A group of open source developers talks about the pitfalls when technology selection is done by the number of GitHub stars
The most 'correct' way to evaluate an open source project is to look under the hood. However, since reading the code is a labor-intensive task, there are many developers who decide the evaluation by the number of stars attached to GitHub. About the pitfalls of 'determining the evaluation by the number of stars', the organization 'The Guild' composed of open source developers is posted on the blog.
How Much Are GitHub Stars Worth to You? – The Guild
For example, if you compare front-end development libraries and say, ' Angular has 88,000 stars and React has 210,000 stars, React is a better library.' Both have different coverage and development concepts, and which library is suitable depends on what kind of application you are developing. That said, it's common to use stars to gauge the credibility of a library you've never seen before.
There are services in the world that allow you to purchase GitHub stars, and there is a risk of making a mistake if you only look at the number of stars. Engineers belonging to The Guild actually used these star purchase services to check the performance.
The first thing I bought was a premium service called 'Premium Star'. This is an expensive service of 19.90 euros (about 3000 yen) for 25 stars and offers the most 'legitimate looking' stars among fake stars.
Six hours after ordering, 25 stars were gathered. When I checked the starred accounts, I found that they were all created more than a year ago, have a profile picture and work place set, have several repositories, and have committed to open source projects. It is a fairly 'real' account.
On the other hand, it is said that they tried a cheap service of 9 dollars (about 1300 yen) for 100 stars. The order number exceeds 57,000, and you can see the evidence that the service is used considerably.
When I also investigated the accounts of inexpensive services, unlike the expensive services, it was said that there were only accounts newly created at the time of ordering. No impersonation of personal information, repositories, etc.
And 1-2 months after ordering, it was banned by GitHub. However, if you contact the vendor about that point, they will give you another star for free. The blog says it's 'crazy'.
When I searched for a tool to avoid being deceived by these fake stars, I found a tool called
First, when we examined the expensive service, the final reliability was 'B', although the evaluation varied for each item.
On the other hand, repositories that have purchased cheap stars have a trust rating of 'E'.
In addition, when verifying the legitimate star, it was said that it was 'A' in all items.
You can judge fake stars to some extent by using a verification tool like Astronomer, but there is a possibility that there are star purchase services that have a verification result of 'A' in the world, and in the end there are stars. Judging by numbers alone can be dangerous. The blog encourages discussions with colleagues and communities such as Twitter about why you should adopt this library.
Also, it is recommended to check the following points as a way to distinguish excellent open source projects.
1: Long-term sustainability
Make sure it is continuously developed and maintained. The timeline on GitHub's 'Contributors' tab will be helpful.
2: Interaction with the community
Active discussions and exchanges of opinions are desirable. It states that one way to check is to look at the 'Discussions' tab on GitHub.
3: Code quality
Ensure code readability, maintainability, and adherence to best practices.
4: Responsiveness
See how well maintainers are responding to issues and pull requests.
5: Reputation
Check your community's reputation, including the number of contributors, stars, and reviews.
Related Posts:
in Note, Software, Web Service, Posted by log1d_ts