Have you ever found a GitHub project or anything that seemed nice and tempting to install until you dug a bit deeper?

What are some red flags that should detur anyone from installing and running something?

  • Blaster M@lemmy.worldEnglish
    11·
    7 days ago

    “This project has been archived on [10+ years ago]. It is now Read Only.”

    or

    Last commit 5+ years ago

  • ChaoticNeutralCzech@feddit.orgEnglish
    7·
    6 days ago

    Requires weird IDE to build

    I shifted 8 GB of files to an older machine just to be able to install Android Studio on barely-supported hardware, and now I’m cloning the repo and the .gradle directory alone is 1 GB?

    • AA5B@lemmy.world
      1·
      7 days ago

      I bet they checked in the binary. Git is really poor with binaries since it can’t really diff them. And the worst part is gradle should never have the binary in the source tree

    • boraginoru@lemmy.zip
      1·
      7 days ago

      You don’t even need to check in .gradle to a repo, I always have that gitignored. And gradle projects should specify commands to build from CLI rather than having you download an IDE. Android Studio gives you a nice run button but it’s just invoking ./gradlew installDebug under the hood

    • thebustinater@lemmy.zipEnglish
      1·
      7 days ago

      I’m amused that you mentioned requiring an IDE and then gave gradle (a standalone build tool) and Android as an example… when I’m pretty sure that ios actually requires xcode (AND an apple account) to build apps

  • thedeadwalking4242@lemmy.world
    5·
    6 days ago

    The project is requires really weird unconventional set up. Doesn’t package properly, configuration files in weird places, doesn’t follow convention but doesn’t gain anything from it

  • Vex_Detrause@lemmy.ca
    4·
    7 days ago

    When installing if I see a pre-checked check mark I will be more likely to read what the software is trying to install. What are you trying to install now?

  • prenatal_confusion@feddit.org
    41·
    7 days ago

    No stars (although easily manipulated)

    No commit history

    No issue history

    No pr requests (soft no)

    No contributions from people with a active history

    • VitoRobles@lemmy.todayEnglish
      3·
      7 days ago

      Something I do is if a project has way too many stars, click on a few of the names randomly.

      If those profiles have 0-1 projects, my yellow flag (not red flag) goes up. Because yeah, it’s really easy to buy GitHub stars now.

      • bridgeenjoyer@sh.itjust.works
        51·
        8 days ago

        Sadly way too many niche groups there and also fb for me to delete. I’d have nothing otherwise.

        I just interact as little as possible and never install their software.

    • vogi@piefed.socialEnglish
      14·
      8 days ago

      Especially in the homebrew/modding world some even only distribute their stuff over discord. Which is an extra level of stupid. Dont think anything else can beat this.

      • Cantaloupe@lemmy.fedioasis.ccOPEnglish
        3·
        8 days ago

        Stalker Gamma comes to my mind, for that you had to join a discord in order to access the launcher, that launcher would auto download and install a bunch of mods for Stalker Anomaly into one big modded game.

  • Oka@sopuli.xyz
    882·
    8 days ago

    “Ads, In-App Purchases”

    That game is gonna be full-on enshitification.

    • bizarroland@lemmy.worldEnglish
      31·
      8 days ago

      I’ll see that and raise you a “app is free, but all functionality is paid, which you only find out after you have used the app for its intended purpose and now want the results of the work that you did, specifically when attempting to rescue files from your phone, for instance.”

      I’ll also toss in “all functionality is paid on a subscription model that automatically renews unless you manually disable it and you have to buy at least in one year increments”

      • Darkassassin07@lemmy.caEnglish
        18·
        8 days ago

        I really like the ‘free trial’ that requires your CC information and will begin billing you ‘soon’ unless you remember to cancel (and probably burn the card too).

      • abbadon420@sh.itjust.works
        6·
        8 days ago

        Goddamn! Had this one with “smartdraw.com” lately. I had to draw up a map of our property for a buidling permit, so I looked for an appropriate tool. Spend 3 hours drawing a layout. but turned out I can’t export the drawing unless I buy a year subscription of 8 dollars per month. Fuck them and fuck subscriptions! I downloaded LibreCAD and learned the basics of that.

        • rekabis@lemmy.ca
          1·
          7 days ago

          The 2017 full version of SketchUp is similarly free, FYI. You just have to dig for it on the website.

    • Cantaloupe@lemmy.fedioasis.ccOPEnglish
      4·
      8 days ago

      If I can remove the ads, and unlock pro features with a one time purchase, sure, but if the app is charging me monthly, that’s a deal breaker.

    • Obinice@lemmy.world
      44·
      8 days ago

      That’s not the case at all. For ads, perhaps, but in application purchases? Many games (especially free to play games, of which there are many excellent ones) have purchases you can make in the game.

