I don't think I have ever used stars in making a decision to use a library and I don't understand why anyone would.
Here are the things I look at in order:
* last commit date. Newer is better
* age. old is best if still updating. New is not great but tolerable if commits aren't rapid
* issues. Not the count, mind you, just looking at them. How are they handled, what kind of issues are lingering open.
* some of the code. No one is evaluating all of the code of libraries they use. You can certainly check some!
What does stars tell me? They are an indirect variable caused by the above things (driving real engagement and third interest) or otherwise fraud. Only way to tell is to look at the things I listed anyway.
I always treated stars like a bookmark "I'll come back to this project" and never thought of it as a quality metric. Years ago when this problem first surfaced I was surprised (but should not have been in retrospect) they had become a substitute for quality.
I hope the FTC comes down hard on this.
donatj [3 hidden]5 mins ago
I run a tiny site that basically gave a point-at-able definition to an existing adhoc standard. As part of the effort I have a list of software and libraries following the standard on the homepage. Initially I would accept just about anything but as the list grew I started wanting to set a sort of notability baseline.
Specifically someone submitted a library that was only several days old, clearly entirely AI generated, and not particularly well built.
I noted my concerns with listing said library in my reply declining to do so, among them that it had "zero stars". The author was very aggressive and in his rant of a reply asked how many stars he needed. I declined to answer, that's not how this works. Stars are a consideration, not the be all end all.
You need real world users and more importantly real notability. Not stars. The stars are irrelevant.
This conversation happened on GitHub and since then I have had other developers wander into that conversation and demand I set a star count definition for my "vague notability requirement". I'm not going to, it's intentionally vague. When a metric becomes a target it ceases to be a good metric as they say.
I don't want the page to get overly long, and if I just listed everything with X star count I'd certainly list some sort of malware.
I am under no obligation to list your library. Stop being rude.
utopiah [3 hidden]5 mins ago
> When a metric becomes a target it ceases to be a good metric as they say.
These kinds of articles make you feel like there are specific, actionable problems that just need an adjustment and then they disappear. However, the system is much worse than you'd expect. Studies like this are extremely valuable, but they don't address the systematic problems affecting all signaling channels: most signals themselves have been manufactured into a product.
Build a SaaS and you'll have "journalists" asking if they can include you in their new "Top [your category] Apps in [current year]", you just have to pay $5k for first place, $3k for second, and so on (with a promotional discount for first place, since it's your first interaction).
You'll get "promoters" offering to grow your social media following, which is one reason companies may not even realize that some of their own top accounts and GitHub stars are mostly bots.
You'll get "talent scouts" claiming they can find you experts exactly in your niche, but in practice they just scrape and spam profiles with matching keywords on platforms like LinkedIn once you show interest, while simultaneously telling candidates that they work with companies that want them.
And in hiring, you'll see candidates sitting in interview farms quite clearly in East Asia, connecting through Washington D.C. IPs, present themselves with generic European names, with synthetic camera backgrounds, who somehow ace every question, and list experience with every technology you mention in the job post in their CVs already (not hyperbole, I've seen exactly this happen).
If a metric or signal matters, there is already an ecosystem built to fake it, and faking it starts to be operational and just another part of doing business.
vachina [3 hidden]5 mins ago
It all boils down to making more money.
gobdovan [3 hidden]5 mins ago
Yeah, but it's not a great way to do it.
Short term, you pay the cost of fake signaling, which is simply deadweight loss. People spend resources to inflate signals instead of improving the actual thing.
Medium term, I suppose you could see how it increases consumption, since users would probably try something with 100k stars instead of 2, GitHub wants to seem that it's used more than it really is, repo owner is also benefiting.
Long term, the correspondence between how important a (distorted) system is perceived (Github, OSS, IT in general) vs how important it really is collapses quite abruptly and unnecessarily, and you end up with a lemon market [0] where signals stop being reliable at all.
Of course - money is a good proxy for value in these instances. Not perfect, but good.
motakuk [3 hidden]5 mins ago
At the end it's a company choice: do you buy BS metrics or you don't.
We've recently decided to complicate life of AI bots in our repo https://archestra.ai/blog/only-responsible-ai, hoping they will just choose those AI startups who are easier to engage with.
mentalgear [3 hidden]5 mins ago
> VC funding pipeline that treats GitHub popularity as proof of traction
Why am I not surprised big Capital corrupts everything. Also, Goodhart's law applies again: "When a measure becomes a target, it ceases to be a good measure".
HN Folks: What reliant, diverse signals do you use to quickly eval a repo's quality?
For me it is: Maintenance status, age, elegance of API and maybe commit history.
PS: From the article:
> instead tracks unique monthly contributor activity - anyone who created an issue, comment, PR, or commit. Fewer than 5% of top 10,000 projects ever exceeded 250 monthly contributors; only 2% sustained it across six months.
> [...] recommends five metrics that correlate with real adoption: package downloads, issue quality (production edge cases from real users), contributor retention (time to second PR), community discussion depth, and usage telemetry.
readthedangcode [3 hidden]5 mins ago
I usually just read the dang code.
ernst_klim [3 hidden]5 mins ago
I think people expect the star system to be a cheap proxy for "this is a reliable piece of sorfware which has a good quality and a lot of eyes".
I think as a proxy it fails completely: astroturfing aside stars don't guarantee popularity (and I bet the correlation is very weak, a lot of very fundamental system libraries have small number of stars). Stars also don't guarantee the quality.
