Hacker News new | ask | show | jobs
by asveikau 2584 days ago
> quality of the repo (as measured by forks/stars/pagerank...)

These two seem unrelated. Quality is not measured by popularity. There is plenty of popular stuff that's junk, and good stuff that nobody uses.
1 comments
riyakhanna1983 2584 days ago
Precisely. For my organization, I'm looking for a way to quantitatively measure and compare quality/security postures of repos/packages when importing.
link
asveikau 2584 days ago
Sounds tough. What are your ideas to measure so far?

For the security angle it seems the first naive thing would be to count prior known vulnerabilities, but then, the projects that do absolute worst at that are not going to have discovered their security bugs let alone document them well.

link