A code of conduct is a written statement of how members of a community are expected to behave, paired with a mechanism for reporting and responding to behavior that crosses the line. In open source it typically lives in the project’s repository and applies to issues, pull requests, chat, mailing lists, and any in-person events the project holds. The point is to convert implicit social norms, the unwritten rules everyone is assumed to know, into an explicit policy that newcomers can read and that maintainers can consistently enforce.
On GitHub a code of conduct is treated as one of the standard community-health files, alongside the README, license, and contribution guidelines. GitHub’s documentation explains that a project owner “can add a code of conduct to your project by using a template or manually creating a custom code of conduct,” and notes a practical wrinkle: the file is only marked complete in a repository’s community profile if it is added from a recognized template. The docs also spell out the naming convention, instructing owners to name the file CODE_OF_CONDUCT, optionally inside the .github or docs directory, so the platform can detect and surface it.
The mechanics of a code of conduct usually fall into three parts. First, a statement of values and the kinds of behavior the community expects and forbids. Second, a reporting path, often a dedicated contact address, so that someone who experiences or witnesses a problem knows who to tell and can expect confidentiality. Third, an enforcement process describing what happens after a report, frequently as a graduated set of responses ranging from a private word to a permanent ban. The most widely used template, the Contributor Covenant, supplies all three and has been, by its own account, “adopted by thousands of communities,” which made it the de facto reference point for what a code of conduct looks like.
Codes of conduct spread quickly through conferences and open-source projects during the 2010s. Event organizers adopted them in part for practical reasons, including the safety of attendees and the legal and reputational risk of harassment at a gathering, and many sponsors and venues came to expect one. Projects followed, and the appearance of a CODE_OF_CONDUCT file became a signal that a community had thought about its social environment rather than leaving it to chance.
The practice has also been contested. Some contributors welcomed explicit standards as a way to make communities safer and more welcoming, particularly to people who had been pushed out by harassment. Others objected that a behavior policy could be applied beyond technical conduct, worried about vague or selectively enforced rules, or resisted specific templates and the politics they associated with them. Those disagreements are part of a longer argument inside open source about governance, authority, and the relationship between a meritocratic technical culture and the social side of collaboration.
What separates a code of conduct from a vague pledge is enforcement. A document with no reporting path and no consequences functions as decoration; the operative questions are who receives reports, how impartially they act, and what actually happens to a violator. The lasting tension in the practice is the gap between adopting a code of conduct and consistently, fairly applying it, which is where most real-world disputes over these documents end up.