| ▲ | computerex 6 hours ago | |||||||
I was LITERALLY thinking the other day of a niche tool for engineers to help them discover and fix this in the future because at the rate I have seen models version lock dependencies I thought this is going to be a big problem in the future. | ||||||||
| ▲ | ljm 5 hours ago | parent | next [-] | |||||||
You can do prompt injection through versions. The LLM would go back to GitHub in its endless attempt to people please, but dependency managers would ignore it for being invalid. | ||||||||
| ▲ | mikestorrent 5 hours ago | parent | prev | next [-] | |||||||
Bigger companies have vulnerability and version management toolsets like Snyk, Cycode, etc. to help keep things up to date at scale across lots of repos. | ||||||||
| ▲ | satvikpendem 6 hours ago | parent | prev | next [-] | |||||||
Just use Dependi or similar VSCode extensions, they'll tell you if dependencies are outdated. | ||||||||
| ▲ | 6 hours ago | parent | prev | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | solid_fuel 3 hours ago | parent | prev [-] | |||||||
No need to build a tool for it, engineers can avoid the whole issue by simply avoiding slop-spewing code generation tools. Hell, just never allow an LLM to modify the dependency configuration - if you want to use a library, choose and import it yourself. Like an engineer. | ||||||||
| ||||||||