Skip to content

feat: Add all-time contributions support with deduplicated repository count#4644

Closed
banu4prasad wants to merge 55 commits into
anuraghazra:masterfrom
banu4prasad:master
Closed

feat: Add all-time contributions support with deduplicated repository count#4644
banu4prasad wants to merge 55 commits into
anuraghazra:masterfrom
banu4prasad:master

Conversation

@banu4prasad

@banu4prasad banu4prasad commented Nov 8, 2025

Copy link
Copy Markdown

Summary

Adds support for displaying all-time contributions across all years on GitHub, with automatic deduplication of repositories to show accurate unique contribution counts.

Changes

  • Added all_time_contribs parameter to toggle between last year and all-time contributions
  • Deduplicated repository counting (counts each repo only once, even with multiple contribution types)
  • Increased cache duration for all-time stats.
  • Added ALL_TIME_CONTRIBS environment variable to enable/disable feature globally

Usage

Standard (last year only)
?username=YOUR_USERNAME

All-time contributions (deduplicated)
?username=YOUR_USERNAME&all_time_contribs=true

Environment Variables

  • ALL_TIME_CONTRIBS=true - Enable all-time contributions feature
  • PAT_1=<github_token> - GitHub Personal Access Token with read:user scope

fixes #2282

Screenshot 2025-11-08 at 4 46 26 PM Screenshot 2025-11-08 at 4 40 17 PM Screenshot 2025-11-08 at 4 40 05 PM

@vercel

vercel Bot commented Nov 8, 2025

Copy link
Copy Markdown

@banu4prasad is attempting to deploy a commit to the github readme stats Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions Bot added stats-card Feature, Enhancement, Fixes related to stats the stats card. card-i18n Card text translations. labels Nov 8, 2025
Copilot AI review requested due to automatic review settings December 18, 2025 06:44

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for displaying all-time contribution statistics across a user's entire GitHub history, with automatic deduplication to count unique repositories only once even when a user has multiple contribution types (commits, issues, PRs, reviews) to the same repository.

Key Changes:

  • Added all_time_contribs query parameter to enable fetching contributions across all years instead of just the last year
  • Implemented parallel fetching of contribution data using Promise.all() with a 9-second timeout and graceful fallback
  • Extended cache duration for all-time stats (6 hours default vs 4 hours for standard stats)

Reviewed changes

Copilot reviewed 6 out of 8 changed files in this pull request and generated 20 comments.

Show a summary per file
File Description
src/fetchers/all-time-contributions.js New module that fetches contribution years and yearly data in parallel, deduplicating repositories across all contribution types
src/fetchers/stats.js Integrated all-time contributions feature with timeout protection and fallback logic; removed some logger statements
api/index.js Added parameter handling for all_time_contribs and custom cache logic for longer TTL
src/common/envs.js Added ALL_TIME_CONTRIBS environment variable to enable/disable the feature globally
src/cards/stats.js Added conditional label rendering to show "all time" vs "last year" based on parameter
src/cards/types.d.ts Added TypeScript type definition for the new all_time_contribs option
src/translations.js Added statcard.contribs-alltime translation key in 48 languages
.gitignore Added .DS_Store to ignore macOS system files

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/common/envs.js Outdated
Comment thread src/fetchers/stats.js
Comment thread src/cards/stats.js Outdated
Comment thread src/fetchers/all-time-contributions.js Outdated
Comment thread src/fetchers/stats.js Outdated
Comment thread src/fetchers/all-time-contributions.js Outdated
Comment thread api/index.js Outdated
Comment thread api/index.js Outdated
Comment thread src/fetchers/all-time-contributions.js
Comment thread src/fetchers/all-time-contributions.js

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 7 out of 9 changed files in this pull request and generated 4 comments.


