HackerTrans
TopNewTrendsCommentsPastAskShowJobs

indutny

no profile record

Submissions

Petition to Node.js TSC: No AI Code in Node.js Core

github.com
13 points·by indutny·vor 4 Monaten·1 comments

comments

indutny
·vor 4 Monaten·discuss
> The real risk with LLM-generated code is that it looks plausible but hasn't gone through the same level of scrutiny. It passes a quick review because it reads well, but edge cases get missed.

Precisely! Because the code is made to believable the risk of accepting it without understanding full implications is very high.

> If the answer is "the same review process we've always had" then the problem isn't AI, it's whether that process is rigorous enough for the stakes involved.

True, but there is also a reputational component to how changes are reviewed (whether we like it or not). The longer the tenure and the deeper the understanding of the changed code is - the chance of careless Pull Request gets lower.
indutny
·vor 4 Monaten·discuss
I appreciate hearing your point of view on this. In my opinion the future of Open Source and AI assisted coding is a much bigger issue, and different people have different levels of confidence in both positive and negative outcomes of LLM impact on our industry.

It is great to have a legal perspective on compliance of LLM generated code with DCO terms, and I feel safer knowing that at least it doesn't expose Node.js to legal risk. However it doesn't address the well known unresolved ethical concerns over the sourcing of the code produced by LLM tooling.
indutny
·vor 4 Monaten·discuss
The submitted code must adhere to either of (a), (b), (c), and separately a (d) clause of: https://github.com/nodejs/node/blob/main/CONTRIBUTING.md#dev...

If submitter picks (a) they assert that they wrote the code themselves and have right to submit it under project's license. If (b) the code was taken from another place with clear license terms compatible with the project's license. If (c) contribution was written by someone else who asserted (a) or (b) and is submitted without changes.

Since LLM generated output is based on public code, but lacks attribution and the license of the original it is not possible to pick (b). (a) and (c) cannot be picked based on the submitter disclaimer in the PR body.
indutny
·vor 4 Monaten·discuss
As someone who was a part of the aforementioned security team I'm not sure I'd be interested in reviewing such volume of machine generated code, expecting trap at every corner. The implicit assumption that I observed at many OSS projects I've been involved with is that first time contributions are rarely accepted if they are too large in volume, and "core contributor" designation exists to signal "I put effort into this code, stand by it, and respect everyone's time in reviewing it". The PR in the post violates this social contract.
indutny
·vor 4 Monaten·discuss
Taking the question of whether this would be a useful addition to Node.js core or aside, it must be noted that this 19k LoC PR was mostly generated by Claude Code and manually reviewed by the submitter which in my opinion is against the spirit of the project and directly violates the terms of Developer's Certificate of Origin set in the project's CONTRIBUTING.md