Comment by monkaiju
And it's already surpassed my most starred project when it was on GitHub, all the more validating to have moved it to forgejo. If vibecoded stuff with unbelievable security vulns can get so much praise the whole star system doesn't work as a quality filter. Similarly a well crafted README used to help reflect quality, no longer...
I don’t use stars to select dependencies FWIW. I look for age, CVEs and what other reputable projects depend on a repo. Also try to look for other signals, like if claims in the readme don’t match the implementation, or if there’s poor hygiene in the CI workflows. (And yes, I have gotten burned by an otherwise well meaning project with a supply chain vuln). As the saying goes “a little copying is better than a little dependency” (see: https://www.youtube.com/watch?v=PAAkCSZUG1c&t=9m28s).