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread src/fetchers/all-time-contributions.js Outdated
Comment thread src/common/cache.js Outdated
Comment thread src/cards/stats.js Outdated
Comment thread api/index.js Outdated
banu4prasad and others added 3 commits May 16, 2026 17:37
Replaced `curr.languages.edges.concat(acc)` with `acc.push(...curr.languages.edges)` to prevent recreating the accumulator array on each iteration. This reduces time complexity from O(N^2) to O(N).

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
@github-actions github-actions Bot added repo-card Issues related to the pin/repo card. lang-card Issues related to the language card. wakatime-card Issues related to the wakatime card. gist-card labels May 16, 2026
banu4prasad and others added 19 commits May 16, 2026 18:37
…at-9829857916427544140

⚡ perf: optimize O(N^2) array concatenation in top-languages fetcher
This commit escapes the `secondaryMessage` inside `renderError` using `encodeHTML()` to prevent XSS vulnerabilities when generating SVG output.

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
Updates `api/status/pat-info.js` and `api/status/up.js` to return proper structured JSON using `res.json()` rather than sending unescaped strings or stringified JSON via `res.send()`. This explicitly sets the correct Content-Type ensuring browsers won't execute malicious error messages as HTML. Updates tests accordingly.

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
Changed the \`hide\` array filtering within \`renderStatsCard\` to use a \`Set\`.
This changes the O(n) \`.includes()\` lookup to an O(1) \`.has()\` lookup.
Applied to both stat items filtering and accessibility labels.

Performance baseline measured using \`tests/bench/stats.bench.js\`:
Before: avg ~32.5µs
After: avg ~26.9µs

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…cess-11153830499985198609

⚡ Optimize object property access in top languages fetcher
…s-410756806148804890

⚡ Optimize hidden stats array lookups with Set
…ints

Updates `api/status/pat-info.js` and `api/status/up.js` error handling to explicitly return a JSON object using `res.json({ error: ... })` instead of sending strings through `res.send()`. This enforces strict API consistency and mitigates any theoretical HTML rendering issues, resolving potential XSS concerns. Note this is a breaking change for existing clients directly parsing the raw string error response. Tests have been updated to cover the new outer catch payload structure.

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…ints

Updates `api/status/pat-info.js` and `api/status/up.js` error handling to explicitly return a JSON object using `res.json({ error: ... })` instead of sending strings through `res.send()`. This enforces strict API consistency and corrects the API behavior since the endpoint explicitly sets `Content-Type: application/json`. Tests have been updated to cover the new outer catch payload structure.

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…410205025217312

🔒 Fix Reflected XSS Vulnerability in PAT Info and Uptime Endpoints
This commit escapes the `secondaryMessage` inside `renderError` using `encodeHTML()` to prevent XSS vulnerabilities when generating SVG output. Also avoids double-escaping regression.

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
This commit escapes the `secondaryMessage` inside `renderError` using `encodeHTML()` to prevent XSS vulnerabilities when generating SVG output. Also avoids double-escaping regression and adds robust tests.

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…ry-message-14295917276723695873

🔒 Fix unescaped secondaryMessage XSS vulnerability in renderError
…utions.js`

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…utions.js`

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…utions.js`

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…utions.js`

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…utions.js`

Co-authored-by: banu4prasad <113224132+banu4prasad@users.noreply.github.com>
…-219987405495775010

⚡ perf: optimize batch processing in all-time contributions with worker pool
@dargmuesli

Copy link
Copy Markdown

@banu4prasad why was this closed? 👀

@banu4prasad

Copy link
Copy Markdown
Author

@banu4prasad why was this closed? 👀

@dargmuesli cuz i have edited too many files which was not related to the PR

@dargmuesli

Copy link
Copy Markdown

@banu4prasad do you plan on creating a more concise PR or what is your thoughts on moving this forwards at this point? Thank you for your work on this so far 💚

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

card-i18n Card text translations. dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation. gist-card lang-card Issues related to the language card. repo-card Issues related to the pin/repo card. stats-card Feature, Enhancement, Fixes related to stats the stats card. wakatime-card Issues related to the wakatime card.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Show all time contributed to

3 participants