Rocket.Chat’s interesting signal is not raw popularity. It is release discipline under a security-heavy product posture. ToolVitals sees 12 release events in 30 days, 30 GitHub releases in 90 days, a 100 shipping score, a 100 health score, and 45,297 GitHub stars.

That matters because Rocket.Chat is not pitching itself as another team chat app. Its homepage now frames the product as a Secure CommsOS for defense, intelligence, critical infrastructure, and other mission-critical environments. The public repo says the same thing, and the 8.4.0 release notes back up the direction with security, compliance, access control, voice, and admin changes.

The 8.4.0 release is the clearest recent data point. It adds mobile voice calling context, Virtru as a policy decision point for ABAC, SAML logout validation work, sensitive-field redaction for app logs, RBAC fixes around app log access, image previews, alt text on uploads, and cold storage for read receipts. That is not a toy feature drop. It is a product hardening cycle wrapped around controlled communications.

The patch cadence tells the same story. On April 13, Rocket.Chat shipped security hotfix releases across 7.10.10, 7.11.7, 7.12.7, and 7.13.6. ToolVitals keeps the count simple, 12 release events in 30 days. The first-party release pages show that a chunk of that activity was maintenance across supported lines, not just one flashy feature branch.

The signal: secure comms products need boring speed

Rocket.Chat’s public positioning has narrowed around environments where control matters more than novelty. The homepage calls out on-prem, air-gapped, secure cloud, auditability, identity controls, data retention, and deployment in classified networks. Its May 2026 8.4 announcement focuses on mobile voice staying inside approved infrastructure and channel access reflecting live identity attributes.

That is the bet: chat is not the center of the story. Governance is.

The GitHub data supports that bet without proving adoption. A 94 ToolVitals score says Rocket.Chat is active and healthy by observable maintenance signals. A 100 shipping score says the release stream is alive. The 45,297 stars show long-running public GitHub visibility, but stars do not tell you who is deploying it in production.

What ToolVitals cannot infer

ToolVitals can see release events, GitHub stars, score history, uptime-style checks, SSL signals, and public activity. It cannot inspect private customer deployments. It cannot tell whether Rocket.Chat’s access controls are configured correctly inside a real organization. It cannot measure user satisfaction, support quality, revenue, retention, or security outcomes.

That distinction matters here. Rocket.Chat’s claims are serious. The website talks about high-security environments, sovereign infrastructure, and classified-network use cases. ToolVitals can confirm that the project is shipping and that the public release notes match the security-and-control theme. It cannot independently certify those claims.

Evidence is solid for maintenance velocity and product direction. Evidence is thinner for real-world operational quality, because that data lives behind enterprise deployments and customer security reviews.

Comparisons

Mattermost is the closest comparison in the supplied related tools. ToolVitals shows Mattermost at 36,687 GitHub stars, a 208.9 hot score, a 100 shipping score, and 12 release events in 30 days. Rocket.Chat is slightly hotter at 210.2, has more stars at 45,297, and matched Mattermost’s 12 release events in the same window.

Notesnook is a weaker comparison because it sits in communication but serves a different use case. Still, the activity gap is clear: 14,040 stars, a 193.1 hot score, and 5 release events in 30 days. Rocket.Chat is shipping more frequently by ToolVitals’ release-event view.

The bigger takeaway is that Rocket.Chat is not winning on velocity alone. n8n shows 51 release events in 30 days and LangChain shows 32, but those are different categories with different release mechanics. For Rocket.Chat, the notable part is high release activity inside a security-sensitive communication product.

Recommendation

If your team needs self-hosted or controlled communications for regulated, defense, public-sector, or critical-infrastructure work, evaluate Rocket.Chat because the public signals match that use case: 12 release events in 30 days, 30 releases in 90 days, a 100 health score, and recent 8.4 work focused on voice, ABAC, logging, RBAC, and storage controls.

Do not choose it from metrics alone. Use ToolVitals as the maintenance filter, then test the hard parts yourself: deployment model, identity integration, audit needs, mobile voice behavior, upgrade process, and security review fit.

Sources