And given that you can read the code, stars seem to be a completely pointless proxy. I'm teaching myself to skip the stars and skim through the code and evaluate the quality of both architecture and implementation. And I found that quite a few times I prefer a less-"starry" alternative after looking directly at the repo content.
onion2k [3 hidden]5 mins ago
given that you can read the code, stars seem to be a completely pointless proxy
Imagine you're choosing between 3 different alternatives, and each is 100,000 LOC. Is 'reading the code' really an option? You need a proxy.
Stars isn't a good one because it's an untrusted source. Something like a referral would be much better, but in a space where your network doesn't have much knowledge a proxy like stars is the only option.
ernst_klim [3 hidden]5 mins ago
> Is 'reading the code' really an option? You need a proxy.
100k is small, but you're right, it can be millions. I usually skim through the code tho, and it's not that hard. I don't need to fully read and understand the code.
What I look at is: high-level architecture (is there any, is it modular or one big lump of code, how modular it is, what kind of modules and components it has and how they interact), code quality (structuring, naming, aesthetics), bus factor (how many people contribute and understand the code base).
readthedangcode [3 hidden]5 mins ago
Ask Claude to help. Read the dang code. You'll be more confident in your decision and better positioned to handle any issues you encounter.
lukan [3 hidden]5 mins ago
The issues page used to be good for this as well. What kind of problems people are having.
(Sometimes still is, but the agents garbage does not help)
dafi70 [3 hidden]5 mins ago
Honest question: how can VCs consider the 'star' system reliable? Users who add stars often stop following the project, so poorly maintained projects can have many stars but are effectively outdated.
A better system, but certainly not the best, would be to look at how much "life" issues have, opening, closing (not automatic), and response times.
My project has 200 stars, and I struggle like crazy to update regularly without simple version bumps.
mapmeld [3 hidden]5 mins ago
Making the conversations about VCs expecting thousands of stars, is thinking too big. It's probably more often someone pays $20 to make one of their projects look good, for their CV, for vanity, thinking this will get them the push that they need to get clicks on reddit, or noticed over some other open source project. If there is someone offering a 10k star project an investment over 8k without looking at the project or revenue potential, I can only think they are clueless, or picking a student project to fund each summer.
The fake accounts often star my old repos to look like real users. They are usually very sketchy if you think for a minute, for example starring 5,000 projects in a month and no other GitHub activity. One time I found a GitHub Sponsor ring, which must be a money laundering / stolen credit cards thing?
3form [3 hidden]5 mins ago
The stars have fallen to the classic problem of becoming a goal and stopping being a good metric. This can apply to your measure just as well: issues can also be gamed to be opened, closed and responded to quickly, especially now with LLMs.
sunrunner [3 hidden]5 mins ago
Was it ever a good metric? A star from another account costs nothing and conveys nothing about the sincerity, knowledge, importance or cultural weight of the star giver. As a signal it's as weak as 'hitting that like button'.
If the number of stars are in the thousands, tens of thousands, or hundreds of thousands, that might correlate with a serious project. But that should be visible by real, costly activity such as issues, PRs, discussion and activity.
noosphr [3 hidden]5 mins ago
There was a time when total number of hyperlinks to a site was an amazing metric measuring its quality.
embedding-shape [3 hidden]5 mins ago
Yeah, the time between Google appeared, until the time SEO became a concept people chased, a very brief moment of time.
kang [3 hidden]5 mins ago
at that time having a website took work, while having a github account can be cheaply used to sybil attack/signal marketing
3form [3 hidden]5 mins ago
There isn't just "good metric" in vacuum - it was a good metric of exactly the popularity that you mentioned. But stars becoming an object of desire is what killed it for that purpose. Perhaps now they are a "good metric" of combined interest and investment in the project, but what they're measuring is just not useful anymore.
sunrunner [3 hidden]5 mins ago
Yeah, I'd agree with this. I always thought of a star indicating only that a person (or account, generally) had an active interest in another project, either through being directly related or just from curiosity. Which can sort of work as a proxy for interesting, important or active, but not accurately.
einpoklum [3 hidden]5 mins ago
A repository with zero stars has essentially no users. A repository with single-stars has a few users, but possibly most/all are personal acquiantances of the author, or members of the project.
It is the meaning of having dozens or hundreds of stars that is undermined by the practice described at the linked post.
amonith [3 hidden]5 mins ago
I especially love issues automatically "closed due to inactivity" just to keep the number of issues down :V
alaudet [3 hidden]5 mins ago
Sometimes people open issues without proper information. It cant be replicated and nobody else is jumping in that it affects them. You may suspect its something else, maybe with their environment, but if they don't engage what else can you do? Tell them you are closing it and specify what kind of info you need if they ever get around to providing it and it can be reopened.
werdnapk [3 hidden]5 mins ago
And sometimes the maintainer simply doesn't respond to a perfectly acceptable issue due to either the maintainer abandoning the project, not enough maintainers or simple neglect.
test1235 [3 hidden]5 mins ago
"When a measure becomes a target, it ceases to be a good measure"
You are looking for different things to VCs. You are looking for markers that show software quality over the long-term. They are looking for markers that show rapidly gaining momentum over the short-term. These are often in opposition to one another.
