> That doesn't mean there's a problem with the code, only with the documentation.

I disagree. If the obvious way to use an API is the incorrect way, there is a problem with the code.

If you must call A each time before calling B, drop A and have B do both things.

If you must call A once before calling B, make A return a token that you then must pass to B to show you called A.

As another example, look at https://blog.trailofbits.com/2026/02/18/carelessness-versus-... (HN discussion: https://news.ycombinator.com/item?id=47060334):

“Two popular AES libraries, aes-js and pyaes, “helpfully” provide a default IV in their AES-CTR API, leading to a large number of key/IV reuse bugs. These bugs potentially affect thousands of downstream projects.”

Would you call that “poor code style that could theoretically lead to a bug in the future”, too?

[dead]