> Yet it seems to be a popularity contest people care about for some reason
Before you incorporate someone's Github library into your own project, you want to know some things. Is it secure? Is it well-maintained? Is there an active userbase to help with support? Stars are one indicator of this.
Honestly, I would rather go for that specific info instead. CVEs for security, network graph and PRs for activity, CI maturity for security and maintenance, etc. Stars give you mostly popularity which is not necessarily correlated. But yeah, I agree they can be a single-number-proxy for the above.
Hardly. I was on a project with a JS dependency with 6.5k stars and sponsors but it injected a remote script at runtime without consent. I'm also a part of niche community circles where a project would be lucky to break 50 stars despite having phenomenal value and quality. It really is purely a popularity contest and only that with a bias towards other languages and projects that are equally as popular.
Before you incorporate someone's Github library into your own project, you want to know some things. Is it secure? Is it well-maintained? Is there an active userbase to help with support? Stars are one indicator of this.