I started building a project by trying to wire in existing open source stuff. When I looked at the build and stuff that would cause me to bring in, and the actual stuff I needed from the open source tools, it turned out to be MUCH faster/cleaner to just get Claude to check out the repo and port the stuff I needed directly.

Now I do a calculus with dependencies. Do I want to track the upstream, is the rigging around the core I want valuable, is it well maintained? If not, just port and move on.

▲

ghuntley 8 days ago | parent [-]

> If not, just port and move on.

Exactly the point behind this post https://ghuntley.com/libraries/

	▲	huksley 7 days ago \| parent [-]
		Generated by AI libraries will by definition have all the security bugs you might encounter in the open, since it trains on them. I would say, it is better maintain your own AI improved forks of the libraries and I am hoping that pattern will be more common and will also benefit upstream libraries as well.