{"id":50948027,"url":"https://github.com/billythekid/clanker-blocker","last_synced_at":"2026-06-17T22:30:32.547Z","repository":{"id":358674952,"uuid":"1242487905","full_name":"billythekid/clanker-blocker","owner":"billythekid","description":"Auto-block identified bot accounts from the UnsafeLabs/Bounty-Hunters clankers list","archived":false,"fork":false,"pushed_at":"2026-05-18T15:07:05.000Z","size":46,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-18T15:29:47.522Z","etag":null,"topics":["automation","blocking","bot-detection","github-action","github-actions","maintainers","open-source"],"latest_commit_sha":null,"homepage":null,"language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/billythekid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-05-18T13:23:21.000Z","updated_at":"2026-05-18T15:18:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/billythekid/clanker-blocker","commit_stats":null,"previous_names":["billythekid/clanker-blocker"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/billythekid/clanker-blocker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billythekid%2Fclanker-blocker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billythekid%2Fclanker-blocker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billythekid%2Fclanker-blocker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billythekid%2Fclanker-blocker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/billythekid","download_url":"https://codeload.github.com/billythekid/clanker-blocker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/billythekid%2Fclanker-blocker/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34468766,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-17T02:00:05.408Z","response_time":127,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","blocking","bot-detection","github-action","github-actions","maintainers","open-source"],"created_at":"2026-06-17T22:30:30.626Z","updated_at":"2026-06-17T22:30:32.536Z","avatar_url":"https://github.com/billythekid.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Clanker Blocker\n\nAuto-block accounts from the [UnsafeLabs/Bounty-Hunters](https://github.com/UnsafeLabs/Bounty-Hunters) clankers list on your GitHub organization or personal account.\n\nThe Bounty-Hunters repo maintains a live list of accounts caught automating the opening of PRs against honeypot repositories. This tool fetches that list and blocks qualifying accounts so they can't interact with your repos.\n\n## Usage\n\n### As a GitHub Action (recommended)\n\nThis Action doesn't interact with the repository it runs in. It uses your PAT to block accounts at the user or org level. You can add the workflow to any repo you have write access to. Good choices include:\n\n- Your profile repo (`username/username`)\n- A dedicated admin/automation repo\n- Your `.github` repo (if you have one)\n- Any existing repo you use for maintenance workflows\n\nAdd a workflow file:\n\n```yaml\nname: Block Clanker Accounts\n\non:\n  schedule:\n    - cron: \"0 6 * * *\"  # Daily at 06:00 UTC\n  workflow_dispatch:\n\njobs:\n  block:\n    runs-on: ubuntu-latest\n    steps:\n      - name: Block clanker accounts\n        uses: billythekid/clanker-blocker@v1\n        with:\n          token: ${{ secrets.BLOCK_TOKEN }}\n          # org: my-org            # Single org\n          # orgs: org1,org2,org3   # Multiple orgs\n          min-prs: \"3\"           # Minimum PRs to qualify\n          # dry-run: \"true\"      # Test without blocking\n```\n\n### Run locally (try before you commit)\n\nClone the repo and run directly from your terminal:\n\n```bash\ncd clanker-blocker\n\n# Dry run — see what would be blocked without blocking anything\nDRY_RUN=true GITHUB_TOKEN=$(gh auth token) MIN_PRS=5 npx tsx src/index.ts\n\n# Block on your personal account\nGITHUB_TOKEN=$(gh auth token) MIN_PRS=5 npx tsx src/index.ts\n\n# Block on an org\nGITHUB_TOKEN=$(gh auth token) GITHUB_ORG=my-org MIN_PRS=5 npx tsx src/index.ts\n\n# Block on multiple orgs\nGITHUB_TOKEN=$(gh auth token) GITHUB_ORGS=org1,org2 MIN_PRS=5 npx tsx src/index.ts\n```\n\nRequires Node 22+ and the `gh` CLI authenticated with `user` scope (`gh auth refresh -h github.com -s user`).\n\n## Configuration\n\n### Inputs\n\n| Input | Required | Default | Description |\n|-------|----------|---------|-------------|\n| `token` | **Yes** | — | GitHub personal access token. Classic tokens need the `user` scope for personal blocking, or `admin:org` for organization-level blocking. Fine-grained tokens need the \"Block another user\" permission. |\n| `org` | No | — | Organization to block users from. Accepts a single org or a comma-separated list for multiple orgs. If omitted, blocks are applied to the authenticated user's personal account. `orgs` also works as an alias. |\n| `min-prs` | No | `3` | Minimum number of PRs an account must have submitted to the honeypot repo to qualify for blocking. Higher values = more conservative (only block the most active accounts). |\n| `dry-run` | No | `false` | When set to `\"true\"`, reports which accounts would be blocked without actually blocking them. Useful for previewing the impact before committing. |\n| `active-since` | No | — | ISO 8601 date string (e.g., `2026-05-01`). Only blocks accounts whose most recent PR to the honeypot repo was on or after this date. Useful for ignoring old/stale accounts that may have already been suspended. |\n| `source-url` | No | UnsafeLabs list | Override the clankers.json source URL. Use this to point at your own fork or a custom blocklist that follows the same JSON format. |\n| `extra-usernames` | No | — | Comma-separated list of additional usernames to block beyond what appears in the clankers list. These are always blocked regardless of threshold. |\n| `exclude-usernames` | No | — | Comma-separated list of usernames to never block, even if they appear on the clankers list. Use for known false positives. |\n\n### Outputs\n\n| Output | Description |\n|--------|-------------|\n| `blocked-count` | Number of accounts newly blocked in this run. |\n| `already-blocked-count` | Number of accounts that were already blocked (skipped). |\n| `error-count` | Number of accounts that failed to block (e.g., account suspended, rate limit). |\n| `blocked-users` | JSON array of usernames that were newly blocked. |\n\n### Token setup\n\n1. Create a classic token with the appropriate scope:\n   - **[Personal blocking](https://github.com/settings/tokens/new?description=clanker-blocker\u0026scopes=user\u0026default_expires_at=90)** — `user` scope\n   - **[Org blocking](https://github.com/settings/tokens/new?description=clanker-blocker\u0026scopes=admin:org\u0026default_expires_at=90)** — `admin:org` scope\n   - **Fine-grained token:** \"Block another user\" permission (read and write) — [create here](https://github.com/settings/personal-access-tokens/new?name=clanker-blocker\u0026description=Blocks+Clanker+spam+accounts+detected+by+the+clanker-blocker+Action\u0026expires_in=90\u0026blocking=write)\n2. Add the token as a repository secret named `BLOCK_TOKEN` (or whatever you reference in your workflow)\n\n## How it works\n\n1. Fetches `clankers.json` from [UnsafeLabs/Bounty-Hunters](https://github.com/UnsafeLabs/Bounty-Hunters)\n2. Filters accounts by your configured threshold\n3. Checks which accounts you've already blocked (avoids redundant API calls)\n4. Blocks new accounts that meet the criteria\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbillythekid%2Fclanker-blocker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbillythekid%2Fclanker-blocker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbillythekid%2Fclanker-blocker/lists"}