Github Code Auditor

AI-powered GitHub repository analyzer that provides comprehensive insights into any public repository. Perfect for due diligence, developer onboarding, competitive analysis, codebase audits, and detecting AI-generated slop code.

What it does

GitHub Code Auditor analyzes GitHub repositories and provides:

• Repository Metadata - Stars, forks, issues, license, topics, and activity
• Language Analysis - All programming languages used with percentages
• Contributor Insights - Top contributors and their commit history
• Dependency Analysis - Parses package.json, requirements.txt, and more (smart monorepo detection)
• File Structure Analysis - Detects README, tests, CI/CD, Docker presence
• Security Scanning - Basic vulnerability and sensitive file detection
• Health Score - 0-100 score with letter grade (A-F) based on best practices
• AI-Powered Insights - GPT-4 generated summary, strengths, concerns, and recommendations
• AI Slop Detection - Identifies low-quality AI-generated repositories with confidence scoring

Use Cases

Who	Use Case
Engineering Teams	Tech debt monitoring, onboarding new developers
VCs & Investors	Due diligence on portfolio companies, detect AI-generated demos
Security Teams	Vulnerability scanning across organizations
Open Source Maintainers	Project health dashboards
Recruiters	Verify candidate skills, detect AI-generated portfolio projects
Package Maintainers	Vet dependencies before adding to projects
Researchers	Study trends in AI-generated code proliferation

Input

Field	Type	Required	Description
repoUrls	array	Yes	List of GitHub repository URLs to analyze
githubToken	string	No	GitHub token for higher API rate limits (60/hour without, 5000/hour with)
openaiApiKey	string	No	OpenAI API key for AI-powered insights
analysisDepth	enum	No	quick, standard (default), or comprehensive
includeSecurityScan	boolean	No	Enable security vulnerability checks (default: true)
includeAiInsights	boolean	No	Enable AI-powered analysis (default: true)
maxFilesToAnalyze	integer	No	Maximum files for code analysis (default: 50)

Example Input

{
    "repoUrls": [
        "https://github.com/facebook/react",
        "https://github.com/vercel/next.js"
    ],
    "analysisDepth": "comprehensive",
    "includeSecurityScan": true,
    "includeAiInsights": true
}

Output

Each repository analysis produces a JSON object with:

{
    "repoUrl": "https://github.com/facebook/react",
    "repoName": "facebook/react",
    "description": "The library for web and native user interfaces.",
    "stars": 225000,
    "forks": 46000,
    "openIssues": 950,
    "language": "JavaScript",
    "languages": {
        "JavaScript": 2500000,
        "TypeScript": 150000,
        "HTML": 50000
    },
    "topics": ["react", "javascript", "frontend", "ui"],
    "license": "MIT License",
    "contributors": [
        {"login": "gaearon", "contributions": 2500},
        {"login": "acdlite", "contributions": 1800}
    ],
    "recentCommits": [
        {"sha": "abc1234", "message": "Fix bug in hooks", "author": "gaearon"}
    ],
    "fileStructure": {
        "hasReadme": true,
        "hasTests": true,
        "hasCiConfig": true,
        "hasDockerfile": false
    },
    "dependencies": {
        "loose-envify": "^1.1.0",
        "object-assign": "^4.1.1"
    },
    "codeMetrics": {
        "healthScore": 92,
        "grade": "A",
        "factors": [
            {"name": "Community Interest", "score": 15},
            {"name": "Documentation", "score": 10},
            {"name": "Test Coverage", "score": 15}
        ]
    },
    "aiSummary": "React is a declarative JavaScript library for building user interfaces...",
    "aiInsights": {
        "summary": "React is a declarative JavaScript library...",
        "strengths": ["Massive community support", "Excellent documentation"],
        "concerns": ["Large bundle size", "Steep learning curve"],
        "targetUsers": "Frontend developers building interactive UIs",
        "recommendation": "Highly Recommended",
        "isAiSlop": false,
        "aiSlopScore": 5,
        "aiSlopIndicators": [],
        "aiSlopVerdict": "Definitely Authentic"
    },
    "dependencyCount": 2,
    "devDependencyCount": 45,
    "totalDependencies": 47,
    "isMonorepo": true,
    "analyzedAt": "2024-01-15T10:30:00.000Z"
}

AI Slop Detection

One of the most powerful features is the ability to detect "AI slop" - low-quality, AI-generated repositories that flood GitHub with shallow, non-functional code.

