OSS GitHub Actions hygiene leaderboard
Live ranking of 40 popular OSS repositories by their
GitHub Actions workflow hygiene. Lower score = better. Powered by
ci-doctor
(14 rules) and gha-budget
(per-job pricing). Workflow YAML re-fetched from each repo every day.
New report
State of OSS CI Hygiene 2026 (Edition 1) · the data on this page, packaged as a 12-page PDF + raw JSON snapshot for $14.
Get the report →
Repos ranked
40
Workflows scanned
541
Total findings
2,179
Modeled $/mo combined
$101,378
Cleanest 5 (lowest score)
- mui/material-ui
1.56 - TanStack/query
2.00 - gatsbyjs/gatsby
2.00 - jestjs/jest
2.09 - vitejs/vite
2.12
Most findings per workflow (highest score)
- remix-run/remix
13.63 - axios/axios
9.63 - parcel-bundler/parcel
8.25 - denoland/deno
8.18 - biomejs/biome
6.78
Top rules across all repos
| Rule | Hits |
|---|---|
missing-timeout | 897 |
missing-cache | 257 |
pinned-action-sha | 184 |
missing-concurrency | 178 |
missing-permissions | 127 |
Full ranking (sorted by hygiene score)
| # | Trend | Repo | Score | WFs | Findings | E/W/I | $/run | $/mo* |
|---|---|---|---|---|---|---|---|---|
| 1 | - | mui/material-ui · scan | 1.56 | 16 | 28 | 0/22/6 | $0.83 | $749 |
| 2 | - | TanStack/query · scan | 2.00 | 4 | 9 | 0/7/2 | $0.38 | $346 |
| 3 | - | gatsbyjs/gatsby · scan | 2.00 | 1 | 2 | 0/2/0 | $0.06 | $58 |
| 4 | - | jestjs/jest · scan | 2.09 | 11 | 23 | 0/23/0 | $1.34 | $1,210 |
| 5 | - | vitejs/vite · scan | 2.12 | 13 | 28 | 0/27/1 | $1.15 | $1,037 |
| 6 | - | vuejs/core · scan | 2.17 | 9 | 20 | 0/19/1 | $0.83 | $749 |
| 7 | - | sveltejs/svelte · scan | 2.40 | 5 | 14 | 0/10/4 | $0.70 | $634 |
| 8 | - | ReactiveX/rxjs · scan | 2.50 | 4 | 12 | 0/8/4 | $0.38 | $346 |
| 9 | - | nuxt/nuxt · scan | 2.53 | 29 | 64 | 7/48/9 | $2.18 | $1,958 |
| 10 | - | prettier/prettier · scan | 2.59 | 16 | 31 | 6/22/3 | $0.96 | $864 |
| 11 | - | webpack/webpack · scan | 2.78 | 9 | 27 | 0/23/4 | $1.54 | $1,382 |
| 12 | - | fastify/fastify · scan | 2.85 | 20 | 61 | 0/53/8 | $1.41 | $1,267 |
| 13 | - | storybookjs/storybook · scan | 2.97 | 16 | 57 | 0/38/19 | $2.11 | $1,901 |
| 14 | - | nodejs/node · scan | 2.99 | 36 | 106 | 3/94/9 | $6.21 | $5,587 |
| 15 | - | sindresorhus/got · scan | 3.00 | 1 | 3 | 0/3/0 | $0.00 | $0 |
| 16 | - | lodash/lodash · scan | 3.06 | 8 | 26 | 0/23/3 | $0.64 | $576 |
| 17 | - | remix-run/react-router · scan | 3.09 | 16 | 52 | 0/47/5 | $1.15 | $1,037 |
| 18 | - | swc-project/swc · scan | 3.16 | 16 | 53 | 0/48/5 | $2.82 | $2,534 |
| 19 | - | electron/electron · scan | 3.26 | 44 | 132 | 15/80/37 | $2.50 | $2,246 |
| 20 | - | nestjs/nest · scan | 3.50 | 1 | 5 | 0/2/3 | $0.06 | $58 |
| 21 | - | pnpm/pnpm · scan | 3.55 | 19 | 62 | 6/43/13 | $2.24 | $2,016 |
| 22 | - | preactjs/preact · scan | 3.56 | 8 | 31 | 0/26/5 | $0.70 | $634 |
| 23 | - | date-fns/date-fns · scan | 3.83 | 6 | 23 | 0/23/0 | $0.38 | $346 |
| 24 | - | microsoft/TypeScript · scan | 3.94 | 18 | 77 | 0/65/12 | $1.86 | $1,670 |
| 25 | - | microsoft/playwright · scan | 4.12 | 21 | 87 | 0/86/1 | $4.22 | $3,802 |
| 26 | - | chakra-ui/chakra-ui · scan | 4.17 | 3 | 13 | 0/12/1 | $0.51 | $461 |
| 27 | - | tailwindlabs/tailwindcss · scan | 4.38 | 4 | 22 | 0/13/9 | $1.54 | $1,382 |
| 28 | - | eslint/eslint · scan | 4.55 | 10 | 48 | 0/43/5 | $1.15 | $1,037 |
| 29 | - | vercel/next.js · scan | 4.69 | 36 | 149 | 13/124/12 | $3.65 | $3,283 |
| 30 | - | npm/cli · scan | 5.15 | 26 | 133 | 3/120/10 | $2.56 | $2,304 |
| 31 | - | facebook/react · scan | 5.25 | 22 | 124 | 0/107/17 | $16.26 | $14,630 |
| 32 | - | expressjs/express · scan | 5.25 | 4 | 18 | 2/14/2 | $0.38 | $346 |
| 33 | - | prisma/prisma · scan | 5.32 | 17 | 91 | 0/90/1 | $14.59 | $13,133 |
| 34 | - | rollup/rollup · scan | 5.90 | 5 | 27 | 3/17/7 | $0.70 | $634 |
| 35 | - | sequelize/sequelize · scan | 6.44 | 9 | 41 | 9/30/2 | $5.25 | $4,723 |
| 36 | - | biomejs/biome · scan | 6.78 | 25 | 165 | 12/114/39 | $0.64 | $576 |
| 37 | - | denoland/deno · scan | 8.18 | 11 | 99 | 0/81/18 | $21.76 | $19,584 |
| 38 | - | parcel-bundler/parcel · scan | 8.25 | 6 | 52 | 0/47/5 | $0.90 | $806 |
| 39 | - | axios/axios · scan | 9.63 | 8 | 53 | 12/41/0 | $2.88 | $2,592 |
| 40 | - | remix-run/remix · scan | 13.63 | 8 | 111 | 0/107/4 | $3.20 | $2,880 |
Methodology. Each repo's
.github/workflows/*.yml
is fetched fresh from the GitHub public API daily. ci-doctor
emits findings against 14 rules. Score = (errors×3 + warns×1 +
info×0.5) / workflow_count. Cost columns assume 8 min/job, 30
runs/day, GitHub-hosted standard ubuntu-latest pricing.
Trend column compares to the previous day's snapshot. Self-hosted and
large-runner jobs are not priced.
This is not an attack on any of these projects. They all ship excellent
software. The point of a public, ranked, daily-updated leaderboard is
that the same patterns show up everywhere, and seeing real
numbers is more useful than abstract advice. To request removal from
the list, open an issue on
depmedicdev-byte/depmedicdev-byte.github.io.