Have you ever found a GitHub project or anything that seemed nice and tempting to install until you dug a bit deeper?

What are some red flags that should detur anyone from installing and running something?

  • thedeadwalking4242@lemmy.world
    5·
    7 hours ago

    The project is requires really weird unconventional set up. Doesn’t package properly, configuration files in weird places, doesn’t follow convention but doesn’t gain anything from it

  • ChaoticNeutralCzech@feddit.orgEnglish
    7·
    3 hours ago

    Requires weird IDE to build

    I shifted 8 GB of files to an older machine just to be able to install Android Studio on barely-supported hardware, and now I’m cloning the repo and the .gradle directory alone is 1 GB?

    • AA5B@lemmy.world
      1·
      9 hours ago

      I bet they checked in the binary. Git is really poor with binaries since it can’t really diff them. And the worst part is gradle should never have the binary in the source tree

    • boraginoru@lemmy.zip
      1·
      10 hours ago

      You don’t even need to check in .gradle to a repo, I always have that gitignored. And gradle projects should specify commands to build from CLI rather than having you download an IDE. Android Studio gives you a nice run button but it’s just invoking ./gradlew installDebug under the hood

    • thebustinater@lemmy.zipEnglish
      1·
      11 hours ago

      I’m amused that you mentioned requiring an IDE and then gave gradle (a standalone build tool) and Android as an example… when I’m pretty sure that ios actually requires xcode (AND an apple account) to build apps

  • Blaster M@lemmy.worldEnglish
    11·
    13 hours ago

    “This project has been archived on [10+ years ago]. It is now Read Only.”

    or

    Last commit 5+ years ago

  • Vex_Detrause@lemmy.ca
    4·
    12 hours ago

    When installing if I see a pre-checked check mark I will be more likely to read what the software is trying to install. What are you trying to install now?

  • rodneylives@lemmy.worldEnglish
    13·
    1 day ago

    A rule of thumb I use is how desperate the software is to tell you the weather even when you never asked for it or even set it up to report it.

  • prenatal_confusion@feddit.org
    41·
    19 hours ago

    No stars (although easily manipulated)

    No commit history

    No issue history

    No pr requests (soft no)

    No contributions from people with a active history

    • VitoRobles@lemmy.todayEnglish
      3·
      19 hours ago

      Something I do is if a project has way too many stars, click on a few of the names randomly.

      If those profiles have 0-1 projects, my yellow flag (not red flag) goes up. Because yeah, it’s really easy to buy GitHub stars now.

    • rekabis@lemmy.ca
      7·
      14 hours ago

      I can’t believe that marketing people are this fucking stupid.

      Like, full-on knuckle-dragging morons.

      They intentionally drive away more paying customers than they could ever “channelize” with this method.

      Because most people realize that prices are only ever hidden for malicious, anti-consumer purposes.

  • sem@piefed.blahaj.zoneEnglish
    241·
    1 day ago

    If the project maintainer has a policy of “no politics allowed.”

    Rather than a policy more along the lines of “be respectful”

    • VitoRobles@lemmy.todayEnglish
      61·
      19 hours ago

      100%.

      Then you look through their history and it’s them laugh emojiing something like doing a LGBT suicide or some ridiculous shit.

  • Vogi@piefed.socialEnglish
    19·
    1 day ago

    Something I ran into just now was AI generated Imagery in Docs or as an Icon.
    I am not even that Anti AI as many on here I feel like. But this is a sure fire way to show how much you don’t give a shit about your project. Just use emojis or some shit which is ironically even less work but somehow makes it seem more deliberate.

    • vithigar@lemmy.ca
      1·
      11 hours ago

      Had a conversation with someone recently about exactly this. Usage of AI generated assets gives me exactly the same feelings as a local business using a gmail or personal ISP email account on their advertising.

      It doesn’t automatically mean it’s bad, but it’s an indication that whoever is running things just can’t be bothered to put in effort.

      • Vogi@piefed.socialEnglish
        4·
        9 hours ago

        I don’t think it is. IIRC they had that before AI Image Generation was widely available. You really can’t tell though with the simple cute art style which AI can very easily recreate.

  • vole@lemmy.worldEnglish
    28·
    2 days ago

    Venture capital funding. The plan is always to do a rug pull. Though if it properly freely licensed and the code is reasonable enough to be forked, it’s less worrying but still risky. It’s better to work with honest people.