HighlandSpring [3 hidden]5 mins ago
I wonder if there's a more graph oriented score that could work well here - something pagerank ish so that a repo scores better if it has issues reported by users who themselves have a good score. So it's at least a little resilient to crude manipulation attempts
az226 [3 hidden]5 mins ago
GitHub has all kinds of private internal metrics that could update the system to show a much higher signal/quality score. A score that is impervious to manipulation. And extremely well correlated with actual quality and popularity and value, not noise.
Two projects could look exactly the same from visible metrics, and one is complete shell and the other a great project.
But they choose not to publish it.
And those same private signals more effectively spot the signal-rich stargazers than PageRank.
3form [3 hidden]5 mins ago
It would be more resilient indeed, I think. Definitely needs a way to figure out which users should have a good score, though - otherwise it's just shifting the problem somewhat. Perhaps it could be done with a reputation type of approach, where the initial reputation would be driven by a pool of "trusted" open source contributors from some major projects.
That said, I believe the core problem is that GitHub belongs to Microsoft, and so it will still go more towards operating like a social network than not - i.e. engagement matters. It will still take a good will to get rid of Social Network Disease at scale.
az226 [3 hidden]5 mins ago
Reputation doesn’t equal good taste in judging other projects.
There are much better ways of finding those who have good taste.
hobofan [3 hidden]5 mins ago
Unless something has changed in the last ~3 years, I think the article vastly overstates the credibility with VC's.
Even 10 years ago most VCs we spoke to had wisened up and discarded Github stars as a vanity metric.
az226 [3 hidden]5 mins ago
Much more important is who starred it. And are they selective about giving out stars or bookmarking everything. Forks is a closer signal to usage than stargazing.
foresterre [3 hidden]5 mins ago
With the advent of AI, these "life" events are probably even simpler to fake than AI though, and unlike the faking of stars not against the ToS.
askl [3 hidden]5 mins ago
Stars are a simple metric even someone like a VC investor can understand. Your "better system" sounds far too complicated and time consuming.
ethegwo [3 hidden]5 mins ago
Many VCs are only doing one thing: how to use some magical quantitative metrics to assess whether a project is reliable without knowing the know-how. Numbers are always better than no numbers.
dukeyukey [3 hidden]5 mins ago
Honestly I don't know if that's true. Picking up on vibes might be better than something like GitHub stats.
ethegwo [3 hidden]5 mins ago
When a partner decides to recommend a startup to the investment committee, he needs some explicit reasons to convince the committee, not some kind of implicit vibe
dukeyukey [3 hidden]5 mins ago
But given the amount of astroturfing and star-buying out there, relying on star counts may well select for deceptive founders.
csomar [3 hidden]5 mins ago
Because VCs love quantifiable metrics regardless of how reliable they actually are. They raise money from outside investors and are under pressure to deploy it. The metrics give them something concrete to justify their thesis and move on with their life.
faangguyindia [3 hidden]5 mins ago
because VC don't care about anything being legitimate, if it can fool VCs it can also fool market participants, then VC can profit off of it.
one VC told me, you'll get more funding and upvotes if u don't put "india" in your username.
Se_ba [3 hidden]5 mins ago
This is a good idea, but from my experience most VCs (I’m not talking about the big leagues) aren’t technical, they tend to repeat buzzwords, so they don’t really understand how star systems works.
logicallee [3 hidden]5 mins ago
>Honest question: how can VCs consider the 'star' system reliable?
Founders need the ability to get traction, so if a VC gets a pitch and the project's repo has 0 stars, that's a strong signal that this specific team is just not able to put themselves out there, or that what they're making doesn't resonate with anyone.
When I mentioned that a small feature I shared got 3k views when I just mentioned it on Reddit, then investors' ears perked right up and I bet you're thinking "I wonder what that is, I'd like to see that!" People like to see things that are popular.
By the way, congrats on 200 stars on your project, I think that is definitely a solid indicator of interest and quality, and I doubt investors would ignore it.
scotty79 [3 hidden]5 mins ago
> how can VCs consider the 'star' system reliable
I think VCs just know that there are no reliable systems, so they go with whatever's used.
* https://arxiv.org/abs/2412.13459 (2024/2025) - Six Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Spams, and Malware
ricardo81 [3 hidden]5 mins ago
Same old story of centralised algorithms being abused.
Github stars is akin to 'link popularity' or 'pagerank' which is ripe for abuse.
One way around it is to trust well known authors/users more. But it's hard to verify who is who. And accounts get bought/closed/hacked.
Another way is to hand over the algo in a way where individuals and groups can shape it, so there's no universal answer to everyone.
hnmullany [3 hidden]5 mins ago
I came across one of these in 2018 with a "hot" open source company raising a Series B. An impressive star ramp (about 300% YoY growth) before the (high-priced/competitive) raise and three months later Github had revoked almost all the star growth from the previous year, resulting in a 20% YoY record. The company eventually got acquihired.
aledevv [3 hidden]5 mins ago
> VCs explicitly use stars as sourcing signals
In my opinion, nothing could be more wrong. GitHub's own ratings are easily manipulated and measure not necessarily the quality of the project itself, but rather its Popularity. The problem is that popularity is rarely directly proportional to the quality of the project itself.
I'm building a product and I'm seeing what important is the distribution and comunication instead of the development it self.
Unfortunately, a project's popularity is often directly proportional to the communication "built" around it and inversely proportional to its actual quality. This isn't always the case, but it often is.
Moreover, adopting effective and objective project evaluation tools is quite expensive for VCs.
ozgrakkurt [3 hidden]5 mins ago
Vast majority of mid level experienced people take stars very seriously and they won't use anything under 100 stars.
