| ▲ | rvz a day ago | |
There are worse things to mention about OneCLI as it looks like a completely vibe-coded mess, seeing that CLAUDE.md and Claude itself being one of the contributors [0] Perhaps the most damning discovery is that they don't even do basic dependency pinning [1] [2] which just risks another supply chain attack. As soon as I saw that, that was everything I needed to know about the project. No security audit whatsoever and Bitwarden believes this is something worth integrating. [0] https://github.com/onecli/onecli/graphs/contributors [1] https://github.com/onecli/onecli/blob/main/packages/ui/packa... [2] https://github.com/onecli/onecli/blob/main/packages/db/packa... | ||
| ▲ | lucideer a day ago | parent [-] | |
Having agents contribute to a tool designed for agentic coding is thoroughly unsurprising - if anything, your contributor link showing that 873 LoC were written by Claude, in a project with tens of thousands of lines contributed, seems to show far fewer agentic contributions than I would normally expect. It seems far from vibe coded looking at those stats alone. The lack of package pinning is unfortunate but common enough that I'd simply open a ticket (& expect them to address it) rather than writing off the entire project. The lack of a security audit for a project this young is also unsurprising & hardly notable. | ||