GitHub stars and followers are supposed to be trust signals.
But increasingly, they’re being gamed.
If you maintain public repositories, you’ve probably seen accounts that:
- Follow thousands of users
- Have zero repositories
- Were created last week
- Contain bios like “star for star” or “follow back”
These aren’t contributors.
They’re engagement manipulators.
So I built StarReaper — a small Rust CLI tool that detects and blocks star-farming and follow-manipulation accounts automatically.
The Problem: Artificial Signal Inflation
Stars and followers shape perception:
- Open-source credibility
- Project discoverability
- Hiring signals
- Investor optics
Star-farming accounts distort that signal.
Most of them operate using predictable patterns:
- “S4S” / “F4F” bios
- Following thousands of accounts
- Zero public repositories
- Recently created accounts
- Extremely skewed follow ratios
Individually, these signals aren’t conclusive.
Combined, they form a reliable heuristic profile.
Design Goals
StarReaper was built with four constraints:
- Deterministic — no machine learning guesswork
- Transparent — every flag has a reason
- Safe — dry-run mode before enforcement
- Lightweight — no database, no server, no OAuth app
It’s a standalone Rust binary.
How StarReaper Works
The execution pipeline is simple:
Fetch followers
→ Fetch profile data
→ Score heuristics
→ Flag accounts above threshold
→ Optionally block
Each profile is scored using weighted signals:
| Signal | Score |
|---|---|
| Bio contains star-farming keywords | +3 |
| Suspicious following/follower ratio | +2 |
| Zero public repositories | +1 |
| Account younger than 90 days | +1 |
| Zero followers + active following | +1 |
Default block threshold: 3
This means a bio like “star for star” triggers immediate blocking.
Weaker signals must stack to trigger enforcement.
Safety First: Dry Run Mode
Before blocking anyone, you can audit:
export GITHUB_PAT=ghp_yourtoken
starreaper --dry-run
Output includes:
- Username
- Risk score
- Exact reasons
Only when you’re satisfied:
starreaper --threshold 3
Why Rust?
StarReaper is written in Rust because:
- Predictable async networking (reqwest + tokio)
- Strong type safety
- Clean static binary distribution
- No runtime dependencies
- Reliable TLS via rustls
It uses GitHub’s REST API with proper pagination and rate-aware delays.
Technical Details
API Endpoints Used
GET /user/followersGET /users/{username}PUT /user/blocks/{username}
Authentication requires a classic PAT with:
user
No repository access required.
Pagination Support
GitHub limits responses to 100 per page.
StarReaper automatically paginates until:
- It reaches your specified limit
- Or no more followers remain
Rate Limiting
The tool inserts a controlled delay between requests and stays within authenticated GitHub API limits (5,000 requests/hour).
It’s designed for periodic execution — not continuous polling.
Why Not Just Ignore Bots?
You can.
But artificial engagement has subtle effects:
- Inflates follower count artificially
- Distorts trust perception
- Pollutes notification streams
- Degrades signal integrity
StarReaper restores authenticity.
It doesn’t optimize growth.
It removes manipulation.
Is It Perfect?
No heuristic system is.
That’s why:
- Default threshold is conservative
- Bio keyword match alone is strong
- Weak signals must stack
- Dry-run mode exists
This is a hygiene tool — not a ban hammer.
Installation
Build from source:
cargo build --release
Run:
export GITHUB_PAT=ghp_yourtoken
./target/release/starreaper --dry-run
Future Directions
StarReaper currently focuses on follower hygiene.
Possible extensions:
- GitHub Action integration
- Scheduled execution
- Whitelist support
- JSON output mode
- Cross-platform reputation scoring
This could evolve into a broader reputation integrity engine.
For now, it’s focused and intentional.
Final Thoughts
Stars are social proof.
Social proof only works when it’s authentic.
StarReaper doesn’t grow your numbers.
It protects their integrity.
If you care about signal over noise, this tool is for you.
StarReaper is open source.
🔗 GitHub Repository: https://github.com/chronocoders/starreaper
Top comments (0)