I'm not supporting this view but it is what it is unfortunately.
VCs that invest based on stars do know something I guess or they are just bad investors.
IMO using projects based on start count is terrible engineering practice.
tylergetsay [3 hidden]5 mins ago
I've seen the same devs refuse to use a library because the last commit was 3 months ago, despite the library being extremely popular, battle tested, and existing for 10 years.
aledevv [3 hidden]5 mins ago
also and above all because it can be easily manipulated, as the research explained in the article actually demonstrates
williamdclt [3 hidden]5 mins ago
Well, pretty sure that VCs are more interested in popularity than in quality so maybe it's not such a bad metric for them.
aledevv [3 hidden]5 mins ago
Yes, you're right, but popularity becomes fleeting without real quality behind the projects.
Hype helps raise funds, of course, and sells, of course.
But it doesn't necessarily lead to long-term sustainability of investments.
tsylba [3 hidden]5 mins ago
Personally I use stars in two ways: 1) It's interesting and I want to keep track of it for possible future use and 2) It's a fantastic idea and kudos to you even if I'll never use it.
As a side note it's kind of disheartening that everytime there is a metric related to popularity there would be some among us that will try to game it for profit, basically to manipulate our natural bias.
As a side note it's always a bit sad how the parasocial nature of the modern web make us like machine interfacing via simple widgets, becoming mechanical robot ourselves rationalising IO via simple metrics kind of forgetting that the map is never the territory.
lkm0 [3 hidden]5 mins ago
We're this close to rediscovering pagerank
ricardo81 [3 hidden]5 mins ago
It'd ideally be more of a peoplerank though. I think Google discovered this problem themselves when Pagerank became a well known thing.
You'd want to discard a lot of the noise in the bottom 20% of linking power. You want to focus more on the 'trust' factor.
TheTaytay [3 hidden]5 mins ago
I was literally was just looking at GitHub dataset availability and musing on this. A star from karpathy is worth a lot more than a star from open_claw_dood that just created his account 5 min ago.
In general, I’ve been dissatisfied with GitHub’s code search. It would be nice to see innovation here.
apples_oranges [3 hidden]5 mins ago
I look at the starts when choosing dependencies, it's a first filter for sure. Good reminder that everything gets gamed given the incentives.
msdz [3 hidden]5 mins ago
> I look at the starts when choosing dependencies, it's a first filter for sure.
Unfortunately I still look at them, too, out of habit: The project or repo's star count _was_ a first filter in the past, and we must keep in mind it no longer is.
> Good reminder that everything gets gamed given the incentives.
Also known as Goodhart's law [1]: "When a measure becomes a target, it ceases to be a good measure".
Essentially, VCs screwed this one up for the rest of us, I think?
> The project or repo's star count _was_ a first filter in the past, a
I agree that it has been a first filter, but should it ever have been? A star only says that someone had a passing interest in a project. Not significantly different from a 'like' on a social media post.
yuppiepuppie [3 hidden]5 mins ago
> The project or repo's star count _was_ a first filter in the past, and we must keep in mind it no longer is.
Id suggest the first question to ask is "if the project is an AI project or not?" If it is, dont pay attention to the stars - if it's not, use the stars as a first filter. That's the way I analyse projects on Github now.
moffkalast [3 hidden]5 mins ago
Average case of "once a measure becomes a target".
mercurialsolo [3 hidden]5 mins ago
Cost of signalling is way lesser than the cost of verification.
mercurialsolo [3 hidden]5 mins ago
Stars are like for developers? and you have a bunch of creators now entering the arena. what did you expect?
socketcluster [3 hidden]5 mins ago
My project https://github.com/socketCluster/socketcluster has been accumulating stars slowly but steadily over about 13 years. Now it has over 6k stars but it doesn't seem to mean much nowadays as a metric. It sucks having put in the effort and seeing it get lost in a sea of scams and seeing people doubting my project's own authenticity.
It does feel like everything is a scam nowadays though. All the numbers seem fake; whether it's number of users, number of likes, number of stars, amount of money, number of re-tweets, number of shares issued, market cap... Maybe it's time we focus on qualitative metrics instead?
Lapel2742 [3 hidden]5 mins ago
I do not look at the stars. I look at the list of contributors, their activities and the bug reports / issues.
est [3 hidden]5 mins ago
> I look at the list of contributors
Specifically if those avatars are cute animie girls.
tomaytotomato [3 hidden]5 mins ago
> Specifically if those avatars are cute anime girls.
I know you are half joking/not joking, but this is definitely a golden signal.
GaryBluto [3 hidden]5 mins ago
Positive or negative to you? Whenever I see more than one anime-adjacent profile picture I duck out.
pezgrande [3 hidden]5 mins ago
Positive ofc, most of them a top-tier Rust devs.
mrweasel [3 hidden]5 mins ago
Yeah, I didn't think anyone would place any actual value on the stars. It almost doesn't need to be a feature, because what is it suppose to do exactly?
elashri [3 hidden]5 mins ago
I usually use stars as a bookmark list to visit later (which I rarely do). I probably would need to stop doing that and use my self-hosted "Karkeep" instance for github projects as well.
I think the reason is that investors are not IT experts and don't know better metrics to evaluate.
I guess it's like fake followers on other social media platforms.
To me, it just reflects a behaviour that is typical of humans: in many situations, we make decisions in fields we don't understand, so we evaluate things poorly.
