astral-sh/ruff vs yamato-security/hayabusa
astral-sh/ruff shows stronger signals overall
As of June 2026, ruff shows healthier maintenance signals than hayabusa. ruff rates Healthy overall while hayabusa rates Mixed. ruff was committed to today with 21+ active contributors, while hayabusa last saw a commit 1 month ago with 6+ active contributors. ruff is MIT-licensed while hayabusa is AGPL-3.0-licensed. Neither has known critical or high-severity CVEs in its dependency tree.
Informational only. RepoPilot summarises public signals at the time of analysis. Not professional, security, or legal advice.
astral-sh/ruff →
Healthy across the board
Permissive license, no critical CVEs, actively maintained — safe to depend on.
Has a license, tests, and CI — clean foundation to fork and modify.
Documented and popular — useful reference codebase to read through.
No critical CVEs, sane security posture — runnable as-is.
- ✓Last commit today
- ✓21+ active contributors
- ✓Distributed ownership (top contributor 35% of recent commits)
- ✓MIT licensed
- ✓CI configured
- ✓Tests present
Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests, cross-checked against OpenSSF Scorecard
yamato-security/hayabusa →
Mixed signals — read the receipts
copyleft license (AGPL-3.0) — review compatibility
Has a license, tests, and CI — clean foundation to fork and modify.
Documented and popular — useful reference codebase to read through.
No critical CVEs, sane security posture — runnable as-is.
- ⚠Concentrated ownership — top contributor handles 60% of recent commits
- ⚠AGPL-3.0 is copyleft — check downstream compatibility
- ✓Last commit 1d ago
- ✓6 active contributors
- ✓AGPL-3.0 licensed
- ✓CI configured
- ✓Tests present
What would improve this?
- →Use as dependency Concerns → Mixed if: relicense under MIT/Apache-2.0 (rare for established libs)
Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests
Signal-by-signal breakdown
| ruff | hayabusa | |
|---|---|---|
| Stars | 48,249 | 3,146 |
| Last commit | today | 1mo ago |
| License | MIT | AGPL-3.0 |
| Open issues | 2,036 | 35 |
| Has tests | ✓ | ✓ |
| Has CI | ✓ | ✓ |
| Test coverage | 100% | 100% |
| Dependency CVEs | No CVEs | No CVEs |
| Architecture grade | — | — |
| Cycles | — | — |
| Bottom-line | Healthy signals | Mixed signals |
Want the full analysis? astral-sh/ruff · yamato-security/hayabusa
Ask AI about astral-sh/ruff vs yamato-security/hayabusa
Open the chat with a comparison question pre-filled.