Chaos and Order

💡 왼쪽 원문을 읽으면서 오른쪽에 따라 써보세요. Tab 키로 힌트를 받을 수 있습니다.

"Open source is not a place to dump code. It is a place to build trust."

Open source contribution is simultaneously the most overrated and the most underrated activity in a developer's career. It is overrated because of the fantasy that "filling up your GitHub graph gets you hired." It is underrated because the collaboration skills, code review instincts, and async communication you build along the way are, in practice, the core competencies of senior engineering.

This guide is for people who fear their first pull request, as well as for those who have contributed a few times but do not know how to earn a maintainer's trust. Encouraging but honest: we strip away the fantasy and keep only what actually works.

Prologue — Why Contribute, and What Not to Expect

Before you start contributing, audit your motivation honestly. The wrong expectations will break you at the first rejection.

The realistic payoffs

Learning: You read production-grade codebases and get reviewed by real maintainers. No course replaces this.
Career evidence: "Good collaborator" on a resume is hollow, but a link to a merged PR is verifiable. Recruiters look at your PR description and your review responses more than the code itself.
Network: Relationships with maintainers and fellow contributors lead to referrals and job opportunities. But this is an outcome, not a goal.
Impact: You fix the tools you use every day. One bug fix repairs builds for tens of thousands of people.

The common myths

Myth	Reality
Filling the graph gets you hired	Recruiters look at PR quality, not graph color
You must contribute to big projects to be recognized	A core contributor to a small project is a stronger signal
Your first PR gets merged immediately	A first PR averages 3-5 review rounds
You just need to write good code	Communication matters as much as code, sometimes more
Contributing is unpaid labor	The non-monetary rewards of learning and reputation are the point

Remember one sentence. The scarcest resource in open source is not code; it is the maintainer's time. Every piece of advice in this guide derives from that single line.

Chapter 1 · Choosing a Project — Contribute to What You Use

The most common mistake is picking a project because "it's famous" or "it looks good on a resume." Your motivation drains fast that way.

The principle: contribute to what you already use

Pick the library, framework, or CLI tool you use every day. The reasons are simple.

You already have domain context. You can reproduce bugs.
Things you want to fix arise naturally. You don't have to force yourself to find issues.
Contributing is improving your own work. The motivation sustains itself.

Signs of a healthy project

Five minutes in the issue tracker and PR list will tell you a project's health.

Healthy project	Dying project
Commits/merges within the last month	Last commit was a year ago
Maintainers respond to issues	Hundreds of issues pile up with no response
The `good first issue` label is maintained	No label system, or it is neglected
The CONTRIBUTING doc is current	No doc, or full of broken links
Recent PRs get merged after review	PRs sit open for months
CI is green and working	CI is broken and left that way
Several active maintainers	A solo maintainer in burnout

If you make your first contribution to a dying project, no matter how good your PR is, it will not even get reviewed. That is not your fault, but it is your wasted time.

The size and difficulty tradeoff

Large projects (React, Kubernetes, etc.): Strict process, slow reviews, fierce competition. But once merged, it is a strong signal.
Mid-size projects: Usually the best starting point. Maintainers welcome new contributors, and reviews are reasonably fast.
Small projects: Easy to become a core contributor, with a high chance of being promoted to maintainer. But there is a risk the project itself stalls.

If it is your first time, start with a mid-size project.

Chapter 2 · Before You Touch Code — What to Read

Getting excited and fixing code right away is the second most common mistake. There are documents you must read before touching code.

Documents you must read

The CONTRIBUTING doc: Branch strategy, commit message rules, how to run tests, the PR checklist. Skip it, and the first thing a reviewer says is "Read CONTRIBUTING."
The CODE_OF_CONDUCT doc: The community's behavior norms. Mostly common sense, but it tells you the tone and atmosphere.
The issue tracker: Check whether what you want to fix is already being discussed, or has already been rejected.
Existing PRs (both merged and closed): A living textbook of what this project accepts and rejects. Reading the reasons on closed PRs reveals the minefield.
The README and architecture docs: Understand the project's philosophy and scope.