Topfi [3 hidden]5 mins ago
I don't know what is more, for lack of a better word, pathetic, buying stars/upvotes/platform equivalent or thinking of oneself as a serious investor and using something like that as a metric guiding your decision making process.
I'd give a lot of credit to Microsoft and the Github team if they went on a major ban/star removal wave of affected repos, akin to how Valve occasionally does a major sweep across CSGO2 banning verified cheaters.
luke5441 [3 hidden]5 mins ago
The problem is that if this is the game now, you need to play it. I'm trying to get a new open source project off the ground and now I wonder if I need to buy fake stars.
Or buy the cheapest kind of fake stars for my competitors so they get deleted.
For Microsoft this is another kind of sunk cost, so idk how much incentive they have to fix this situation.
Topfi [3 hidden]5 mins ago
The issue with that is, it's a game that never ends. Now you need to inflate your npm/brew/dnf installs, then your website traffic to not make it to obvious, etc.
I am not successful at all with my current projects (admittedly am not trying to be nowadays), so feel free to dismiss this advice that predates a time before LLM driven development, but in the past, I have had decent success in forums interacting with those with a specific problem my project did address. Less in stars, more in actual exchange of helpful contributions.
superdisk [3 hidden]5 mins ago
An open source project really shouldn't be something you need to "get off the ground." If it provides value then people will naturally use it.
luke5441 [3 hidden]5 mins ago
How do people know it exists to solve their problem? Even before LLMs it was hard to get through VC funded marketing by (commercial) competitors.
My first Open Source project easily got off the ground just by being listed in SourceForge.
mariusor [3 hidden]5 mins ago
Haha, have you tried that? I think in this day and age marketing is much needed activity even for open-source projects providing quality solutions to problems.
superdisk [3 hidden]5 mins ago
I maintain a niche-popular project that I didn't do any marketing for. My understanding is that even for popular projects, the usual dynamic is that there's just one guy doing all the work. So "getting off the ground" just means getting people to use it, and there shouldn't be any reason to artificially force that.
tonyedgecombe [3 hidden]5 mins ago
It depends what your objective is. Many people seem to see their open source projects as a stepping stone into some commercial activity. Putting aside whether that is a good idea or not if that is what they want to do then they will need to market in some way.
Miraltar [3 hidden]5 mins ago
Citing Valve as a model for handling cheating is not what I'd have reached for.
Topfi [3 hidden]5 mins ago
Honest question, which companies handle the process better given it is a trade-off? Yes, VAC is not as iron-clad as kernel level solutions can be, but the latter is overly invasive for many users. I'd argue neither is the objectively right or better approach here and Valves approach of longer term data collection and working on ML solutions that have the potential to catch even those cheating methods currently able to bypass kernel level anti-cheat is a good step.
On Github stars, I'd argue they are the most suitable comparison, as all the funny business regarding stars should be, if at all, detectable by Github directly and ideally, bans would have the biggest deterrent effect, if they happened in larger waves, allowing the community to see who did engage in fraudulent behaviour.
talsania [3 hidden]5 mins ago
Seen this firsthand, repos with hundreds of stars and zero meaningful commits or issues. In hardware/RTL projects it's less prominent.
nottorp [3 hidden]5 mins ago
Why is zero public repos a criteria?
I paid github for years to keep my repos private...
But then I don't participate in the stars "economy" anyway, I don't star and I don't count stars, so I'm probably irrellevant for this study.
Topfi [3 hidden]5 mins ago
Am very much the same, took a bunch private two years ago for multitude of reasons. I can, however, see why no public repos could be a partial indicator and of concern, in conjunction with sudden star growth, simply because it is hard for a person with no prior project to suddenly and publicly strike gold. Even on Youtube it is a rare treat to stumble across a well made video by a small channel and without algos to surface repos on Github in the same way, any viral success from a previously inactive account should be treated with some suspicion. Same the other way, if you never made any PR, etc. sudden engagement is a bit odd.
nottorp [3 hidden]5 mins ago
I think they're using it as a signal for the accounts doing the starring, not the account being starred...
umrashrf [3 hidden]5 mins ago
The stick of God doesn't make sound. God's work indeed
AKSF_Ackermann [3 hidden]5 mins ago
So, if star to fork ratio is the new signal, time to make an extra fake star tier, where the bot forks the repo, generates a commit with the cheapest LLM available and pushes that to gh, right?
anant-singhal [3 hidden]5 mins ago
Seen this happen first-hand with mid-to-large open source projects that sometimes "sponsor" hackathons, literally setting a task to "star the repo" to be eligible.
It’s supposed to get people to actually try your product. If they like it, they star it. Simple.
At that point, forcing the action just inflates numbers and strips them of any meaning.
Gaming stars to set it as a positive signal for the product to showcase is just SHIT.
Oras [3 hidden]5 mins ago
Would be nice to see the ratio of OpenClaw stars
az226 [3 hidden]5 mins ago
99% stars from Claws themselves
nryoo [3 hidden]5 mins ago
The real metric is: does it solve my problem, and is the maintainer still responding to issues? Everything else is just noise.
rvz [3 hidden]5 mins ago
Who ever thought that GitHub stars were a legitimate measure of a project's popularity does not understand Goodhart's Law and such metrics were easily abused, faked, gamed and manipulated.
ozgrakkurt [3 hidden]5 mins ago
> Jordan Segall, Partner at Redpoint Ventures, published an analysis of 80 developer tool companies showing that the median GitHub star count at seed financing was 2,850 and at Series A was 4,980. He confirmed: "Many VCs write internal scraping programs to identify fast growing github projects for sourcing, and the most common metric they look toward is stars."
