Open-source project resilience—the capacity to recover from disruptions such as contributor attrition or security vulnerabilities—lacks validated, quantitative assessment metrics. Method: This paper proposes submission frequency stability as a core proxy metric for resilience and conducts the first systematic empirical validation of its association with project resilience. Leveraging the Composite Stability Index (CSI) framework, we perform multi-granularity (daily/weekly/monthly) stability analysis on 100 top-ranked repositories, incorporating dimensions including programming language, CI cycle duration, and release strategy. Contribution/Results: Only 2% of projects exhibit daily stability; 50% achieve monthly stability, while half remain persistently unstable. Two repositories demonstrate stability across all granularities—revealing that high commit frequency does not imply high stability. We introduce the first multidimensional stability assessment framework explicitly designed for resilience evaluation, establishing a novel paradigm for open-source governance and proactive risk forecasting.

Open source software (OSS) generates trillions of dollars in economic value and has become essential to technical infrastructures worldwide. As organizations increasingly depend on OSS, understanding project evolution is critical. While existing metrics provide insights into project health, one dimension remains understudied: project resilience -- the ability to return to normal operations after disturbances such as contributor departures, security vulnerabilities, and bug report spikes. We hypothesize that stable commit patterns reflect underlying project characteristics such as mature governance, sustained contributors, and robust development processes that enable resilience. Building on the Composite Stability Index (CSI) framework, we empirically validate commit frequency patterns across 100 highly ranked repositories. Our findings reveal that only 2% of repositories exhibit daily stability, 29% achieve weekly stability, and 50% demonstrate monthly stability, while half remain unstable across all temporal levels. Programming languages and blockchain applications were the most stable. We identified two exemplary repositories that achieved stability at all three granularities, whose governance models, CI cadence, and release policies could serve as reference frameworks. We observed that large yearly commit throughput does not necessarily correlate with stability. Beyond commits, stability can be enriched with issue-resolution times, PR merge rates, and community-engagement metrics to broaden resilience assessment and sharpen stability-based risk evaluation.