TLDRAW's New Contributions Policy: A Technical Deep Dive

The tldraw project (GitHub issue #7695) has implemented a new contributions policy that automatically closes pull requests from external contributors. This represents a significant shift in open-source governance strategy, moving from a fully open contribution model to a more curated approach.

Technical Definition

A contributions policy defines the rules and processes for how external developers can contribute code to a project. Traditional open-source projects use a pull request (PR) model where anyone can fork, modify, and submit changes. TLDRAW's new policy changes this to an automated closure system where PRs from non-maintainers are automatically closed, often with a message directing contributors to follow specific guidelines.

Core Principles

• Quality Control: Ensures contributions align with project architecture
• Maintainer Focus: Reduces context switching for core team
• Strategic Alignment: Keeps development focused on project roadmap
• Community Management: Sets clear expectations for contributors

This approach is common in large, mature projects like React or Kubernetes, where uncontrolled contributions can create technical debt and maintenance overhead.

• Automated PR closure for external contributors
• Shift from open to curated contribution model
• Alignment with project roadmap and architecture
• Reduced maintainer workload and context switching

The policy implementation uses GitHub automation to manage contributions. When a pull request is opened from a non-maintainer account, automated workflows trigger the closure process.

Technical Architecture

GitHub Actions Workflow

yaml name: Close External PRs on: pull_request_target: types: [opened]

jobs: check-author: runs-on: ubuntu-latest steps:

• name: Check if contributor is maintainer run: | if [[ ! "${{ github.event.pull_request.user.login }}" =~ "maintainer" ]]; then gh pr close ${{ github.event.pull_request.number }}
  --comment "External contributions are not accepted. Please open an issue first." fi

Implementation Components

1. Event Trigger: pull_request_target event captures new PRs
2. Author Validation: Checks GitHub username against maintainer list
3. Automated Response: Closes PR with explanatory comment
4. Issue Redirection: Directs contributors to create issues first

Alternative Approaches

• Manual Review: Traditional approach, high maintainer overhead
• CLA (Contributor License Agreement): Legal framework for contributions
• Bot-Based Triage: Automated labeling and routing
• Issue-First Model: Require issue discussion before PR submission

The automated closure model prioritizes project velocity over community contributions, which is appropriate for projects with clear architectural direction.

• GitHub Actions for automated PR management
• Maintainer list validation before closure
• Automated comments with contribution guidelines
• Issue-first contribution workflow

The tldraw policy reflects broader trends in open-source business models and project sustainability. For companies relying on open-source libraries, this has significant implications for development workflows and risk management.

Business Impact

For Project Maintainers

• Reduced Context Switching: Core team focuses on strategic features
• Quality Assurance: Every contribution undergoes architectural review
• Roadmap Adherence: Development aligns with business objectives
• Technical Debt Prevention: Uncontrolled contributions often create maintenance burden

For Organizations Using tldraw

• Dependency Risk: Changes in contribution policy may affect update frequency
• Customization Challenges: Limited ability to contribute fixes directly
• Support Requirements: Need for alternative contribution channels

Real-World Use Cases

Enterprise Application Development: Companies building drawing tools using tldraw must now:

1. Fork and maintain private versions
2. Work with maintainers for custom features
3. Budget for potential delays in bug fixes

Startup Integration: Startups using tldraw for MVPs face:

• Longer development cycles for customizations
• Need for in-house tldraw expertise
• Potential need to evaluate alternative libraries

Norvik Tech Perspective: From a consultancy standpoint, this policy shift requires clients to reassess their open-source dependency strategy. We recommend evaluating the project's health, maintainer responsiveness, and alternative libraries when such policies change.

• Project sustainability and maintainer burnout prevention
• Enterprise dependency risk assessment
• Customization strategy for businesses
• Open-source governance implications

Not all open-source projects should adopt automated contribution closure. The decision depends on project maturity, team size, and strategic goals.

Appropriate Scenarios

Mature Projects (10,000+ stars)

• Architecture Complexity: Deep integration with ecosystem
• Stable API: Breaking changes have wide impact
• Large User Base: Many organizations depend on stability
• Dedicated Maintainers: Core team can handle strategic development

Projects with Clear Business Model

• Commercial Backing: Company-funded development
• Premium Features: Open core with paid offerings
• Consulting Services: Professional support as revenue stream

Implementation Best Practices

1. Clear Documentation

markdown

Contributing Guidelines

We do not accept external pull requests directly.

Instead, please:

1. Open an issue describing your use case
2. Discuss with maintainers about architecture
3. Wait for maintainer approval before coding
4. Follow our coding standards and test requirements

2. Alternative Contribution Channels

• Issue-First Workflow: Require issue discussion before PR
• Contributor License Agreement (CLA): Legal protection
• Bounty Programs: Reward for specific features
• Sponsored Development: Paid custom development

3. Communication Strategy

• Transparent Rationale: Explain why the policy exists
• Clear Guidelines: Document acceptable contribution paths
• Responsive Maintainers: Acknowledge issues promptly
• Community Engagement: Regular updates on project direction

When to Avoid This Policy

• Early-stage projects needing community growth
• Academic/research projects benefiting from diverse contributions
• Community-driven projects with strong contributor culture
• Projects with limited maintainer bandwidth but high community interest

Recommendation: Start with issue-first workflow before implementing automated closure. Measure maintainer workload reduction versus community engagement impact.

• Mature projects with complex architecture
• Commercial-backed open source projects
• Clear documentation and communication
• Alternative contribution channels required