> Runa Capital publishes the ROSS (Runa Open Source Startup) Index quarterly, ranking the 20 fastest-growing open-source startups by GitHub star growth rate. Per TechCrunch, 68% of ROSS Index startups that attracted investment did so at seed stage, with $169 million raised across tracked rounds. GitHub itself, through its GitHub Fund partnership with M12 (Microsoft's VC arm), commits $10 million annually to invest in 8-10 open-source companies at pre-seed/seed stages based partly on platform traction.
This all smells like BS. If you are going to do an analysis you need to do some sound maths on amount of investment a project gets in relation to github starts.
All this says is stars are considered is some ways, which is very far from saying that you get the fake stars and then you have investment.
This smells like bait for hating on people that get investment
kortilla [3 hidden]5 mins ago
I asked Claude for an analysis on the maturity of various open source projects accomplishing the same thing. Its first searches were for GitHub star counts for each project. I was appalled at how dumb an approach that was and mortified at how many people must be espousing that equivocation online to make the training jump to that.
scotty79 [3 hidden]5 mins ago
Definite proof that github is social network for programmers.
bjourne [3 hidden]5 mins ago
> The CMU researchers recommended GitHub adopt a weighted popularity metric based on network centrality rather than raw star counts. A change that would structurally undermine the fake star economy. GitHub has not implemented it.
> As one commenter put it: "You can fake a star count, but you can't fake a bug fix that saves someone's weekend."
I'm curious what the research says here---can you actually structurally undermine the gamification of social influence scores? And I'm pretty sure fake bugfixes are almost trivial to generate by LLMs.
az226 [3 hidden]5 mins ago
I’d say those CMU researchers are out of touch with the reality. GitHub can easily overhaul this with a much better system than what those researchers recommended but chooses not to.
“gstack is not a hypothetical. It’s a product with real users:
75,000+ GitHub stars in 5 weeks
14,965 unique installations (opt-in telemetry, so real number is at least 2x higher)
305,309 skill invocations recorded since January 2026
~7,000 weekly active users at peak”
GitHub stars are a meaningless metric but I don’t think a high star count necessarily indicates bought stars. I don’t think Garry is buying stars for his project.
People star things because they want to be seen as part of the in-crowd, who knows about this magical futuristic technology, not because they care to use it.
Some companies are buying stars, sure, but the methodology for identifying it in this article is bad.
drcongo [3 hidden]5 mins ago
I got gently admonished on here a while back for mentioning that I find those star graph things people put on their READMEs to have entirely the opposite effect than that which was intended. I see one of those and I'm considerably less likely to trust the project because a) you're chasing a stupider metric than lines of code, and b) people obviously buy stars.
m00dy [3 hidden]5 mins ago
same here on HN as well
RITESH1985 [3 hidden]5 mins ago
The fake star problem is a symptom of a deeper issue — developers can't tell signal from noise in the agent ecosystem. The tools that actually get real adoption are the ones that solve acute production problems. Agents are hitting these in production issues of state management every day and there's almost no tooling for it. That's where genuine organic stars come from — solving a real pain, not gaming rankings
HN.zip
Here are the things I look at in order:
* last commit date. Newer is better
* age. old is best if still updating. New is not great but tolerable if commits aren't rapid
* issues. Not the count, mind you, just looking at them. How are they handled, what kind of issues are lingering open.
* some of the code. No one is evaluating all of the code of libraries they use. You can certainly check some!
What does stars tell me? They are an indirect variable caused by the above things (driving real engagement and third interest) or otherwise fraud. Only way to tell is to look at the things I listed anyway.
I always treated stars like a bookmark "I'll come back to this project" and never thought of it as a quality metric. Years ago when this problem first surfaced I was surprised (but should not have been in retrospect) they had become a substitute for quality.
I hope the FTC comes down hard on this.
Specifically someone submitted a library that was only several days old, clearly entirely AI generated, and not particularly well built.
I noted my concerns with listing said library in my reply declining to do so, among them that it had "zero stars". The author was very aggressive and in his rant of a reply asked how many stars he needed. I declined to answer, that's not how this works. Stars are a consideration, not the be all end all.
You need real world users and more importantly real notability. Not stars. The stars are irrelevant.
This conversation happened on GitHub and since then I have had other developers wander into that conversation and demand I set a star count definition for my "vague notability requirement". I'm not going to, it's intentionally vague. When a metric becomes a target it ceases to be a good metric as they say.
I don't want the page to get overly long, and if I just listed everything with X star count I'd certainly list some sort of malware.
I am under no obligation to list your library. Stop being rude.
https://en.wikipedia.org/wiki/Goodhart's_law
Build a SaaS and you'll have "journalists" asking if they can include you in their new "Top [your category] Apps in [current year]", you just have to pay $5k for first place, $3k for second, and so on (with a promotional discount for first place, since it's your first interaction).
You'll get "promoters" offering to grow your social media following, which is one reason companies may not even realize that some of their own top accounts and GitHub stars are mostly bots.
You'll get "talent scouts" claiming they can find you experts exactly in your niche, but in practice they just scrape and spam profiles with matching keywords on platforms like LinkedIn once you show interest, while simultaneously telling candidates that they work with companies that want them.
