Hi Hacker News — I’m the maintainer of pompelmi, a Node.js malware-scanner library/CLI for protecting file uploads. One thing I learned the hard way: stars come from consistency, not a 3-day promotion sprint. It took me ~2 months to reach the first 100 stars, with daily outreach and steady shipping. Crossing 400+ happened after repeating the same loop over and over. What worked for me Daily, honest promotion (but not spam): sharing progress on communities like Reddit, Dev.to, etc. Not “look at my repo”, but “here’s a real problem + what I built + what I learned”. Newsletter outreach after the first traction (100–200 stars): I started emailing code newsletters asking for feedback and whether it was a fit. Law of big numbers: send 50, maybe 5 reply, maybe 2 feature you — but those 2 can change everything (I had noticeable star spikes). Ship constantly: I tried to release at least a small update weekly (or every ~2 weeks). Even micro-releases keep momentum and help credibility. Website + docs + demo: I built a small blog site explaining the approach and implementation details, and a demo site so people can try the product quickly without setup friction. README polish matters: badges (coverage, downloads, etc.), clear snippets, diagrams/flowcharts, and translations. It’s basically your landing page. Ask for contributors (clearly): once the project was stable enough, I added contributor guidance so people could help without needing a lot of hand-holding. Biggest lesson Patience beats hacks. If you keep improving the product and making it easy to understand/try, the distribution channels start working for you instead of you pushing forever. Repo: https://github.com/pompelmi/pompelmi� Happy to answer questions about outreach, docs, what I’d do differently, or what I’m building next.