Don’t be fooled by this Github scam when hiring a developer

When we’re on the prowl for new developers to join our team or help out as freelancers, there’s a common scam we’ve run across multiple times in the past few months. It’s easy to fall for, and letting this slip by can mean hiring someone that doesn’t actually have the skills they portray.

One of the first things we request during the application process is their Github repo. This gives us lots of insights about them:

  • Range of coding languages they can write in
  • How they tackle complex problems through code
  • Formatting and cleanliness, styling
  • Interests and side projects
  • Willingness to share code with the community (open source rocks)
  • Experience with the platforms we’re working with (WordPress & ActiveCampaign)

Recently, we’ve been seeing a trend of developers using a Github feature to trick people into believing they have written and managed code that is not their own. In most cases, the use of this feature is not malicious, but it’s worth spreading the word to bring awareness to some bad apples that are out there using this as a scam.

The Github scam: forking a repo

When a user ‘forks’ a code repository, then can begin to create their own version of the software or build in features/bug fixes that weren’t in the original repository.

Right when you fork a repository, it shows up on your main profile, even if you have not made any contributions to the original or the new repo).

We recently had a developer send us over his resume and Github link. He said that we could We’ll name him “Josh” for the purposes of this post.

When you visit his Github profile, you’ll see some high-profile and extensive repositories listed out.

At first glance, it looks like this developer has contributed to a jQuery cropping tool plugin as well as the PHP-based platform, osCommerce. From that, we might extrapolate that he has extensive experience in eCommerce, PHP, Javascript, jQuery, and so on.

Until we do some digging and find out that he did not contribute to these repos at all.

Once we click into one of the projects, we can view the list of contributors who have made commits to the repo and even review all of their code line-by-line. For both of these repositories, Josh made absolutely zero contributions despite him saying that these projects were a part of his experience.

It’s a scam.

Hiring freelance developers is difficult

For recruiters of development agencies, weeding out scammers and fakes like this is relatively straight forward if you know the tricks.

However, this is even more difficult for business owners or marketing managers who do not have any website development experience.

When hiring a developer, ask for referrals and a portfolio of live sites that they can prove they built. Ask to see wireframes or other documents that were made ‘in the process’ of building the site so you know they were involved in the decision making process of development. And if you’re still uncertain, you can commit to a smaller project to test your relationship and their reliability before moving full-force with a large development project.

And if you’re looking for a solid eCommerce & WordPress development agency, we’re available for new projects.

Back To Posts