andrew/oss-tiers.md

Last active March 24, 2024 21:40

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/andrew/fa7ee93c8f8a62ae775d0849f84f2760.js"></script>
Save andrew/fa7ee93c8f8a62ae775d0849f84f2760 to your computer and use it in GitHub Desktop.

Download ZIP

Raw

oss-tiers.md

OSS Tier List

Initial thought: https://mastodon.social/@andrewnez/112151957657701569

Based on https://en.wikipedia.org/wiki/Tier_list

Comments and critiques welcome

Usage ideas:

Browser extension: detect you're looking at a webpage of a package or repo, show you the project's Tier for quick and easy classification
SBOM analyser: Summerize an SBOM by grouping dependencies into Tiers, highlighting the good and bad ones

S tier

Super Star Project
Top 0.1% ranking in its ecosystem
Minimal red flags

A tier

Excellent Project
Top 1% ecosystem ranking
Minimal red flags

B tier

Great Project
Top 10% ecosystem ranking
Few red flags

C tier

Ok Project
Some usage within OSS
Default tier

D tier

Unknown Project
Little-to-no usage
Some Red flag

E tier

Problem Project
Many red flags

F tier

Bad Project
No license
Serious red flags

Red Flags

No OSS license
Not updated in years
very slow or no response to issues
No published releases in years
If package, no source repo
few maintainers
few contributors
unfixed security advisories
elephant factor
bus factor
low tier dependencies
brand new project
typo-squatting name

Beige flags (no impact)

no changelog
no tag with each releases
thousands of open issues or pull requests
no security policy
no automated ci

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment