This is the problem with software/services being taken over by big entities: they no longer have to care under the umbrella of "too big to fail".
replyIf most malware repos are created in the last few days by a fresh user, then it sounds like GitHub is taking action against them? Or where are the old ones?
replyWell, my trend detection logic rewards recent stars more than older ones [1]. Recency is an important factor for many custom and public tools that track GitHub trends. I think they intentionally recreate repos - I even noticed that.
replyhttps://hadid.dev/posts/github-trends/#growth-based-approach
Most of HN doesn't give a shit about the malware problem. They will happily click "Give XYZ App ... permission to act on your behalf" to all of their repos with zero knowledge of what permissions are being requested. Github's Auth system doesn't tell the user what permissions are being requested
replyNote: Github has 2 auth systems. OAuth, and Github Auth. OAuth lists permissions but most apps use Github Auth which does not. So that app that gives you a badge or lets you comment could asking for write permission all your repos. You have no idea.
[dead]
reply