Show HN: CLI that spots fake GitHub stars, risky dependencies and licence traps
a year ago
- #devops
- #security
- #open-source
- StarGuard is a CLI tool designed to detect risks in open-source projects, including fake stars, dependency hijacks, and license issues.
- It automates open-source due diligence for CTOs, security teams, and VCs, providing a fast and repeatable trust score.
- Key checks include star burst detection, dependency analysis, license scanning, maintainer activity, and code pattern scans.
- Output formats include JSON, Markdown, plaintext reports, and visual star-history plots.
- StarGuard uses GitHub API for data collection and includes modules like BurstDetector and User Profiler for analysis.
- It requires Python ≥ 3.9 and a GitHub Personal Access Token for high-rate API limits.
- Usage examples include full scans with star plots or burst-only fast scans.
- Target users include CTOs, security teams, VCs, and open-source maintainers.
- The tool is open-source, licensed under Apache-2.0, and focuses on static analysis without executing code.