Detect fake GitHub stars with forensic analysis.
Buying GitHub stars is more common than you think.
๐ Complete beginner? Start here ยท Quick Start ยท How It Works ยท Patterns ยท FAQ ยท Contributing
GitHub stars are a proxy for trust. Developers use them to evaluate libraries, companies use them in pitches, hiring managers Google repos before interviews.
And a growing industry sells them.
Services like buygithubstars.com (yes, really) offer 1,000 stars for $50โ$150. The accounts are either purchased, farmed, or created in bulk. The patterns are detectable โ if you know what to look for.
star-forensics knows what to look for.
Never used a terminal before? Never installed Python? This section is for you. Follow every step and you'll be analyzing repos in under 5 minutes.
Python is the programming language this tool runs on. Think of it as the engine. You need to install it once, and it's free.
On Windows:
- Go to python.org/downloads
- Click the big yellow "Download Python" button
- Run the downloaded file
โ ๏ธ CRITICAL: On the first screen of the installer, check the box that says "Add Python to PATH" before clicking Install. If you miss this, nothing will work and you'll have to reinstall.
On Mac:
- Open Terminal (press
Cmd + Space, typeTerminal, press Enter) - Paste this and press Enter:
brew install python
If you get an error, first install Homebrew by going to brew.sh and following their one-line install command. Then try again.
On Linux (Ubuntu/Debian):
sudo apt install python3 python3-pipHow to verify it worked: Open a terminal and type:
python --versionYou should see something like Python 3.11.4. Any version 3.9 or higher is fine.
A terminal is a text window where you type commands. It sounds scary but you'll only need to type two things total.
| System | How to open it |
|---|---|
| Windows | Press Win + R, type cmd, press Enter. Or search "Command Prompt" in the Start menu. |
| Mac | Press Cmd + Space, type Terminal, press Enter. |
| Linux | Ctrl + Alt + T on most distros. |
Currently, the tool must be installed directly from the source. In your terminal, run these commands in order:
git clone [https://github.com/GeckCore/star-forensics.git](https://github.com/GeckCore/star-forensics.git)
cd star-forensics
pip install .(Note: If you don't have git installed, you can download the repository as a ZIP file, extract it, open your terminal inside the extracted folder, and run pip install .)
If you get an error saying pip is not found, try:
pip3 install .Now type this in your terminal:
star-forensics analyze owner/repoReplace owner/repo with any GitHub repository. The format is always the two words at the end of a GitHub URL separated by a slash.
Examples:
star-forensics analyze microsoft/vscode
star-forensics analyze facebook/react
star-forensics analyze torvalds/linuxYou'll see a score and detailed breakdown appear in your terminal.
Without a token, the tool is limited to analyzing about 60 accounts per hour by GitHub's rules. With a free token, that jumps to 5,000. For repos with thousands of stars, this makes a big difference in speed.
How to get a free token (takes 2 minutes):
- Go to github.com/settings/tokens (you need a free GitHub account)
- Click "Generate new token (classic)"
- Give it any name, e.g.
star-forensics - You don't need to check any permission boxes โ leave them all unchecked
- Scroll down and click "Generate token"
- Copy the long string that starts with
ghp_
Use the token:
star-forensics analyze owner/repo --token ghp_paste_your_token_hereOr set it once so you never have to type it again:
Windows (Command Prompt):
set GITHUB_TOKEN=ghp_paste_your_token_hereMac/Linux (Terminal):
export GITHUB_TOKEN=ghp_paste_your_token_here| Error | Fix |
|---|---|
star-forensics is not recognized |
The Python Scripts folder is not in your system PATH. You can either add it to your Windows PATH variables, or run the tool using python -m starforensics analyze owner/repo instead. |
pip is not recognized |
Reinstall Python and check "Add to PATH" (Windows). On Mac/Linux, try pip3 instead of pip. |
Directory '.' is not installable |
You are not in the correct folder. Make sure you use cd star-forensics to enter the folder containing the pyproject.toml file before running pip install .. |
Rate limit exceeded |
You've hit GitHub's hourly cap. Add a token following Step 5 above. |
| Tool runs but shows nothing | The repo might have 0 stars. Try with a popular repo first: star-forensics analyze microsoft/vscode |
# Clone and Install
git clone [https://github.com/GeckCore/star-forensics.git](https://github.com/GeckCore/star-forensics.git)
cd star-forensics
pip install .