And in hiring, you'll see candidates sitting in interview farms quite clearly in East Asia, connecting through Washington D.C. IPs, present themselves with generic European names, with synthetic camera backgrounds, who somehow ace every question, and list experience with every technology you mention in the job post in their CVs already (not hyperbole, I've seen exactly this happen).
If a metric or signal matters, there is already an ecosystem built to fake it, and faking it starts to be operational and just another part of doing business.
Short term, you pay the cost of fake signaling, which is simply deadweight loss. People spend resources to inflate signals instead of improving the actual thing.
Medium term, I suppose you could see how it increases consumption, since users would probably try something with 100k stars instead of 2, GitHub wants to seem that it's used more than it really is, repo owner is also benefiting.
Long term, the correspondence between how important a (distorted) system is perceived (Github, OSS, IT in general) vs how important it really is collapses quite abruptly and unnecessarily, and you end up with a lemon market [0] where signals stop being reliable at all.
[0] https://en.wikipedia.org/wiki/The_Market_for_Lemons
We've recently decided to complicate life of AI bots in our repo https://archestra.ai/blog/only-responsible-ai, hoping they will just choose those AI startups who are easier to engage with.
Why am I not surprised big Capital corrupts everything. Also, Goodhart's law applies again: "When a measure becomes a target, it ceases to be a good measure".
HN Folks: What reliant, diverse signals do you use to quickly eval a repo's quality? For me it is: Maintenance status, age, elegance of API and maybe commit history.
PS: From the article:
> instead tracks unique monthly contributor activity - anyone who created an issue, comment, PR, or commit. Fewer than 5% of top 10,000 projects ever exceeded 250 monthly contributors; only 2% sustained it across six months.
> [...] recommends five metrics that correlate with real adoption: package downloads, issue quality (production edge cases from real users), contributor retention (time to second PR), community discussion depth, and usage telemetry.
I think as a proxy it fails completely: astroturfing aside stars don't guarantee popularity (and I bet the correlation is very weak, a lot of very fundamental system libraries have small number of stars). Stars also don't guarantee the quality.
And given that you can read the code, stars seem to be a completely pointless proxy. I'm teaching myself to skip the stars and skim through the code and evaluate the quality of both architecture and implementation. And I found that quite a few times I prefer a less-"starry" alternative after looking directly at the repo content.
Imagine you're choosing between 3 different alternatives, and each is 100,000 LOC. Is 'reading the code' really an option? You need a proxy.
Stars isn't a good one because it's an untrusted source. Something like a referral would be much better, but in a space where your network doesn't have much knowledge a proxy like stars is the only option.
100k is small, but you're right, it can be millions. I usually skim through the code tho, and it's not that hard. I don't need to fully read and understand the code.
What I look at is: high-level architecture (is there any, is it modular or one big lump of code, how modular it is, what kind of modules and components it has and how they interact), code quality (structuring, naming, aesthetics), bus factor (how many people contribute and understand the code base).
(Sometimes still is, but the agents garbage does not help)
The fake accounts often star my old repos to look like real users. They are usually very sketchy if you think for a minute, for example starring 5,000 projects in a month and no other GitHub activity. One time I found a GitHub Sponsor ring, which must be a money laundering / stolen credit cards thing?
If the number of stars are in the thousands, tens of thousands, or hundreds of thousands, that might correlate with a serious project. But that should be visible by real, costly activity such as issues, PRs, discussion and activity.
It is the meaning of having dozens or hundreds of stars that is undermined by the practice described at the linked post.
https://en.wikipedia.org/wiki/Goodhart%27s_law
Two projects could look exactly the same from visible metrics, and one is complete shell and the other a great project.
But they choose not to publish it.
And those same private signals more effectively spot the signal-rich stargazers than PageRank.
That said, I believe the core problem is that GitHub belongs to Microsoft, and so it will still go more towards operating like a social network than not - i.e. engagement matters. It will still take a good will to get rid of Social Network Disease at scale.
There are much better ways of finding those who have good taste.
Even 10 years ago most VCs we spoke to had wisened up and discarded Github stars as a vanity metric.
one VC told me, you'll get more funding and upvotes if u don't put "india" in your username.
Founders need the ability to get traction, so if a VC gets a pitch and the project's repo has 0 stars, that's a strong signal that this specific team is just not able to put themselves out there, or that what they're making doesn't resonate with anyone.
When I mentioned that a small feature I shared got 3k views when I just mentioned it on Reddit, then investors' ears perked right up and I bet you're thinking "I wonder what that is, I'd like to see that!" People like to see things that are popular.
By the way, congrats on 200 stars on your project, I think that is definitely a solid indicator of interest and quality, and I doubt investors would ignore it.
I think VCs just know that there are no reliable systems, so they go with whatever's used.
* https://arxiv.org/abs/2412.13459 (2024/2025) - Six Million (Suspected) Fake Stars in GitHub: A Growing Spiral of Popularity Contests, Spams, and Malware
Github stars is akin to 'link popularity' or 'pagerank' which is ripe for abuse.
One way around it is to trust well known authors/users more. But it's hard to verify who is who. And accounts get bought/closed/hacked.
Another way is to hand over the algo in a way where individuals and groups can shape it, so there's no universal answer to everyone.
In my opinion, nothing could be more wrong. GitHub's own ratings are easily manipulated and measure not necessarily the quality of the project itself, but rather its Popularity. The problem is that popularity is rarely directly proportional to the quality of the project itself.
