Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/iamrajhans/star-cred

Score a GitHub repo's stargazers 0-100 by how many are real, active developers vs. new, inactive, or bot-like accounts. 100% client-side dashboard — runs in your browser, no backend.
https://github.com/iamrajhans/star-cred

bot-detection credibility dashboard data-visualization fake-stars github github-api github-graphql github-pages react stargazers tailwindcss typescript vite

Last synced: 2 days ago
JSON representation

Score a GitHub repo's stargazers 0-100 by how many are real, active developers vs. new, inactive, or bot-like accounts. 100% client-side dashboard — runs in your browser, no backend.

Awesome Lists containing this project

README 

          
# ⭐ Star Credibility



[![Star on GitHub](https://img.shields.io/github/stars/iamrajhans/star-cred?style=social)](https://github.com/iamrajhans/star-cred)



A 100% client-side dashboard that analyzes a GitHub repository's **stargazers** and

produces a **credibility score (0–100)** — answering the question: *how many of these

stars come from real, active developers vs. new, inactive, or bot-like accounts?*



No backend. Your GitHub token stays in your browser and talks directly to the GitHub

API. Deployed as a static site on GitHub Pages.



**▶ Live demo: **



> ⭐ **Find this useful? [Star the repo](https://github.com/iamrajhans/star-cred)** — then run star-cred on it. 😉



## What it does



For a repo (`owner/name`) it fetches stargazers (most recently starred first) via the

**GitHub GraphQL API** in lean pages of ~50 detailed users per request, and classifies

each into:



| Category | Meaning |

|---|---|

| **Active developer** | Established account that pushed code recently |

| **Open-source contributor** | Established + recently active + substantial public repos and a following |

| **Recently joined** | Account created in the last 90 days |

| **Inactive / dormant** | Established account with ~no recent activity |

| **Suspected fake / bot** | New account with empty profile (no repos/followers/activity) |



It then computes an aggregate credibility score, detects **suspicious star spikes**

(clusters of stars in a short window dominated by new/fake accounts), and explains the

result in plain language.



## How it works



```mermaid

flowchart LR

  A[Paste repo URL] --> B[PAT from localStorage]

  B --> C["GraphQL page 1
(total + cursor format)"]

  C --> D{Offset cursors?}

  D -- yes --> E["Fan out pages
(6 concurrent)"]

  D -- no --> F[Sequential paginate]

  E --> G[Score each stargazer]

  F --> G

  G --> H[Bucket into 5 categories]

  H --> I["Aggregate 0-100 score
+ spike detection"]

  I --> J["Donut + reasoning
+ virtualized user list"]

```



Per-user scoring blends five weighted signals into a 0–100 score and a category:



```mermaid

flowchart TD

  U[Stargazer] --> S1[Account age]

  U --> S2[Last-push recency]

  U --> S3[Public repos]

  U --> S4[Followers]

  U --> S5[Profile completeness]

  S1 --> W[Weighted 0-100 score]

  S2 --> W

  S3 --> W

  S4 --> W

  S5 --> W

  U --> C[Category bucket]

  W --> AGG[Repo credibility + breakdown]

  C --> AGG

```



## Scoring signals



Per user (weighted): account age, recency of last public push (activity proxy), size of

public repo portfolio, follower count, and profile completeness. All weights and

thresholds live in [`src/lib/scoringConfig.ts`](src/lib/scoringConfig.ts) and are easy to

tune.



> **Why not exact contribution counts?** GitHub's GraphQL API rejects

> `contributionsCollection` (`RESOURCE_LIMITS_EXCEEDED`) and times out on

> `repositoriesContributedTo` (`502`) when requested across many users at once. So we use

> the most recent repository `pushedAt` as a cheap, reliable activity proxy. A future

> "deep mode" could fetch exact contributions one user at a time for a small sample.



## Getting a token



The app needs a GitHub **Personal Access Token** (classic; `read:user` scope is enough,

or no scopes — a token just raises the rate limit to 5,000 requests/hour). Create one at

. It is stored only in your browser's

`localStorage`.



## Develop



```bash

npm install

npm run dev      # local dev server

npm test         # run scoring unit tests (Vitest)

npm run build    # production build into dist/

```



## Deploy to GitHub Pages



1. The `base` path in [`vite.config.ts`](vite.config.ts) must match the repo name

   (`/star-cred/` here — change it if you rename the repo).

2. In the repo: **Settings → Pages → Build and deployment → Source = GitHub Actions**.

3. Push to `main`. The workflow in

   [`.github/workflows/deploy.yml`](.github/workflows/deploy.yml) builds and publishes

   the site to `https://iamrajhans.github.io/star-cred/`.



## Notes & limits



- **Sampling vs. all:** Sampling (default 300, most recent stars first) is statistically

  representative and cheap. "Analyze all" is best for repos under ~3k stars before the

  hourly rate limit becomes a concern; a live rate-limit meter and progress bar are shown.

- **Suspended/deleted accounts** are skipped (GitHub returns them as null nodes).

- **Future upgrade:** a real "Login with GitHub" OAuth flow would require a small CORS

  proxy (GitHub Pages can't safely hold an OAuth secret), so the PAT flow is used instead.



---



If star-cred helped you trust (or question) a repo's stars, consider giving it one of

your own — [⭐ Star on GitHub](https://github.com/iamrajhans/star-cred).