TrustStarTrustStar
REST API

API Documentation

Integrate TrustStar into your CI/CD pipeline, scripts, or applications. No authentication required.

POST/api/analyze

Analyze a GitHub repository's trust signals — fake star detection, account quality, temporal behavior, and project health.

Request body
{
  "owner": "expressjs",
  "repo": "express"
}
Response example
{
  "repo": "express",
  "owner": "expressjs",
  "score": 78,
  "label": "SAFE",
  "dimensions": {
    "accounts": 99,
    "temporal": 87,
    "health": 70,
    "authenticity": 82
  },
  "signals": {
    "newAccountsRatio": 0.02,
    "velocityScore": 0.04,
    "recentStarsRatio": 0.08,
    "forkStarRatio": 0.34,
    "lockstepScore": 0.01,
    "zScorePeak": 1.2,
    "noRepoRatio": 0.06,
    "noFollowersRatio": 0.09,
    "noAvatarRatio": 0.04,
    "activeContributorsRatio": 0.68,
    "commitFrequency": 3.4,
    "issueResolutionRatio": 0.72
  },
  "sampleSize": 200,
  "analyzedAt": "2026-05-26T10:00:00.000Z"
}
POST/api/npm-check

Cross-reference npm download counts with GitHub stars and metadata to detect inconsistencies.

Request body
{
  "package": "express"
}
Response example
{
  "package": "express",
  "signals": [
    { "type": "positive", "label": "High download volume", "detail": "25M+ weekly downloads" },
    { "type": "positive", "label": "GitHub stars align", "detail": "65k stars, consistent with usage" }
  ],
  "analyzedAt": "2026-05-26T10:00:00.000Z"
}
POST/api/skill-audit

Static security analysis of a GitHub repository's code — network calls, filesystem access, execution, obfuscation, and suspicious dependencies.

Request body
{
  "repoUrl": "https://github.com/owner/repo"
}
Response example
{
  "repo": "express",
  "owner": "expressjs",
  "score": 92,
  "label": "SAFE",
  "findings": [
    {
      "severity": "LOW",
      "category": "network",
      "message": "HTTP request detected",
      "file": "lib/router/index.js",
      "line": 12
    }
  ],
  "analyzedAt": "2026-05-26T10:00:00.000Z"
}
GET/api/recent-audits?limit=20&type=trust-score

Retrieve the most recent analyses run by the community.

Response example
{
  "audits": [
    {
      "id": "abc123",
      "type": "trust-score",
      "slug": "expressjs/express",
      "score": 78,
      "label": "SAFE",
      "analyzedAt": "2026-05-26T10:00:00.000Z"
    }
  ],
  "total": 42
}
GET/api/badge/{owner}/{repo}

Dynamic SVG badge showing the trust score. Embed in your README to display live results.

Response example
<!-- Content-Type: image/svg+xml -->
<!-- Example Markdown -->
![TrustStar](https://truststar.co/api/badge/expressjs/express)

Rate Limits

TrustStar API is free and does not require authentication. Please use responsibly — excessive requests may be throttled. Results are cached for 10 minutes per repository.