HN
Today

GitHub's Fake Star Economy

A new investigation exposes a sprawling 'fake star economy' on GitHub, where projects buy millions of stars to artificially inflate their popularity. This manipulation is explicitly driven by venture capitalists who use star counts as a key signal for funding decisions, creating a perverse incentive structure. The report details the financial ROI of fake stars, the legal risks involved, GitHub's inadequate response, and proposes alternative, more robust metrics, sparking critical discussion about platform integrity and investor diligence.

49
Score
20
Comments
#1
Highest Rank
5h
on Front Page
First Seen
Apr 20, 9:00 AM
Last Seen
Apr 20, 1:00 PM
Rank Over Time
12131

The Lowdown

A detailed investigation, backed by peer-reviewed research from CMU, has uncovered a widespread and professionalized 'fake star economy' on GitHub. This shadow market allows projects to purchase millions of stars for mere cents, creating a deceptive appearance of popularity that directly influences venture capital funding decisions.

  • Scale of Deception: Researchers identified 6 million suspected fake stars across over 18,000 repositories, with the problem accelerating significantly since 2024. AI and LLM repositories are a major non-malicious category benefiting from these campaigns.
  • Open Market: Stars are openly sold for $0.03 to $0.85 each on dedicated websites, Fiverr gigs, and Telegram channels, with vendors even offering replacement guarantees and pre-aged accounts.
  • VC as Catalyst: Venture Capital firms explicitly use GitHub star counts as a primary sourcing signal for investments, with studies showing median star counts required for seed and Series A funding. This creates an enormous return on investment for buying fake stars, ranging from 3,500x to 117,000x.
  • Detection Methods: The report's own analysis revealed clear patterns of manipulation, including low fork-to-star ratios and a high percentage of empty stargazer profiles, particularly in blockchain and some AI projects. It proposes the fork-to-star ratio as a strong, simple heuristic for identification.
  • Legal Consequences: The FTC's 2024 rule prohibits buying/selling fake social influence, carrying substantial penalties. SEC precedents already exist for founders charged with inflating metrics to deceive investors, suggesting potential future legal exposure for GitHub star manipulation.
  • GitHub's Inaction: Despite explicit policies against inauthentic activity, GitHub's enforcement is reactive and asymmetric, often removing affected repositories but leaving a significant portion of fake accounts intact. They have not adopted suggested weighted popularity metrics.
  • Beyond Stars: The problem extends to other platforms like npm and VS Code Marketplace, and is amplified by cross-platform astroturfing and engagement pods.

Ultimately, the 'fake star economy' is a self-reinforcing system fueled by VC reliance on vanity metrics and GitHub's limited enforcement. The structural problem ensures that as long as stars translate into dollars, the market for manufactured credibility will persist.

The Gossip

The Goodhart Game: When Metrics Go Rogue

Commenters quickly identified the phenomenon as a classic example of Goodhart's Law, where a measure ceases to be useful once it becomes a target. The discussion acknowledged the inherent incentive to game any visible metric, with some users lamenting the pressure to participate in this 'fake economy' to compete, or even suggesting nefarious tactics like buying fake stars for rivals. There's a shared understanding that if the fork-to-star ratio becomes the new signal, new methods will emerge to game that too.

Investor Indifference: VCs and the Starry-Eyed

A significant portion of the discussion criticized venture capitalists' reliance on GitHub stars as a key investment metric. Many questioned VCs' technical understanding and diligence, suggesting that stars are appealing due to their simplicity for non-technical investors. A cynical perspective emerged, arguing that VCs may not genuinely care about legitimacy if inflated metrics can still attract market participants and generate profit, highlighting a perceived disconnect between investor priorities and genuine project quality.

Measuring Meaningful Metrics: Beyond the Star Count

Users engaged in a lively debate about the inadequacy of star counts as a sole indicator of project health and proposed a range of more robust alternatives. Suggestions included evaluating contributor activity, issue engagement, pull requests, and even more complex, PageRank-like reputation systems that account for the quality of the star-giver. While acknowledging that even these metrics can potentially be gamed, the consensus was that focusing on genuine, costly engagement provides a much clearer picture than easily bought vanity metrics, and that stars were never a particularly strong signal to begin with.