A pre-flight checklist

Before you touch code, confirm the following.

[ ] Does an issue exist? If not, did you open one first and seek agreement?
[ ] Did a maintainer say "go ahead in this direction"?
[ ] Is there not already another PR doing the same thing?
[ ] Do the build and tests pass locally?
[ ] Did you check the code style / lint rules in CONTRIBUTING?

In particular, "throwing a large PR with no issue" is almost always rejected. From the maintainer's view, there is no time to review code in a direction nobody agreed to. Agreement comes before code.

Chapter 3 · Your First Contribution Is Not Code

Drop the equation "contribution equals code." The most welcome first contributions are often not code.

Contributions that are not code

Documentation improvements: Fixing typos, broken links, unclear explanations, missing examples. Small, but maintainers are grateful.
Reproduction confirmation: Reproducing a reported bug yourself and commenting "reproduced, here is my environment." This saves the maintainer significant time.
Issue triage: Marking duplicate issues, suggesting labels, requesting missing information. A direct contribution to running the project.
Adding tests: Adding tests to uncovered paths. Easy to review and low rejection risk.
Creating minimal reproductions: Reducing a complex bug report to short reproduction code.

Why start with non-code contributions

Reason	Explanation
Low barrier to entry	You do not need to understand the huge codebase
Low rejection risk	A typo fix leaves no room for debate
You learn the workflow	You safely practice fork, branch, PR
You build trust	The maintainer learns "this person is reliable"
You understand the project	Fixing docs reveals the code structure

Between someone who diligently merged three doc PRs and someone who threw a huge feature PR and disappeared, the maintainer trusts the former far more.

Chapter 4 · The First PR Workflow

Now the actual process of opening a PR. The standard workflow is as follows.

Step-by-step commands

# 1. Fork the repository (in the GitHub UI), then clone
git clone https://github.com/your-account/project.git
cd project
git remote add upstream https://github.com/original-org/project.git

# 2. Sync to the latest state
git fetch upstream
git checkout -b fix/issue-1234 upstream/main

# 3. Work, then commit (follow the project's conventions)
git add changed-files
git commit -m "fix: describe the bug (#1234)"

# 4. Push
git push origin fix/issue-1234

# 5. Create a Pull Request in the GitHub UI

Keep the scope small

One PR does one thing. A PR that says "while fixing the bug, I also refactored and fixed formatting" is impossible to review. The reviewer cannot tell intended changes from incidental ones.

Separate bug fixes from refactoring.
Send formatting changes as a separate PR, or do not make them at all.
The fewer lines changed in a single PR, the higher the chance of a merge.

A PR description template

A good PR description cuts the reviewer's work in half.

## What
This PR fixes a NullPointerException that occurs when the input is an
empty string.

## Why
Closes #1234. The app crashes when a user submits an empty search query.

## How
Added an empty-string guard at the entry of parseQuery, and changed it to
return an empty result for empty input.

## Testing
- Added a unit test for empty-string input
- Confirmed the full existing test suite passes
- Manually reproduced locally and confirmed the fix

## Notes
This change does not alter the public API signature.

Always link the issue

Putting Closes #1234 or Fixes #1234 in the PR description auto-closes the issue on merge. If the issue and PR are not linked, the maintainer has to reconstruct the context from scratch.

Chapter 5 · Surviving Code Review

Once you open your first PR, a review arrives. And it is almost always followed by change requests. This is where many new contributors break.

The review is not an attack on you

Review comments are about the code, not about you. "This variable name is ambiguous" is not "you are a bad developer." If you cannot separate the two, open source becomes a painful experience.

