alt Hacker NewsWouldn't that be worse? With dependencies, it's at least possible that someone else has audited the code, but with a vibe-coded from scratch app, it's definitely totally unreviewed.
Replies
Kiro • yesterday at 7:00 PM
You only add what you need instead of importing some bloated dependency. That means you can actually review the code yourself.
➕ show 1 reply
I never said AI code should be "unreviewed". I'm saying that instead of pulling in axios or requests (as a contrived example) to make HTTP requests, just use AI to generate some vanilla JS/Python that has the exact subset of functionality you need. Your code has fewer dependencies, CVE surface area, etc, wins all around.