That is because I've noticed the AI just edits the version management files (package.json, cargo.toml, etc) directly instead of using the build tool (npm add, cargo add), so it always hallucinates a random old version that's found in its training set. I explicitly have to tell the AI to use the build tool whenever I use AI.

▲

computerex 6 hours ago | parent | next [-]

I was LITERALLY thinking the other day of a niche tool for engineers to help them discover and fix this in the future because at the rate I have seen models version lock dependencies I thought this is going to be a big problem in the future.

▲

ljm 5 hours ago | parent | next [-]

You can do prompt injection through versions. The LLM would go back to GitHub in its endless attempt to people please, but dependency managers would ignore it for being invalid.

▲

mikestorrent 5 hours ago | parent | prev | next [-]

Bigger companies have vulnerability and version management toolsets like Snyk, Cycode, etc. to help keep things up to date at scale across lots of repos.

▲

satvikpendem 6 hours ago | parent | prev | next [-]

Just use Dependi or similar VSCode extensions, they'll tell you if dependencies are outdated.

▲

6 hours ago | parent | prev | next [-]

[deleted]

▲

solid_fuel 3 hours ago | parent | prev [-]

No need to build a tool for it, engineers can avoid the whole issue by simply avoiding slop-spewing code generation tools. Hell, just never allow an LLM to modify the dependency configuration - if you want to use a library, choose and import it yourself. Like an engineer.

	▲	callc 2 hours ago \| parent [-]
		Proposal to not tarnish the good name of actual engineers: slopgineers. Maybe LLemgineers? Slopgrammers?

▲

bn-l 8 hours ago | parent | prev [-]

It’s interesting that they don’t even know this

	▲	notatallshaw 6 hours ago \| parent [-]
		I assume lock and dependency files are in the training data, so predicting version number tokens have high probabilities associated with them.