To be fair, who cares about ai slop websites? To be honest, they're often better than the average webdev garbage. Language runtimes are held to a much, much, higher standard.

I would trust a zig -> rust translation far less if it didn't make liberal use of unsafe, because that implies an order of magnitude more aggressive refactoring

Depends on who vibe codes it. At the end of the day the Bun developers are the ones responsible for the quality of their software. If they've reviewed the code closely, tested it, and eat their own dog food, then I don't see why I should treat it any different from any other untrusted 3p dependency.

IMO, the main problem with vibe coding is that it empowers reckless behavior at companies like Microsoft, and that people with no serious investment in outcomes are empowered to make things. Does that apply to Anthropic? The Bun team? It's not 100% clear yet.

They obviously haven't closely reviewed the code. That's the point

Why is that obvious? Wouldn't surprise me either, but I don't think it's obvious, unless I missed some "confession" or something.

It's 1 million LoC they merged in a week. And that's only the final state. It's going to be much, much more if you include changes in individual commits. 6,755 commits were pushed to the PR branch, including dozens that were made shortly before the branch was merged to main. There's not a chance that anyone has read the code in any significant portion, or even in the future, because people who review code don't merge to main before they do so.

> There's not a chance that anyone has read the code in any significant portion

Sure, but that wasn't really the question, the question was why it's obvious no-one or no-thing have closely reviewed the code? Given they use LLMs to produce the code, wouldn't surprise me if they used LLMs to review it too, and I don't see it as unfeasible to be able to review a lot of code on a lot shorter timeframe.

It's not like they're doing something unique or novel, they even had an implementation in another language they knew did the right thing, so all the review would have to do, would be to make sure it's the same in the new language.

Don't get me wrong, again, probably there is plenty of mistakes in there, and might catch on fire when run in the wrong way, but I still don't think it's obvious how they've done things, unless you have insights into their process which seems clear to me now that you don't.

It was a straight answer to a straight question:

> They obviously haven't closely reviewed the code. That's the point

You asked why.

If Bun’s maintainers truly reviewed it, they would've had to read at least 6k lines per hour for a full week without a break. No one can claim in good faith that could possibly have happened.

Bun is now a black box consisting of million lines of largely unread code. No amount of "you don't know the whole story" lawyering or endless demands for "proof" of the obvious will change that.

The scope of the issue goes far deeper than "there might be some mistakes." Because what happened with the rewrite isn't engineering. Engineering applies the scientific method and rigorous verification to real world problems. It surely isn't about trusting a digital genie's "guarantees" that "all is fine." All aspects of LLM output is undefined behavior, and Bun blindly accepted million lines of code generated from it.

Before anyone brings it up again, tests aren't a sufficient defense. They only catch a tiny subset of the infinite possible failures. Modern software development still depends on developers understanding the code they produce.

Then you would expect to see several related CVEs and outages related to this? How many? Would you be willing to bet on it?

Sometimes you gotta let people know how awesome you are. The real question is if you're misrepresenting yourself(all marketing, no substance).

No one really "needs" anything. You can live perfectly well on minimum wage. But really, you could survive perfectly well as a slave. Infact, the world is content for you to die and get nothing. All "need" is "want". All you deserve is what you have leverage for.

This is a global audience. Define 'minimum wage'

This comment feels like playing stupid to such an absurd degree that the argument loses any semblance of thought and you sound like you're yelling at clouds.

Obviously being a slave is not the same as being a millionaire. If you make your argument this reductionist then you don't even sound human anymore, let alone well reasoned.

You absolutely cannot live perfectly well on minimum wage lmao

What you mean is that you can't have everything you want on minimum wage

No, i mean precisely "you can't live perfectly well on minimum wage" -- housing is not a want

Do you not trust your teammates? LGTM click merge

After getting to the point where vibe coded slop is getting pushed to production it's not clear to me if a future where AI can replace me is a worse future than we have now.

Yeah just say horse radish geeze

You're missing a syllable

I told my PM they can send me PRs if I can send them PRs for review.

Hah, that's a good one. Though with the current vibe (pun intended), I think they would actually be ok "reviewing" it.

Several thoughts went through my head before I realized what's wrong:

1. I guess longer caching means more stale data, which is why it's a downgrade? 2. Maybe this isn't the TTL I thought it was? 3. Maybe this isn't the cache I thought?

Then I clicked on the link and realized I had been mislead my the title.