RepoSignal

Tracking since Jun 6, 2026.

Changelog

• Jun 15, 2026
  description

  RepoSignal answers one question before you add a dependency: should you trust this repository?
    
    Open any GitHub repo and get a 0 to 100 score in your side panel, computed from six weighted signals:
    
    • Maintenance (25%): recency of commits, releases, and pushes
    • Security (20%): published advisories, security policy, archived status
    • Contributor risk (18%): bus factor, how concentrated the commit history is
    • Community (15%): adoption breadth via stars and forks
    • Release hygiene (12%): release cadence and semver tagging
    • Docs (10%): license, description, and documentation presence
  
    A full report page shows every signal with its weight, the raw inputs behind it, and the top risks, plus the complete methodology. Every score is reproducible from the same public inputs.
    
    You can tune the weights in Settings, export and import scoring profiles as JSON, and set hard deal-breakers (archived repository, missing license, published advisories) that override any score with a flat Do Not Adopt verdict.
   
    No AI. No black box. No servers.
    All data comes straight from the public GitHub REST API and is cached locally for 30 minutes. Nothing you browse ever leaves your machine.
    
    Note: unauthenticated GitHub API requests are limited to 60 per hour by GitHub. Add a personal access token in Settings to raise this to 5,000 per hour.

  RepoSignal answers one question before you add a dependency: should you trust this repository?
  
  Open any GitHub repo and get a 0–100 score in your side panel, computed from six weighted signals:
  
    • Maintenance (25%) — recency of commits, releases, and pushes
    • Security (20%) — published advisories, security policy, archived status
    • Contributor risk (18%) — bus factor: how concentrated the commit history is
    • Community (15%) — adoption breadth via stars and forks
    • Release hygiene (12%) — release cadence and semver tagging
    • Docs (10%) — license, description, and documentation presence
  
  A full report page shows every signal with its weight, the evidence behind it, and the top risks — plus the complete methodology. Every score is reproducible from the same public inputs.
  
  Compare up to three repositories side by side before you pick a dependency. RepoSignal also remembers each repo's past scores and shows the drift since you last looked — a quiet warning when a project starts slipping.
  
  The scoring model is yours to tune: adjust the six weights, set hard deal-breakers (archived repo, no license, published advisories), and export your profile to share with your team. Type "rs" then a space in the address bar to score
    any owner/repo without leaving the keyboard.
  
  No AI. No black box. No servers.
   All data comes straight from the public GitHub REST API and is cached locally for 30 minutes. Nothing you browse ever leaves your machine.
  
  Unauthenticated GitHub API requests are limited to 60/hour by GitHub. Add your own token in Settings to raise the limit to 5,000/hour — it never leaves your browser.

Permissions & access

Permissions

storagesidePanel

Host access

https://github.com/*, https://api.github.com/*

Screenshots