Over the past year, I've had 39 pull requests merged into major open source repositories with a combined star count exceeding 200,000. Here's what I learned about contributing effectively.
The Repos
| Repository | Stars | PRs Merged | Type |
|---|---|---|---|
| h4cker | 25k | 11 | Security resources |
| API-Security-Checklist | 25k | 1 | API security |
| android-security-awesome | 9.2k | 1 | Android security |
| awesome-web-hacking | 6.7k | 1 | Web security |
| awesome-iot | 4.6k | 1 | IoT resources |
| bashbunny-payloads | 2.9k | 1 | Hak5 payloads |
| awesome-linux-rootkits | 2k | 1 | Rootkit research |
| awesome-flipperzero | 19k | 1 | Flipper Zero |
| + 20 more repos | ... | 20 | Various |
Lesson 1: Read the Contributing Guide
This sounds obvious, but I've seen countless PRs closed because they didn't follow the project's conventions. Every repo has its own:
- Code style and formatting rules
- Commit message conventions
- PR template requirements
- Review process and timeline expectations
For awesome-lists specifically, there are strict linting rules. The awesome-lint tool checks for proper formatting, no centered text, no excess badges, and alphabetical ordering. I learned this the hard way when a PR to sindresorhus/awesome failed CI.
Lesson 2: Start Small
My first contributions were simple — adding a link to a resource list, fixing a typo, updating a dead URL. These build trust with maintainers. After a few small PRs, larger contributions are reviewed more favorably.
Lesson 3: Be Patient
Some of my PRs were merged within hours. Others took months. The h4cker repo was incredibly responsive — 11 PRs merged quickly. Other repos have volunteer maintainers who review when they can.
I currently have 134 open PRs across various repos. Some will merge, some won't. That's the nature of open source.
Lesson 4: Add Real Value
The best contributions aren't just adding your own tool to a list. They're:
- Fixing broken links that frustrate users
- Adding context or descriptions to bare links
- Reorganizing content for better discoverability
- Updating outdated information
- Adding tools or resources you genuinely use and recommend
Lesson 5: Engage the Community
Beyond PRs, I've posted 82+ answers in community discussions across ProjectDiscovery tools (nuclei, httpx, subfinder), BruceDevices, and other projects. Helping people solve problems builds reputation and relationships.
Look for repos with "good first issue" or "help wanted" labels. Start with documentation improvements — they're always welcome and teach you the codebase.
Open source is a long game. Every contribution, no matter how small, adds up.