：Code submit frequency
：React/respond to issue & PR etc.
：Well-balanced team members and collaboration
：Recent popularity of project
：Star counts, download counts etc.
Please treat the repository author to a cup of cafe.
The attacker reads the uploaded picture Trojan through the vulnerability interface, and then writes to the website root directory to get the webshell.