repo-trust 0.1.1

A command-line tool that tells you whether an open-source repository deserves your trust — beyond the star count.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71

# Trust Report — octocat/Hello-World

> **Trust Score:** **73 / 100** · **Category:** Good · **Confidence:** Medium
>
> Generated by Repo Trust 0.1.0 against scoring model 1.0.0 on 2026-05-15.

---

## At a glance

| Module | Score | Confidence |
| --- | ---: | --- |
| Star Authenticity | 81 | High |
| Activity Health | 68 | High |
| Maintainer Health | 54 | Medium |
| Adoption Signals | 88 | High |
| Security & Readiness | 71 | Medium |

## Top strengths

- **Strong real-world adoption.** 240,000 weekly package downloads across registries.
- **Organic stargazer profile.** Only 8.2% of sampled stargazers match the low-activity profile, well below the 20% concern threshold.

## Top concerns

- **Concentrated stewardship.** Two authors cover 50% of last-year commits; long-term continuity depends on either of them. Bus-factor proxy = 2.

## Caveats

- Stargazer sample limited to 200 due to API rate limit.
- Branch protection status unavailable without admin-scoped token; that sub-signal is reported as Neutral.

## Module breakdown

### Star Authenticity — 81 / 100 (High confidence)
- `low_activity_share`: 75 — 8.2% of stargazers match the low-activity profile.
- `lockstep_timing`: 90 — max daily z-score 2.3 (well within normal traffic-burst range).
- `ratios`: 78 — fork/star and watcher/star ratios within healthy range for the repo's primary language.

### Activity Health — 68 / 100 (High confidence)
- Days since last commit: 4. Score sub: 92.
- Commits last 90 days: 22. Score sub: 60.
- Active contributors last 90 days: 5. Score sub: 75.
- Median issue first response: 86h. Score sub: 50.
- Days since last release: 145. Score sub: 65.

### Maintainer Health — 54 / 100 (Medium confidence)
- Bus factor proxy: 2. Score sub: 50. Concerning.
- Commit Gini: 0.71. Score sub: 45.
- Contributor retention rate: 0.62. Score sub: 65.
- `CODEOWNERS` present: yes.
- `MAINTAINERS.md` / governance doc: no.

### Adoption Signals — 88 / 100 (High confidence)
- Weekly downloads (sum across registries): 240,000.
- GitHub dependents: 1,840.
- Documentation maturity score: 0.80.
- Awesome-list mentions: 4.

### Security & Readiness — 71 / 100 (Medium confidence)
- OpenSSF Scorecard score: 7.0 / 10 (federated via api.scorecard.dev).
- OSV open advisories on latest published version: 0.
- Documentation presence: SECURITY.md, CONTRIBUTING.md, LICENSE, CODEOWNERS — all present. CODE_OF_CONDUCT missing.
- CI workflow files: 2.
- Semver consistency on releases: yes.
- Branch protection: unavailable (Neutral).

---

*Methodology: <https://github.com/Dmitrze/repo-trust/blob/main/docs/methodology.md>* ·
*Scoring model 1.0.0: <https://github.com/Dmitrze/repo-trust/blob/main/docs/scoring-model.md>*