Is this repo genuinely popular?6 million fake stars detected on GitHub...Can you trust this maintainer?Is this repo genuinely popular?6 million fake stars detected on GitHub...Can you trust this maintainer?
1 Lambda can fake 1M weekly downloads...Are these stars organic?Who actually contributes here?1 Lambda can fake 1M weekly downloads...Are these stars organic?Who actually contributes here?
Is this code safe to run?Supply chain attacks up 742% since 2019...Do the numbers add up?Is this code safe to run?Supply chain attacks up 742% since 2019...Do the numbers add up?
One malicious dependency is all it takes...Are the download numbers real?Star quality matters more than star count.One malicious dependency is all it takes...Are the download numbers real?Star quality matters more than star count.
Who maintains this package?73% of devs use packages with 0 active contributors...Is this project still active?Who maintains this package?73% of devs use packages with 0 active contributors...Is this project still active?
Trust but verify.Does this code phone home?Fake popularity = real risk.Trust but verify.Does this code phone home?Fake popularity = real risk.
Is the fork ratio healthy?95% of attacks start with a trusted dependency...Verify before you install.Is the fork ratio healthy?95% of attacks start with a trusted dependency...Verify before you install.
Hidden credentials. Obfuscated code. Real threats.Are these issues organic?Open source ≠ safe source.Hidden credentials. Obfuscated code. Real threats.Are these issues organic?Open source ≠ safe source.
Trust starts with transparency.
Verify any open source project before you depend on it.
Try: facebook/react·express·vercel/next.js
Trust Score
What you'll discover
SAFE
“Over 6M fake stars detected on GitHub. For $0.01 per star, anyone can fake popularity.”
Stargazer Quality
82%
Temporal Patterns
89%
Project Health
61%
Community Signals
95%
12% of stargazers have accounts younger than 7 days
Star burst: +2,400 stars in 48h (March 3)
Healthy fork/star ratio (1:18)
Active maintenance — 47 commits last month
6M+
fake stars detected on GitHub
source: CMU ICSE 2026
5,500+
skills indexed on ClawHub
and growing
100%
open source methodology
fully auditable
Free
no account required
always will be
Ready to verify trust?
Paste a GitHub repo, npm package, or skill slug. Results in seconds.
