GitHub stars are an essential growth factor for many open source projects, but they can easily be from bot accounts. How can we trust GitHub stars again? For Open Source GitHub projects, stars are a primordial metric.
Of course, there are ways to abuse this system, as you might have heard recently. As an open source company, we want our community’s legitimacy to be transparent, and we want to help the open source community do the same for other projects. In the past, there have been many occurrences of people abusing the GitHub API: Gaining followers quickly by making their account follow thousands of other people, hoping for them to follow backFaking their GitHub contributions to make themselves look like outstanding open source developersAutomatically creating bot accounts to star repositories and virtually increase their popularity (Examples: here and here among others)
Automatically creating bot accounts to star repositories and virtually increase their popularity (Examples: here and here among others) GitHub has taken down several of the repositories responsible for such abuses, but not all of them. The main reason why it was so simple to write those bots was that creating GitHub accounts did not used to require any kind of verification, not even a confirmation link via email.
Source: containo.us