I'm building a product and I'm seeing what important is the distribution and comunication instead of the development it self.
Unfortunately, a project's popularity is often directly proportional to the communication "built" around it and inversely proportional to its actual quality. This isn't always the case, but it often is.
Moreover, adopting effective and objective project evaluation tools is quite expensive for VCs.
I'm not supporting this view but it is what it is unfortunately.
VCs that invest based on stars do know something I guess or they are just bad investors.
IMO using projects based on start count is terrible engineering practice.
Hype helps raise funds, of course, and sells, of course.
But it doesn't necessarily lead to long-term sustainability of investments.
As a side note it's kind of disheartening that everytime there is a metric related to popularity there would be some among us that will try to game it for profit, basically to manipulate our natural bias.
As a side note it's always a bit sad how the parasocial nature of the modern web make us like machine interfacing via simple widgets, becoming mechanical robot ourselves rationalising IO via simple metrics kind of forgetting that the map is never the territory.
You'd want to discard a lot of the noise in the bottom 20% of linking power. You want to focus more on the 'trust' factor.
In general, I’ve been dissatisfied with GitHub’s code search. It would be nice to see innovation here.
Unfortunately I still look at them, too, out of habit: The project or repo's star count _was_ a first filter in the past, and we must keep in mind it no longer is.
> Good reminder that everything gets gamed given the incentives.
Also known as Goodhart's law [1]: "When a measure becomes a target, it ceases to be a good measure".
Essentially, VCs screwed this one up for the rest of us, I think?
[1] https://en.wikipedia.org/wiki/Goodhart%27s_law
I agree that it has been a first filter, but should it ever have been? A star only says that someone had a passing interest in a project. Not significantly different from a 'like' on a social media post.
Id suggest the first question to ask is "if the project is an AI project or not?" If it is, dont pay attention to the stars - if it's not, use the stars as a first filter. That's the way I analyse projects on Github now.
It does feel like everything is a scam nowadays though. All the numbers seem fake; whether it's number of users, number of likes, number of stars, amount of money, number of re-tweets, number of shares issued, market cap... Maybe it's time we focus on qualitative metrics instead?
Specifically if those avatars are cute animie girls.
I know you are half joking/not joking, but this is definitely a golden signal.
https://github.com/karakeep-app/karakeep
Sounds useful.
I’ll star it and check it out later ;)
I guess it's like fake followers on other social media platforms.
To me, it just reflects a behaviour that is typical of humans: in many situations, we make decisions in fields we don't understand, so we evaluate things poorly.
I'd give a lot of credit to Microsoft and the Github team if they went on a major ban/star removal wave of affected repos, akin to how Valve occasionally does a major sweep across CSGO2 banning verified cheaters.
For Microsoft this is another kind of sunk cost, so idk how much incentive they have to fix this situation.
I am not successful at all with my current projects (admittedly am not trying to be nowadays), so feel free to dismiss this advice that predates a time before LLM driven development, but in the past, I have had decent success in forums interacting with those with a specific problem my project did address. Less in stars, more in actual exchange of helpful contributions.
My first Open Source project easily got off the ground just by being listed in SourceForge.
On Github stars, I'd argue they are the most suitable comparison, as all the funny business regarding stars should be, if at all, detectable by Github directly and ideally, bans would have the biggest deterrent effect, if they happened in larger waves, allowing the community to see who did engage in fraudulent behaviour.
I paid github for years to keep my repos private...
But then I don't participate in the stars "economy" anyway, I don't star and I don't count stars, so I'm probably irrellevant for this study.
It’s supposed to get people to actually try your product. If they like it, they star it. Simple.
At that point, forcing the action just inflates numbers and strips them of any meaning.
Gaming stars to set it as a positive signal for the product to showcase is just SHIT.
> Runa Capital publishes the ROSS (Runa Open Source Startup) Index quarterly, ranking the 20 fastest-growing open-source startups by GitHub star growth rate. Per TechCrunch, 68% of ROSS Index startups that attracted investment did so at seed stage, with $169 million raised across tracked rounds. GitHub itself, through its GitHub Fund partnership with M12 (Microsoft's VC arm), commits $10 million annually to invest in 8-10 open-source companies at pre-seed/seed stages based partly on platform traction.
This all smells like BS. If you are going to do an analysis you need to do some sound maths on amount of investment a project gets in relation to github starts.
All this says is stars are considered is some ways, which is very far from saying that you get the fake stars and then you have investment.
This smells like bait for hating on people that get investment
> As one commenter put it: "You can fake a star count, but you can't fake a bug fix that saves someone's weekend."
I'm curious what the research says here---can you actually structurally undermine the gamification of social influence scores? And I'm pretty sure fake bugfixes are almost trivial to generate by LLMs.
“gstack is not a hypothetical. It’s a product with real users:
75,000+ GitHub stars in 5 weeks
14,965 unique installations (opt-in telemetry, so real number is at least 2x higher)
305,309 skill invocations recorded since January 2026
~7,000 weekly active users at peak”
GitHub stars are a meaningless metric but I don’t think a high star count necessarily indicates bought stars. I don’t think Garry is buying stars for his project.
People star things because they want to be seen as part of the in-crowd, who knows about this magical futuristic technology, not because they care to use it.
Some companies are buying stars, sure, but the methodology for identifying it in this article is bad.