We Scored 17 Famous Repositories — Here's What We Found
We used a repository health checker to score 17 well-known Git repos including prometheus, kubernetes, and golang/go. Go projects took all top 5 spots. Here's the full leaderboard and what the repository health scores reveal.
The experiment
How do you check if a GitHub repository is well-maintained before using it? Most developers glance at the star count and last commit date — but that's only 2 signals out of dozens.
We built RepoHealth, an open source repository health checker — a Go CLI tool that generates a repository health score from 0 to 100. It runs 33 checks across 8 categories: documentation, testing, CI/CD, dependencies, security signals, code statistics, activity, and TODO debt. It works fully offline, requires no GitHub API, and produces deterministic repo health scores — the same Git repository always gets the same score.
We ran it against 17 well-known open source projects across Go, Python, JavaScript, Ruby, and PHP to see how they compare on repository quality metrics.
The leaderboard
| Repo | Score | Grade |
|---|---|---|
| prometheus | 85 | A- |
| gin | 85 | A- |
| terraform | 83 | B+ |
| docker/compose | 82 | B+ |
| grafana | 81 | B+ |
| react | 77 | B |
| next.js | 73 | B- |
| rails | 68 | C+ |
| fastapi | 68 | C+ |
| cpython | 68 | C+ |
| flask | 67 | C+ |
| django | 66 | C+ |
| kubernetes | 64 | C |
| vue | 63 | C |
| express | 54 | D |
| laravel | 53 | D |
| golang/go | 51 | D |
Why Go projects dominate the top 5
All five top-scoring repos are Go projects. This isn't a coincidence — the Go ecosystem has unusually strong conventions around repository hygiene:
- Community files — most Go projects include CONTRIBUTING.md, SECURITY.md, and CODE_OF_CONDUCT.md by default
- CI/CD — GitHub Actions is the standard CI for Go, with test, lint, and build steps
- Testing — Go's built-in
go testmakes it natural to have high test-to-source ratios - Tooling culture — Go developers tend to use standardized tooling (golangci-lint, goreleaser) that encourages consistent repo structure
Prometheus and gin tie at 85 (A-). Both have excellent documentation, comprehensive CI pipelines, and strong testing coverage.
The surprises
kubernetes scored 64 (C)
Kubernetes is one of the most active and well-maintained projects in the world. It ships to millions of production clusters. So why does it score 64?
- TODO debt — 2,974 TODO/FIXME markers across the codebase
- Missing community files — some standard files aren't at the repo root where the tool checks
- Complexity — the sheer size of the repo means some hygiene metrics (like test-to-source ratio) are harder to maintain
The score reflects repository conventions, not project quality. kubernetes is excellent software with a non-standard repo structure.
golang/go scored 51 (D)
Go's own repository scores a D. Here's why:
- CI/CD: 0/15 — Go uses Gerrit and an internal CI system, not GitHub Actions
- Dependencies: 0/9 — The Go standard library doesn't use go.mod or go.sum at root (it IS the Go toolchain)
- Security: 0/10 — No conventional .gitignore patterns or CODEOWNERS file
golang/go predates GitHub conventions by years. It doesn't follow the patterns that the tool checks for because it was the tool that defined the patterns in the first place.
express scored 54 (D)
Express is the most downloaded Node.js framework with millions of weekly npm installs. But the repo itself is minimal — thin CI configuration, minimal community files, and no CHANGELOG. It's a mature, stable project that doesn't need active maintenance signals.
What the repository health scores DON'T mean
A low repository health score does not mean bad software. RepoHealth is a repo hygiene checker that measures conventions — the stuff you'd check before adopting a dependency or contributing to an open source project:
- Does it have documentation?
- Are there tests?
- Is CI configured?
- Are dependencies managed properly?
- Is the project actively maintained?
These are repository quality metrics, not code quality metrics. kubernetes (64) is exceptional software. golang/go (51) powers the entire Go ecosystem. express (54) serves billions of requests daily. They score lower because they don't follow standard GitHub repo structure, not because they're low quality.
Patterns we noticed
Go repos score higher — strong convention culture around community files, CI, and testing.
Older repos accumulate TODO debt — projects with years of development naturally accumulate more TODO/FIXME markers. This doesn't mean they're poorly maintained; it reflects the reality of long-lived codebases.
Foundation-backed projects have better docs — repos under CNCF (prometheus, kubernetes) and similar foundations tend to have more complete documentation and community files.
Python projects cluster at C+ — Django (66), Flask (67), FastAPI (68), CPython (68) all scored within 2 points of each other, suggesting a consistent level of repo hygiene in the Python ecosystem.
How the repository health scoring works
RepoHealth is a repository health scoring tool that runs 33 checks across 8 categories:
- Documentation (15 pts) — README, LICENSE, CONTRIBUTING, SECURITY, CHANGELOG, CODE_OF_CONDUCT
- Testing (20 pts) — test files, framework, coverage config, test-to-source ratio
- CI/CD (15 pts) — config exists, runs tests, runs linter, runs build
- Dependencies (9 pts) — lockfile, package manager, freshness, dependency count
- Security (10 pts) — no secrets, .gitignore coverage, dependency pinning, branch protection
- Code Statistics (5 pts) — source files, language diversity, comment ratio, vendor bloat
- Activity (15 pts) — recent commit, frequency, contributors, releases, bus factor
- TODO / Debt (7 pts) — TODO/FIXME count, density per KLOC, critical markers
The tool is a fully offline repository analyzer — no GitHub API needed, no tokens, no network access. It produces deterministic repo health scores every time. You can also use it as a CI/CD quality gate tool with --ci --threshold 70 to fail builds when repository health drops below your target.
Try it yourself
go install github.com/spbuilds/repohealth/cmd/repohealth@latest
repohealth .
Run this repo health check CLI on any local Git repository. It supports JSON, Markdown, and HTML output for CI pipelines and dashboards.
Score your own repos. Disagree with the methodology? Open an issue — we'd love to hear what checks are missing or weighted incorrectly.
MIT licensed. Single Go CLI binary. Zero runtime dependencies. Works on any Git repo — check your repository health score in under 100ms.
How does your repo score?
go install github.com/spbuilds/repohealth/cmd/repohealth@latest33 checks. 8 categories. One score. Fully offline.
View on GitHub