Are those GitHub stars real?
Let's be real — some of those GitHub stars are fake. Paste any repo to see how clean it really is.
Why this matters
Between July 2019 and December 2024, academic researchers catalogued roughly 6 million inauthentic stargazing events across 18,617 repositories. Activity grew 100× in 2024 alone. At $0.06–$0.85 per star, 60% of flagged repos distribute malware or phishing kits. In October 2024 the US FTC made the practice federally illegal.
How detection works
Six independent signals, each calibrated against a 21,925-repo labelled set. Every signal on your report links back to the clean-vs-fake distribution that defines its threshold.
Low-activity heuristic
Dagster 10-condition AND test on each stargazer profile. 39.4% fake-side match vs. 6.8% clean-side.
Lockstep clustering
CopyCatch (Beutel et al., WWW ’13). n=50 users × m=10 repos × Δt=15 days. 20,006 flagged accounts indexed.
Fork-to-star ratio
Real users fork; bots don’t. Clean P50 = 0.153 · Fake P50 = 0.055.
Velocity spike detection
14-day trailing rolling average, 3× threshold, 50-star floor. Monthly burst ratio 20% above clean median.
Issue-tracker engagement
Open issues per star for repos ≥ 100 stars. Clean P50 = 0.021 · Fake P50 = 0.000.
Account-origin clustering
Max share of stargazers created within any 7-day or 30-day window. Clean 2.6% · Fake 4.3% (30d).