      Helldivers 2 is an excellent game, and that has DLC packs and individual items you can purchase in game. So does World of Tanks (which is also free to play).

      Even some perfectly normal applications have that tag, because there’s a shareware version (maybe with a launch nag “Ad”) and the full paid version (which may only cost a few quid), that you can upgrade to from within the free version. It still counts, even if it’s just a one time thing.

      There are many scummy practices some game/application makers employ using ads or in-app purchases, but many don’t, and both types have that sort of label applied.

      Honestly, I see that label applied to basically everything these days, so I just ignore it and judge the application based on the nuance of how their monetisation is presented.

  • kescusay@lemmy.world
    675·
    8 days ago

    Evidence of vibe-coding. Em dashes and emojis sprinkled throughout the documentation? Code with inline comments pointlessly describing some change, as if you want to know what that block of code used to do more than what it actually does?

    It’s vibe-coded garbage by someone who doesn’t know how to code. Stay far away.

    • Clent@lemmy.dbzer0.comEnglish
      24·
      8 days ago

      inline comments pointlessly describing some change, as if you want to know what that block of code used to do more than what it actually does?

      Oh, shit, am AI.

        • Clent@lemmy.dbzer0.comEnglish
          3·
          8 days ago

          Exactly. I worked on a interface where the elements where shift under conflicting business interests. The comments where a log of dates, person, and what they asked for as we worked on our side to build a case against the insanity.

          The comments listed not only what it clearly did but also what it had previously done. Then inevitably something comes in hours before a launch window and that part does not get its comment updated.

        • Tja@programming.dev
          1110·
          8 days ago

          That ship has sailed. The question is how to use AI to code, for every project there’s a sweet spot and it rarely is 0% or 100%.

          • Victor@lemmy.world
            172·
            8 days ago

            You really don’t need to. Nobody is forcing you.

            And if they are, seriously considering finding another place of work.

            • Tja@programming.dev
              55·
              8 days ago

              I very much enjoy using AI for all the biloilerplate, test cases, suggestions, etc. It really makes me more productive, hard metrics behind it. Nobody is forcing me to, they just provide the license and let us use our judgment.

              I honestly can’t think of a project where 0% AI would be better. For 100% maybe a very trivial PoC, but even that would require at least a code revision.

              So, as with many things, use in moderation is fine.

              • kescusay@lemmy.world
                71·
                8 days ago

                It’s almost certainly also making your code worse.

                It’s not impossible to use AI effectively (although I would argue it’s impossible to use large “frontier” models ethically, as the companies making them are burning the planet down to power the process), but you have to be extremely vigilant and thoughtful about what you’re using it for, and you have to review every single line of code it produces, or you’re going to miss bugs and you’re going to lose skills.

                A good way to test yourself is to see if you can still scaffold out an application by hand. Doesn’t matter what… A to-do list, some buttons, whatever. Just test yourself to see if you can still do it.

                If you can’t, then you’ve lost the skills necessary to be certain that what you’re producing with AI is actually good.

                And if the idea of testing yourself like this makes you uncomfortable? Then AI isn’t a tool you use, it’s an addiction.

                • Tja@programming.dev
                  21·
                  8 days ago

                  I mean, I do leet code semi-regularly, so I’m not too worried about getting rusty. Writing tests is boring as hell, the AI does a decent enough job for at least 90% of them.

    • alakey@piefed.socialEnglish
      2·
      8 days ago

      Emoji ridden repos just scream scam to me, too. I feel like people who genuinely want to make an app and actually keep it maintained wouldn’t resort to AI slop code or even a description.

    • rekabis@lemmy.ca
      7·
      7 days ago

      I can’t believe that marketing people are this fucking stupid.

      Like, full-on knuckle-dragging morons.

      They intentionally drive away more paying customers than they could ever “channelize” with this method.

      Because most people realize that prices are only ever hidden for malicious, anti-consumer purposes.

      • yermaw@sh.itjust.works
        1·
        6 days ago

        Thats for every industry. The burger van with the prices in micro-text behind the guy asking what you want and you better hurry up cause theres a queue

        • rekabis@lemmy.ca
          1·
          6 days ago

          Your example can be wholly explained by inadequate knowledge of visual design (UI/UX, to be specific), especially from a consumption/access position. That’s a technical outcome which is a result of ignorance or failures, not a sales outcome from an explicit strategy of obfuscation.

          To put it another way, people making too-small signs for their yard sale that drivers just cannot see at speed, is not the same as companies going “call for pricing”. That would be the same as signs saying, “call us for the yard sale address”. The former is wholly unintentional and borne out of ignorance, the latter is completely intentional anything but accidental.