Comment by fifticon

as others have warned.. a scary counterexample is the npm ecosystem, where people are gaming it with questionable npm package spam, to get the 'astroturf footprint' of being the author of widely installed packages. (which get their footprint by piggybacking on actual useful packages, akin to stapled-together law packages in the us congress).