Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
krig 5 hours ago

This announcement made me check in on the arbitrary code execution bug I reported that the Bun Claude bot created a PR for about 3 weeks ago:

https://github.com/oven-sh/bun/pull/24578

So far, someone from the bun team has left a bunch of comments like

> Poor quality code

...and all the tests still seem to be failing. I looked through the code that the bot had generated and to me (who to be fair is not familiar with the bun codebase) it looks like total dogshit.

But hey, maybe it'll get there eventually. I don't envy "taylordotfish" and the other bot-herders working at Oven though, and I hope they get a nice payout as part of this sale.

bopbopbop7 5 hours ago | parent [-]

So you pushed a PR that breaks a bunch of tests, added a 5 layer nested if branch block that mixes concerns all over the place, then ignored the reviewer for three weeks, and you’re surprised they didn’t approve it?

Master_Odin 4 hours ago | parent | next [-]

The OP directly says:

> that the Bun Claude bot created a PR for about 3 weeks ago

The PR with bad code that's also been ignored was made by the bot that Bun made, and brags about in their acquisition post.

krig 3 hours ago | parent | prev | next [-]

I just reported the bug, it was the bot that was proudly mentioned in the announcement which created the PR and the code...

4 hours ago | parent | prev | next [-]
[deleted]
throwaway290 5 hours ago | parent | prev [-]

> So you pushed a PR that breaks a bunch of tests, added a 5 layer nested if branch block that mixes concerns all over the place, then ignored the reviewer for three weeks, and you’re surprised they didn’t approve it?

...Did you miss the part where Bun used Claude to generate that PR?:)

simonw 5 hours ago | parent | next [-]

I misinterpreted that first comment too. To clarify:

1. User krig reports an issue against the Bun repo: https://github.com/oven-sh/bun/issues/24548

2. Bun's own automated "bunbot" filed a PR with a potential fix: https://github.com/oven-sh/bun/pull/24578

3. taylordotfish (not an employee of Bun as far as I can tell, but quite an active contributor to their repo) left a code review pointing out many flaws: https://github.com/oven-sh/bun/pull/24578#pullrequestreview-...

krig 3 hours ago | parent [-]

Right, this is accurate. Except I thought taylordotfish worked for bun, so I guess no one at bun has looked at it at all then.

bopbopbop7 5 hours ago | parent | prev [-]

I did.