Listen to any on the Elon Musk interviews, he knows more technical intricacies of his 1000+ employee companies than your average startup founder with 10 employees.
Hypothesis: a big accelerant of these rapid repository compromise (from Red hat to GitHub to Amazon to small startups) might be GitHub+dependabot automatic dependency updates.
So, just like COVID-19 used air travel, modern malware attacks are relying on GitHub+dependabot to speed up the spread.
Even for single page website built using Vue, I would get about 5 updates a week.
> I'm thinking like "you had 200 GitHub stars before coming to us so we start you with 200 stars" as a migration process. maybe they wouldn't be as reputable but everyone knows it's gamed anyway, so why not?
The fact that companies request you to star them on GitHub and the stars can be bought tells you that there is a value in these stars. [2]
Now, some astute reader, who thinks the $1 trillion global advertisement market does not influence them, will also claim that they don't care about GitHub stars.
Well, that's not how the world works.
Fake stars can propel a good project to great.
A lot of people will use GitHub stars as a currency to decide the importance of certain FOSS (or even open-core) projects.