Do you read every single line of code of every single dependency you have ? I do... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lm28469 on Jan 7, 2025 \| parent \| context \| favorite \| on: How I program with LLMs Do you read every single line of code of every single dependency you have ? I don't see how llms are more of a threat than a random compromised npm package or something from a OS package manager. Chances are you're already relying on tons and tons of "trust me bro" and "it's opensource bro don't worry, just read the code if you feel like it"

aulin on Jan 7, 2025 [–]

One thing is consciously sharing IP with third parties violating contracts, another is falling victim of malicious code in the toolchain.

Npm concern though suggests we likely work in very different industries so that may explain the different perspective.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact