zlacker

[return to "Tracking the Fake GitHub Star Black Market"]
1. woodru+X91[view] [source] 2023-03-18 18:00:25
>>kaeruc+(OP)
Things like this are part of why I cringe when I see supply chain analysis/security companies include “popularity” in their criticality metrics: the relationship between public popularity signals (like GitHub stars) and criticality is weak, at best.
◧◩
2. andrew+wa1[view] [source] 2023-03-18 18:03:26
>>woodru+X91
In my experience, it's actually a great signal. That's why so many people rely on it. The distribution of GitHub stars is an extreme power law.[1] Stargazer thresholds are used by maintainers to make decisions on including projects for different purposes from dependency management to package manager maintainers deciding to list software by name.[2]

[1]: https://github.com/andrewmcwattersandco/github-statistics

[2]: https://github.com/Homebrew/brew/blob/master/docs/Acceptable...

[go to top]