Software EngineeringBy Stefano SalvucciJune 9, 20264 min read

Niubi Guard: Open-Source Defense Against GitHub Abuse

New open-source tool detects spam and abuse on GitHub repositories, key for securing AI-related projects with Node.js/Python.

Niubi Guard Overview

Albert-Weasker published

niubi_guardAlbert-Weasker
View on GitHub โ†’
on GitHub. The project provides an open-source system that detects spam, harassment, and coordinated abuse in repositories. It includes a web UI, CLI, and configurable AI detection. The repository appeared on GitHub Trending with 239 stars and 113 forks at the time of listing. Actions such as issue deletion or user blocking remain disabled by default.

Installation and Configuration

The CLI installs through npm. Run npm install -g niubi-guard followed by niubi-guard init to generate a configuration file based on guard.config.example.json. The setup supports Docker via the included Dockerfile. Configuration covers detection signals, allowlists, model endpoints, prompts, and confidence thresholds. Dry-run mode executes by default. Explicit enablement of apply mode activates response actions like close, lock, or block.

The stack combines a Next.js frontend with Node.js backend components. TypeScript definitions sit in tsconfig.json and tsconfig.build.json. Source files reside in src and app directories, while tests occupy a dedicated tests folder. Multilingual support covers English and Simplified Chinese in the UI and documentation.

Detection and Response Mechanics

Detection combines keyword matching, username checks, and an OpenAI-compatible model. Each flagged item receives labels, evidence excerpts, AI confidence scores, and planned actions. Maintainers set their own base URL, API key, model name, and threshold. The system logs every decision with traceable reasons.

Response actions stay off until configured. Available operations include delete, close, lock, block, and interaction limits. Coordinated abuse patterns receive priority over standard promotion activity. The project ships under the Apache-2.0 license with separate files for code of conduct, security policy, and contribution guidelines.

Trade-offs for Maintainers

Self-hosting gives full control over data and model choices but requires ongoing maintenance of the Next.js application and database. The hosted option at niubistar.com/guard removes setup steps yet removes the ability to inspect or modify the detection logic locally. Configuration complexity rises when custom prompts or multiple signals are added. The transparent logging helps audit decisions, yet false positives still demand manual review before apply mode runs.

FAQs

Does Niubi Guard require an OpenAI key? No. Any OpenAI-compatible endpoint works, including local models that expose the same API format.

Can actions run automatically without review? Only after apply mode is enabled in the configuration and the maintainer accepts the dry-run output.

Is the project limited to English repositories? The first release includes Simplified Chinese support in the UI and documentation, with detection rules that can target any language through custom keywords or prompts.

---

๐Ÿ“– Related articles

Need a consultation?

I help companies and startups build software, automate workflows, and integrate AI. Let's talk.

Get in touch
#github#open-source#security#abuse-detection
โ† Back to blog