GitHub Stars Are for Sale, and the Real Problem Is Not Vanity
Buying GitHub stars sounds pathetic enough to be a joke. The joke misses the interesting part. Stars are a public trust signal on a code-hosting platform, and there is an ordinary, low-friction market for faking them. The important question is not whether inflated stars reliably produce downloads. It is why counterfeit popularity is so cheap to buy, and why that becomes a security problem once fake credibility attaches to malicious repositories.