Why is my github repo allowing other users to contribute in spite of no collaborators?

Question

My public github repo has zero "collaborators" which I presume means only I can commit to this repo. Screenshot showing this is given below: I never added or removed a collaborator since creating this repo.

However, the repo is allowing two different users to commit changes:

Even now, I am able to commit through "krishnakrao" username (my 2nd github account) even though the repo is created by "kkraoj" and has zero "collaborators".

Why is this happening? How can I ("kkraoj" or the creator of the repo) maintain exclusive commit rights to it? I don't wish "krishnakrao" (or anyone else) to be able to commit to it. Please help.

Potentially useful information but ignore if irrelevant:

1. As per @HamiltonPharmD answer below, I have turned on branch protection but on github.com, I see that "krishnakrao" is commiting changes to the repo.
2. git config --get user returns "kkraoj" on my command line. When I make changes and commit afterward, on github.com the commits appear as under "krishnakrao". I have done git config --global user.name "kkraoj" and also updated the github token on my Windows Credential Manager to "kkraoj". So is it possible that Github thinks I am still "krishnakrao" while committing but thinks I am "kkraoj" for authenticating access to the repo?

Answer 1

For Visual Studio users:

As suggested by @bk2204 the git config user.email <my email id> command may solve your problem. But Visual Studio has UI to change the settings. You can set repository setting from Here.

1.

2.

3.

Answer 2

GitHub attributes commits based on the email address (user.email) you've used. If you create commits in your repository with one email address and then push them to the repository using the other account, this can occur. You can use git log to verify that's what's happening.

There are a wide variety of ways to control which email address is used, but in this case, if you want to use one identity, the easiest way is to set user.name and user.email in this repository specifically by using git config (without the --global flag). Note that user.name should be your personal name; it is not a username and has no effect on authentication whatsoever.

There are other ways to do this, such as using the conditional include mechanism in Git to choose certain configuration based on what directory it's in. There are many great answers on how to do this already, so I won't elaborate further here.

Note that GitHub allows you to push commits created by anyone to your repo. This is useful because many projects (e.g., Linux and Git) involve a central maintainer who pushes everyone's commits to the main repo, and disallowing this would be burdensome to those projects.

Answer 3

I suspect that your repo is public and your branches are not protected.

First, check if your repository is public or private:

1. Click Settings tab at top-right of your repo page
2. Scroll to bottom and check Danger Zone section. If one of the options states "Make this repository private" then your repo is currently public and others can see it.

If the repo is public, you must protect your branches to ensure others can't push/merge to your branches. To do this:

1. Click Settings tab at top-right of your repo page
2. Click Branches option on the left side
3. Next to Branch Protection Rules click Add rule
4. Under branch name pattern, type the name of your branch. i.e Master, dev, etc.
5. A typical selection to protect your branch is Require pull request reviews before merging and Require review from code owner
6. Click the green Create button at the bottom

Congratulations, you've protected your branch from the world!