the top.

Here’s an example to illustrate. Let’s say I want to follow fromonesource. I type f and it brings up the first few matching users.

Because I’m not currently following fromonesource I’d likely have to match on many more characters before I found the user I was looking for. But once I follow the user they now show up at the top. So to follow the user, I go to their profile page and click the follow button.

Now that I’m following this user, when I type f in the find user field, users I follow whose usernames begin with the letter f are shown at the top.

This makes user management much simpler. If you are adding the same user to many teams or repos, it will speed up the time it takes to add them.

I think there’s an important security aspect to this as well. Imagine you’re administering your organization’s GitHub teams and you accidentally grant the wrong user access to your organization’s code. Whoops. Hopefully you realize your mistake before the user discovers you’ve granted them pull rights to the source for your organization’s secret sauce, or worse.

Taking a few minutes to follow the users who should have access to your repos will help ensure you don’t fat finger a malicious user into a role where they could wreak havoc with your code base.