How to check if a GitHub repository is public

Check a single repository

Open the repository on github.com. Under the repository name, GitHub shows a Public or Private label. If it says Public, anyone on the internet can read the code, issues, and full history - including search engines and AI crawlers.

To change it, go to Settings, scroll to the Danger Zone, and use Change repository visibility. Switching back to private removes it from public view, but anything already cloned or indexed may persist elsewhere.

Check every repository at once

Checking repos one by one does not scale. To see your whole public footprint, list every public repository under an account:

• On a profile, open the Repositories tab and filter by Type: Public.
• Use the GitHub API: a request to /users/{username}/repos returns public repositories with their visibility.
• Use a tool like RepoGuard to scan an account and list all public repositories in one view - no login required.

What to look for

Public is not automatically a problem - open source is meant to be public. The risk is the repository you did not mean to publish: an internal tool, a prototype, a config repo, or anything whose name hints at secrets. Pay attention to repos named config, env, backup, or internal.

If you find an exposed repository

If a repository should never have been public, act in this order:

• Switch it to private in Settings -> Danger Zone.
• Rotate any credential it may have exposed - assume it is already compromised.
• Check the commit history; secrets can sit in old commits even after the file is gone.
• Note the decision, so the same repo does not resurface as a surprise in the next review.

Stay ahead of it

A one-time check is a snapshot. New repositories appear, visibility changes, and teammates push code you never see. The reliable approach is continuous monitoring that alerts you the moment a new public repository appears under an account you care about.