tg12/phantomstars

phantomstars is a tool that hunts for fake engagement on GitHub. Specifically, it tracks coordinated bot campaigns that mass-star or mass-fork repositories to make them look more popular and more trustworthy than they really are. The author argues that GitHub stars work as a trust signal for developers picking what code to use, and that bot farms have been corrupting that signal during the 2024 to 2026 AI boom by manufacturing fake credibility for low-quality or malicious repos. The whole thing runs as a GitHub Actions job on a daily schedule. There are no servers, no databases, and no hosting costs. Each run scrapes the GitHub Trending page, queries the search API for repos created in the last 7 days with sudden star activity, and pulls candidate repos from Reddit posts on r/osinttools and r/coolgithubprojects. It then looks at who recently starred or forked those repos, fetches each engaging account's profile through the GraphQL API, and scores them on signals like account age, profile completeness, repo history, and activity patterns. The core trick is timestamp clustering with union-find to detect coordinated campaigns, meaning groups of suspicious accounts that all engaged within a roughly 3-hour window. Each campaign gets a deterministic 8-character ID based on the sorted member logins, which lets the same campaign be tracked across days. Results land in an append-only JSONL ledger that gets committed back to the repo, and dashboards summarize the per-repo fakeness ratios. When a repo's fake-engagement ratio crosses 40 percent or a clear campaign is found, phantomstars files an issue directly on the targeted repo so the maintainer can see the evidence. There is an allowlist for false positives that anyone can request through an issue template. The license is Apache 2.0, the language is Python 3.13, and the project is part of JS Labs's AI Slop Intelligence work.