Do not get defensive. "Understood, I will change it this way" beats "why is this a problem."
If you disagree, present your reasoning politely. But acknowledge that the maintainer is the final decision-maker.
If the reviewer missed context, explain it, but in a tone of providing information, not of attacking.

Do not fear iteration

3-5 review rounds are normal. They are not a failure. Each round makes the code better.

Good response	Bad response
Reply to each comment, fix, then notify	Ignore comments and push silently
Address all comments at once	Address comments one trickle at a time
Explicitly mention what you could not fix	Just skip some comments
Propose "I will handle this in a follow-up PR"	Grow the scope without limit

The maintainer's time is the scarce resource

Do not make the reviewer say the same thing twice. Saving the reviewer's time directly raises the chance your PR gets merged.

Self-review before requesting a review. Read your own diff.
Request a review only after CI passes. Red CI wastes the reviewer's time.
Pre-write in the PR description anything the reviewer is likely to point out.

Chapter 6 · Etiquette and Communication

Open source is an async, unpaid, voluntary space. Your company's communication rules do not transfer directly.

Respect async

Maintainers live in different time zones, have day jobs, and work unpaid.

Waiting days for a reply is normal. Do not ping within 24 hours.
After a week of no response, ping once politely. Something like "do you happen to have time to look at this PR?"
Do not chase across multiple channels at once (no simultaneous barrage of issue, PR, Discord, email).

Drop the entitlement

The maintainer owes you nothing. They are people who gave you a tool for free.

What not to do	Do this instead
"Why haven't you reviewed this yet?"	"I'd appreciate it if you could look when you have time"
"This is an obvious bug, why isn't it fixed"	"I've attached repro steps, please take a look"
Publicly complain that replies are slow	Ping once politely and wait
Trash the project after a rejection	Understand the reason and find the next opportunity

Avoid drive-by PRs

A "drive-by PR" is a PR that throws a large change with no agreement and then disappears. It is the pattern maintainers hate most.

If you disappear without responding to review comments, the maintainer has to close the PR.
Only open PRs you can responsibly see through to the end.
If you do not have time, leave just an issue and write "contributions welcome." That is a contribution too.

Chapter 7 · What Maintainers Actually Want

Think from the maintainer's side and it becomes clear what a good contributor is.

The maintainer's wishlist

Small, reviewable PRs: Five 50-line PRs beat one 250-line PR.
PRs with tests: A test is the evidence that "this works" and a guard against regression.
PRs that follow conventions: Respect the project's code style, commit rules, and directory structure.
Patient contributors: They do not rush reviews and do not take rejection personally.
PRs that provide context: They clearly write what, why, and how.
Self-reviewed PRs: No debug code, no commented-out code, no typos.

What maintainers fear

Fear	Reason
A huge un-agreed PR	The review takes hours, and rejecting it creates conflict
Feature additions with no tests	They inherit future regression bugs
Disappearing contributors	The maintainer inherits a half-done PR
PRs whose scope keeps growing	The end is not in sight
Unverified AI-generated code	Plausible-looking but subtly wrong code

The core is reducing the maintainer's cognitive load. The easier your PR is to review, the faster it gets merged.

Chapter 8 · From Contributor to Maintainer

Contribute consistently and a moment comes when you are offered maintainer rights. This is not a promotion; it is a shift in responsibility.

How trust is built

Consistency: Six months of steady contribution builds more trust than one flashy PR.
Triage participation: Answer issues, review others' PRs, help new contributors.
Understanding the project's direction: Internalize what maintainers accept and reject.
Keeping promises: If you said "I will do this next week," do it.

The shift in responsibility

Your position completely flips between being a contributor and being a maintainer.

Contributor	Maintainer
Waits for their PR to be merged	Reviews others' PRs
Defends their own code	Protects the consistency of the whole project
The one being rejected	The one who has to reject
Receives time	Gives time
Focuses on one feature	Sees the whole roadmap

Become a maintainer and "rejecting things" becomes part of the job. A PR can be good but not fit the project's direction, and you have to reject it politely. This is emotionally hard, which is why maintainer burnout is common.

