GitHub has found four million security vulnerabilities in its public code repository, sparking developers to do some serious spring cleaning.

Having conducted a scan for security bugs in its JavaScript and Ruby libraries, back in November, GitHub soon dug up a mass of known vulnerabilities, spread across some 500,000 of its public code libraries.

The company quickly informed the administrators of those libraries and by 1 December 450,000 known security holes had been plugged, either by shutting down vulnerable code or launching secure versions.

And it appears this process of identifying vulnerabilities and flagging them to developers and repository admins is delivering benefits, as GitHub noted that its users are now rapidly fixing security flaws in code that's freely available for anyone to access and use to create the next popular app.

"Since [December 2017], our rate of vulnerabilities resolved in the first seven days of detection has been about 30 percent. Additionally, 15 percent of alerts are dismissed within seven days that means nearly half of all alerts are responded to within a week. Of the remaining alerts that are unaddressed or unresolved, the majority belong to repositories that have not had a contribution in the last 90 days," said GitHub.