Vibe coding has us all boxing above our class. All the open source ultimately trained the machine and you hand over the reign to its masters. With custom built libs you give up on all the audit and careful considerations that went into them.
Login to reply
Replies (3)
The problem is you can't tell now. It might be there was no audit or careful considerations, just someone dumped vibes in their GitHub.
And it's very probably that they were worse coders than me. Which shows also in vibe coded projects. Because it makes a huge difference what you ask the models to do...
You still trust the LLM more than the other maintainer. For each individual library that's probably a sane approach but collectively we are so screwed if the machine's master turns against us and builds backdoors into our products.
That's game theoretically improbable.
I usually audit the code with a different model and they're pretty good at it. They want to be selling tokens and putting backdoors at scale would kill their business for backdoors in some unimportant shit :)
I would actually dare them to do it, they would win the business equivalent of Darwin's prize.