huggingface/transformers vs programthink/zhao
huggingface/transformers shows stronger signals overall
As of June 2026, transformers shows healthier maintenance signals than zhao. transformers rates Healthy overall while zhao rates Concerns. transformers was committed to today with 53+ active contributors, while zhao last saw a commit 4 years ago with 1+ active contributor. transformers is Apache-2.0-licensed while zhao is GPL-3.0-licensed. Neither has known critical or high-severity CVEs in its dependency tree.
Informational only. RepoPilot summarises public signals at the time of analysis. Not professional, security, or legal advice.
huggingface/transformers →
Healthy across the board
Permissive license, no critical CVEs, actively maintained — safe to depend on.
Has a license, tests, and CI — clean foundation to fork and modify.
Documented and popular — useful reference codebase to read through.
No critical CVEs, sane security posture — runnable as-is.
- ✓Last commit today
- ✓53+ active contributors
- ✓Distributed ownership (top contributor 7% of recent commits)
- ✓Apache-2.0 licensed
- ✓CI configured
- ✓Tests present
Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests, cross-checked against dependency CVEs from deps.dev and OpenSSF Scorecard
programthink/zhao →
Looks unmaintained — solo project with stale commits
copyleft license (GPL-3.0) — review compatibility; last commit was 5y ago…
no tests detected; no CI workflows detected…
Documented and popular — useful reference codebase to read through.
last commit was 5y ago; Scorecard "Branch-Protection" is 0/10…
- ⚠Stale — last commit 5y ago
- ⚠Solo or near-solo (1 contributor active in recent commits)
- ⚠GPL-3.0 is copyleft — check downstream compatibility
- ⚠No CI workflows detected
- ⚠No test directory detected
- ⚠Scorecard: marked unmaintained (0/10)
- ⚠Scorecard: default branch unprotected (0/10)
- ✓GPL-3.0 licensed
What would improve this?
- →Use as dependency Concerns → Mixed if: relicense under MIT/Apache-2.0 (rare for established libs); 1 commit in the last 365 days
- →Fork & modify Mixed → Healthy if: add a test suite
- →Deploy as-is Mixed → Healthy if: 1 commit in the last 180 days; bring "Branch-Protection" to ≥3/10 (see scorecard report)
Computed from maintenance signals — commit recency, contributor breadth, bus factor, license, CI, tests, cross-checked against OpenSSF Scorecard
Signal-by-signal breakdown
| transformers | zhao | |
|---|---|---|
| Stars | 161,971 | 13,984 |
| Last commit | today | 4y ago |
| License | Apache-2.0 | GPL-3.0 |
| Open issues | 2,460 | 384 |
| Has tests | ✓ | — |
| Has CI | ✓ | — |
| Test coverage | 5% | 0% |
| Dependency CVEs | No CVEs | No CVEs |
| Architecture grade | — | — |
| Cycles | — | — |
| Bottom-line | Healthy signals | Concerns signals |
Want the full analysis? huggingface/transformers · programthink/zhao
Ask AI about huggingface/transformers vs programthink/zhao
Open the chat with a comparison question pre-filled.