Watch out for burnout

Maintainer burnout is a chronic disease of open source. Even when you become a maintainer:

You are not obligated to answer every issue. Set priorities.
State response-time expectations in the README.
Add co-maintainers to spread the load.
Practice saying "no" without guilt.

Chapter 9 · Contributing in the AI Era

As of 2026, drafting PRs with AI agents has become common. But used irresponsibly, it becomes a disaster for maintainers.

How to use AI responsibly

An AI agent is a powerful tool, but it is just a tool. Responsibility for the PR is entirely yours.

Do not submit code you do not understand: You must be able to explain every line the AI generated. When the reviewer asks, you have to answer.
Verify AI output yourself: Go through build, tests, manual reproduction. "The AI wrote it, so it must be right" does not fly.
Review the tests the AI made too: AI sometimes makes tests that pass rather than tests that mean something.
Disclose whether the PR was AI-assisted: It depends on project policy, but transparency builds trust.

Do not dump AI slop on maintainers

"AI slop" refers to low-quality contributions, mass-generated by AI, that look plausible but are unverified. Between 2025 and 2026, many open source projects suffered from this problem.

Traits of AI slop	Responsible AI use
Mass PRs unrelated to issues	One PR for an agreed-upon issue
The contributor does not understand the code	The contributor can explain every line
Meaningless tests that only pass	Tests that verify actual behavior
Replying to review comments with AI again	The contributor thinks and responds personally
Trying to win by volume	An attitude of building trust through quality

Remember: AI is a tool to raise your productivity, not a means to offload the verification burden onto maintainers. Even when AI writes the code, the responsibility for and understanding of that code is the human's job.

A healthy AI usage workflow

1. Read the issue and understand it yourself (do not offload to AI)
2. Use AI to draft or explore an approach
3. Read the generated code line by line and understand it
4. Verify yourself via build/tests/reproduction
5. Write the PR description yourself, from what you understood
6. Think and respond to review comments as a human

Epilogue — Checklist and Anti-Patterns

Open source contribution is a matter of attitude, not skill. You can learn the code, but trust has to be built.

First contribution checklist

Did you pick a project you actually use?
Is that project healthy (recent commits, maintainer responses)?
Did you read CONTRIBUTING and CODE_OF_CONDUCT?
Did you skim existing issues and PRs?
Did you start with a non-code contribution (docs, reproduction confirmation)?
Does an issue exist, and is there agreement on the direction?
Is the PR scope small and doing only one thing?
Did you write what / why / how / testing in the PR description?
Did you link the issue to the PR?
Did you request a review only after CI passed?
Are you ready to respond to review comments politely and diligently?
If you used AI, did you understand and verify every line?

A collection of anti-patterns

The huge PR with no issue: Throwing a large change with no agreement.
The drive-by PR: Opening a PR and disappearing without responding to the review.
Entitlement: Complaining that the maintainer does not review fast enough.
Defensive review responses: Rebutting every comment and refusing to make changes.
Scope explosion: Continuously adding new changes mid-review.
Ignoring conventions: Violating the project style without reading CONTRIBUTING.
Picking a dead project: Contributing to a project neglected for a year and waiting for a response.
Dumping AI slop: Mass-submitting unverified AI-generated code.
Graph-filling contributions: Filling the contribution graph with meaningless changes.
Multi-channel barrage: Chasing the maintainer across several channels at once.

Next post teaser

The next post covers "The Maintainer's Perspective: What It Means to Run an Open Source Project." Issue triage strategy, designing contributor onboarding, sustaining a project without burnout, and the realities of governance and licensing — a deep look at open source from the opposite side of the contributor.

Open source is not a place to dump code. It is a place to build trust, learn collaboration, and become part of a community. Your first PR can be small. What matters is the attitude of seeing it through to the end. I am rooting for your first contribution.