HackerTrans
TopNewTrendsCommentsPastAskShowJobs

duriantaco

3 karmajoined last year
github.com/duriantaco

Submissions

[untitled]

1 points·by duriantaco·2 months ago·0 comments

Why so many tools getting hacked? Tanstack, Mistral, Grafana?

techcrunch.com
1 points·by duriantaco·2 months ago·1 comments

[untitled]

1 points·by duriantaco·2 months ago·0 comments

[untitled]

1 points·by duriantaco·2 months ago·0 comments

[untitled]

1 points·by duriantaco·2 months ago·0 comments

[untitled]

1 points·by duriantaco·3 months ago·0 comments

[untitled]

1 points·by duriantaco·4 months ago·0 comments

[untitled]

1 points·by duriantaco·4 months ago·0 comments

Show HN: Skylos – A Python dead code finder benchmarked against 9 libraries

skylos.dev
3 points·by duriantaco·4 months ago·1 comments

[untitled]

1 points·by duriantaco·5 months ago·0 comments

Ask HN: Why dead code detection in Python is harder than most tools admit

6 points·by duriantaco·5 months ago·3 comments

[untitled]

1 points·by duriantaco·7 months ago·0 comments

[untitled]

1 points·by duriantaco·8 months ago·0 comments

[untitled]

1 points·by duriantaco·8 months ago·0 comments

[untitled]

1 points·by duriantaco·9 months ago·0 comments

[untitled]

1 points·by duriantaco·9 months ago·0 comments

[untitled]

1 points·by duriantaco·10 months ago·0 comments

comments

duriantaco
·17 hours ago·discuss
https://github.com/duriantaco/ravage. Working on an autonomous pentester!
duriantaco
·2 months ago·discuss
[dead]
duriantaco
·2 months ago·discuss
[dead]
duriantaco
·3 months ago·discuss
should log the journey down and os it!
duriantaco
·3 months ago·discuss
cool. did you test it on a 4090? how does it stack up?
duriantaco
·4 months ago·discuss
Hi HN, im the author of Skylos. We built it because traditional static analyzers (like Vulture) fall apart on modern, dynamic Python frameworks like FastAPI and Pydantic. Don't get me wrong, vulture is really really good. However, in some frameworks, they either miss a ton of dead code or throw you a lot of false positives.

So.. built a hybrid AST + LLM analyzer. We just benchmarked it against 9 popular open-source libraries to see how the data actually compares in the real world.

This is our github: github.com/duriantaco/skylos and https://github.com/duriantaco/skylos-demo this is to our benchmark. the blog post above is essentially the summary

Happy to answer any questions or hear your critiques on the methodology!
duriantaco
·5 months ago·discuss
First off, thanks a lot for taking the time to run Skylos against its own repo! Getting those flagged at confidence=60 is why deeper framework awareness is an immediate priority for us.

The 2 pass approach with Swynx is cool! Doing a BFS for file-level reachability first to sidestep the AST dynamic dispatch nightmare makes sense. If the module isnt even in the import graph then the confidence is practically 100%. And great callout on `__getattr__` and `importlib`.. Those dynamic edge cases are really sleeper problems for Python static analysis.

Thanks for the check on the pytest hooks and for sharing the Swynx architecture! It’s great to see how you guys tackled the dynamic nature of Python.