What It Detects

Red Flag	Description
Generic naming	Vague project names and descriptions that could apply to anything
Shallow README	Suspiciously polished docs with buzzwords but no real substance
No tests	Claims "production-ready" but has zero test coverage
Commit bombing	1-3 massive commits with entire codebase dumped at once
Ghost town	No forks, no issues, no community engagement
Template structure	Generic file layout that looks auto-generated
Dependency mismatch	Listed dependencies don't match the stated purpose
No CI/CD	No quality tooling or automation
Single contributor	One person with generic commit messages like "initial commit"

Output Fields

Field	Type	Description
isAiSlop	boolean	true if likely AI-generated low-quality code
aiSlopScore	number	0-100 scale (0 = human-crafted, 100 = definitely AI slop)
aiSlopIndicators	array	List of specific red flags found
aiSlopVerdict	string	Human-readable verdict

Verdict Scale

Verdict	Score Range	Meaning
Definitely Authentic	0-15	Clear signs of genuine human development
Likely Authentic	16-35	Mostly authentic with minor concerns
Possibly AI Slop	36-65	Mixed signals, warrants investigation
Likely AI Slop	66-100	Strong indicators of low-quality AI generation

Example: Detecting AI Slop

{
    "repoUrls": ["https://github.com/suspicious-user/ai-todo-app"],
    "analysisDepth": "standard",
    "includeAiInsights": true
}

Example output for a suspicious repo:

{
    "aiInsights": {
        "isAiSlop": true,
        "aiSlopScore": 78,
        "aiSlopIndicators": [
            "Single commit with entire codebase",
            "Generic README with buzzwords",
            "No tests despite 'production-ready' claim",
            "Zero community engagement after 6 months",
            "Dependencies don't match stated purpose"
        ],
        "aiSlopVerdict": "Likely AI Slop"
    }
}

Analysis Depths

Depth	What's Included	Speed
Quick	Metadata only (stars, forks, description)	~5 seconds
Standard	Metadata + dependencies + file structure + contributors + AI insights	~15 seconds
Comprehensive	Everything + security scan + AI insights	~30 seconds

Note: AI insights (including AI slop detection) are now available on both standard and comprehensive depths when an OpenAI API key is provided.

Health Score Calculation

The health score (0-100) is calculated based on:

Factor	Max Points	Criteria
Community Interest	15	Based on star count
Documentation	10	Has README file
License	10	Has license file
Test Coverage	15	Has test directory
CI/CD	10	Has .github directory
Recent Activity	15	Days since last push
Issue Management	10	Open issues to stars ratio
Containerization	5	Has Dockerfile

Grades: A (80+), B (60-79), C (40-59), D (20-39), F (<20)

Pricing

Event	Price	Description
Actor Start	$0.00005/GB	Charged once per run
Repository Result	$0.001	Per repository analyzed
AI Analysis	$0.02	Per repository with AI insights

Example Costs

• 1 repo, standard analysis: ~$0.001
• 1 repo, comprehensive with AI: ~$0.021
• 10 repos, standard: ~$0.01
• 10 repos, comprehensive with AI: ~$0.21

Rate Limits

Auth Method	Requests/Hour
No token	60
With GitHub token	5,000

For analyzing multiple repositories, we recommend providing a GitHub Personal Access Token.

Integrations

This Actor works great with:

• Scheduled runs - Monitor repository health weekly/monthly
• Webhooks - Trigger analysis on new releases
• Zapier/Make - Connect to your workflow automation
• API - Integrate directly into your applications

API Usage

curl -X POST "https://api.apify.com/v2/acts/YOUR_USERNAME~github-code-auditor/runs?token=YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "repoUrls": ["https://github.com/apify/crawlee"],
    "analysisDepth": "comprehensive"
  }'

Local Development

# Clone the repository
git clone https://github.com/YOUR_USERNAME/github-code-auditor.git
cd github-code-auditor

# Install dependencies
npm install

# Create input file
mkdir -p storage/key_value_stores/default
echo '{"repoUrls": ["https://github.com/apify/crawlee"]}' > storage/key_value_stores/default/INPUT.json

# Run locally
apify run

# View results
cat storage/datasets/default/*.json

Environment Variables

Variable	Description
OPENAI_API_KEY	OpenAI API key for AI insights (can also be provided in input)

Tech Stack

• Apify SDK - Actor lifecycle and storage
• Crawlee - Dataset management
• @octokit/rest - GitHub API client
• OpenAI - GPT-4 powered insights

Limitations

• Only analyzes public repositories (unless GitHub token has private repo access)
• AI insights (including AI slop detection) require OpenAI API key
• GitHub API rate limits apply (60/hour without token, 5000/hour with token)
• Maximum 500 files analyzed per repository
• AI slop detection is probabilistic - always verify findings manually for important decisions

Support

• Report an issue
• Apify Discord

License

ISC License