this post was submitted on 17 Jan 2026
23 points (96.0% liked)
Opensource
4817 readers
100 users here now
A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!
⠀
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Probably a simple way without looking at ANY code is to just look at a few key points on GitHub (or GitLab or other):
Stars This is the number of people who have favourited the package. In general, if a package has more stars (500+, 1000+) it is probably good and has had a lot of people looking at it and using it. Beware packages with only a few stars (fewer than 20, but context matters.)
Forks Also look at the number forks the repo has. In general, the more forks it has, the more people in the community have contributed to it, fixing bugs, tightening security, etc. Again, the more eyes the package has on it, the higher the chance that key vulnerabilities have been identified and fixed.
Number of Contributors same reason as forks.
When last the files in the repo were updated Occasionally you’ll find a package that meets the above heuristics very well, but was only last updated 5 to 10 years ago. Avoid these as they aren’t up to date and therefore have vulnerabilities.
All these points are just rough heuristics and there will be exceptions but can generally point even experienced developers in the right direction.