# Analyze any repo
star-forensics analyze owner/repo
# With a GitHub token (recommended โ 5000 req/hr vs 60)
GITHUB_TOKEN=ghp_xxx star-forensics analyze owner/repo
# Export as JSON or HTML
star-forensics analyze owner/repo --output html --out-file report.html
# Analyze more stargazers (default: 1000)
star-forensics analyze owner/repo --max-stars 3000 โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ฌ Trust Score: someorg/trending-repo โ
โ โ
โ 23/100 Grade: F โ
โ Manipulated โ
โ Confidence: HIGH โ
โ โ
โ Overwhelming evidence of star manipulation. โ
โ This repo almost certainly purchased stars. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
๐ Forensic Pattern Results
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Pattern โ Severity โ Finding โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ ๐ Ghost Accounts โ CRITICAL โ 612 accounts (61.2%) show zero activity markers โ
โ ๐ Account Creation Clustโฆ โ CRITICAL โ 480 accounts clustered on 3 suspicious dates โ
โ ๐ด Star Velocity Spikes โ HIGH โ Peak: 847 stars in one hour vs avg 4.2/hr โ
โ ๐ด Freshly Minted Accounts โ HIGH โ 234 accounts starred within 30 days of creation โ
โ ๐ Bot-like Usernames โ MEDIUM โ 89 accounts (8.9%) match bot-farm patterns โ
โ โ
Star/Fork Disproportion โ CLEAN โ Star-to-fork ratio is 12:1 (within normal range)โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
star-forensics fetches stargazer data from the GitHub API and runs a battery of forensic detectors. Each detector produces a severity rating and a score impact. The final Trust Score (0โ100) is computed from the combined evidence.
Fetch stargazers โ Run detectors โ Compute Trust Score โ Report
The tool samples up to N stargazers (configurable) and applies statistical analysis โ it doesn't need to check every star to find patterns.
No data is stored. No accounts are tracked. Everything runs locally.
| Pattern | What it detects | Severity |
|---|---|---|
| Ghost Accounts | Accounts with 0 repos, 0 followers, 0 following, no bio, no location | Critical |
| Account Creation Clustering | Large groups of accounts created on the same days | Critical |
| Star Velocity Spikes | Statistically abnormal bursts of stars (e.g. 500 stars in 1 hour) | High |
| Freshly Minted Accounts | Accounts that starred within 30 days of being created | High |
| Socially Isolated Accounts | Accounts with zero followers AND zero following | Medium |
| Bot-like Usernames | Usernames matching bot-farm patterns (e.g. user12345678) |
Medium |
| Repoless Stargazers | Accounts with zero public repositories | Low |
| Star/Fork Disproportion | Abnormally high star-to-fork ratio vs. organic repos | Low |
Each pattern is independent and can be individually weighted. Contributions of new detectors are very welcome.
| Score | Grade | Verdict |
|---|---|---|
| 80โ100 | A | โ Trusted |
| 60โ79 | B | |
| 35โ59 | C/D | ๐ด Likely Fake |
| 0โ34 | F | ๐ Manipulated |
The score is not a verdict โ it's a signal. A low score should prompt further investigation, not an immediate accusation. Natural repos can have some ghost accounts. The score reflects the statistical likelihood of manipulation.
from starforensics.analyzer import analyze_repo
result = analyze_repo(
owner="some-org",
name="some-repo",
token="ghp_...", # optional
max_stars=2000,
)
print(f"Trust Score: {result.trust_score.score}/100")
print(f"Verdict: {result.trust_score.verdict}")
for pattern in result.patterns:
if pattern.flagged:
print(f" โ {pattern.name}: {pattern.detail}")This tool is for investigative and educational purposes.
- A low score is a signal, not proof. Some patterns occur naturally.
- GitHub accounts can be old and inactive for legitimate reasons.
- Viral spikes (HN front page, Reddit, ProductHunt) can look like artificial bursts.
- The tool does not identify specific fake accounts โ only statistical patterns.
- We recommend comparing results against the repo's history (launch date, press coverage).
Do not use this tool to harass maintainers or make public accusations without thorough investigation.
Why would anyone buy GitHub stars? Social proof. Stars influence trending algorithms, appear in Google searches, affect hiring decisions, and increase VC interest. The incentives are real.
Which repos have you found suspicious? We don't maintain a public list โ that's not the goal. The goal is to give everyone a tool to investigate for themselves.
Can I trust your own star count?
Yes. You can run star-forensics analyze GeckCore/star-forensics anytime to verify. We welcome transparency.
Does GitHub do anything about this? GitHub removes accounts that violate their ToS, but bulk-star services adapt faster than enforcement can react.
How is this different from [other tools]? Most existing tools just check star velocity. star-forensics combines 8+ independent signals into a composite score with confidence levels and detailed evidence output.
Will this tool be used to unfairly target legitimate repos? We've added significant guardrails in the scoring system to reduce false positives. But we can always improve โ open an issue if you think a legitimate repo is being unfairly scored.
Contributions are very welcome! Here's what we need most:
- New detection patterns โ New ideas for signals? Open an issue or PR.
- Improved scoring weights โ The current weights are heuristic. Help us calibrate them.
- Test cases โ Known fake-star repos (historical) make great test fixtures.
- False positive reports โ If a legitimate repo scores poorly, tell us why.
git clone [https://github.com/GeckCore/star-forensics](https://github.com/GeckCore/star-forensics)
cd star-forensics
pip install -e ".[dev]"
pytest tests/ -vSee CONTRIBUTING.md for the full guide.
- Buying GitHub Stars โ Dagster's investigation
- The Star Inflation Problem โ Academic paper on GitHub star manipulation
- Detecting Fake GitHub Stars at Scale โ GitGuardian research
MIT. See LICENSE.
Made with ๐ฌ by the open source community
If this helped you, consider starring the repo โ we'll know if you don't mean it. ๐