Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
knome 5 hours ago

>there is no point in code-reviewing ai-generated code

the idea that you should just blindly trust code you are responsible for without bothering to review it is ludicrous.

jen20 4 hours ago | parent | next [-]

(I mostly agree with you, but) devils advocate: most people already do that with dependencies, so why not move the line even further up?

batshit_beaver 3 hours ago | parent | next [-]

Because you trust that your dependencies are not vibe coded and have been reviewed by humans.

bdangubic 3 hours ago | parent [-]

except they are vibe-or-not coded by some dude in Reno NV who wouldn’t pass a phone screen where you work

batshit_beaver an hour ago | parent [-]

I'd trust that dude over professional leetcoders any day.

But you're right that trust is a complicated thing and often misplaced. I think as an industry we're always reevaluating our relationship with OSS, and I'm sure LLMs will affect this relationship in some way. It's too early to tell.

almostdeadguy 3 hours ago | parent | prev [-]

There's a reputational filtering that happens when using dependencies. Stars, downloads, last release, who the developer is, etc.

Yeah we get supply chain attacks (like the axios thing today) with dependencies, but on the whole I think this is much safer than YOLO git-push-force-origin-main-ing some vibe-coded trash that nobody has ever run before.

I also think this isn't really true for the FAANGs, who ostensibly vendor and heavily review many of their dependencies because of the potential impacts they face from them being wrong. For us small potatoes I think "reviewing the code in your repository" is a common sense quality check.

eclipxe 4 hours ago | parent | prev [-]

Why?

fl4regun 3 hours ago | parent [-]

Is this a serious question? If you are handling sensitive information how do you confirm your application is secure and won't leak or expose information to people who shouldn't know it?

lijok 2 hours ago | parent [-]

How do you with classic code?

hallway_monitor 2 hours ago | parent [-]

Exactly.... -> Unit tests. Integration tests. UI tests. This is how code should be verified no matter the author. Just today I told my team we should not be reading every line of LLM code. Understand the pattern. Read the interesting / complex parts. Read the tests.

GrinningFool 23 minutes ago | parent [-]

But unit and integration tests generally only catch the things you can think of. That leaves a lot of unexplored space in which things can go wrong.

Separately, but related - if you offload writing of the tests and writing of the code, how does anybody know what they have other than green tests and coverage numbers?